Home > General Administration > Other Topics > Whitelisting Apple iCloud services on a restrictive firewall

Whitelisting Apple iCloud services on a restrictive firewall

Table of contents
No headers

When using restrictive Layer 3 Firewall Rules for outbound traffic on the MX Security Appliance, services such as Apple iCloud can sometimes be inadvertently blocked. The purpose of this KB is to discuss the ports Apple iCloud needs access to perform backups and access data stored on iCloud.


Figure 1. Explicit deny rule blocking iCloud traffic. 



The firewall configuration shown in Figure 1 will block all outbound traffic except TCP 80 amd TCP 443 (http and https).  A user trying to use another protocol, like UDP, or another port, like 25, will be blocked by the firewall. With these rules in place many other features will not work.




To allow iCloud to function, Apple has a list of ports which need to be allowed for iCloud to function on your client devices. The ports used by iCloud are:


TCP 25

TCP 80

TCP 443

TCP 587

TCP 993

TCP 5223

To allow the connection on these ports, use the following configuration.

Figure 2. iCloud firewall config.

Once the connections are allowed, iCloud will function and users will be able to back up their devices or pull information they have stored in iCloud.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1688

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community