Meraki

Bobby-P

Need to deploy a Teleworker on a network not under our management. Noc for this network needs to know ports teleworkers use to communicated to our Meraki firewall. What ports need to be open to allow teleworkers to connect to our network.

alemabrahao

But those are the ports, it doesn't matter the model.

Protocol Port Purpose

UDP	7351	Meraki Auto VPN
UDP	9350	Meraki Auto VPN
UDP	500	IKE (for VPN)
UDP	4500	NAT-T (for VPN)
UDP	53	DNS resolution
TCP	80	Dashboard communication (HTTP)
TCP	443	Dashboard communication (HTTPS)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

alemabrahao

You can check it under Firewall info on the dashboard.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Bobby-P

I didn't find this useful. I have also viewed this information but need to know specifically the ports used.

alemabrahao

But those are the ports, it doesn't matter the model.

Protocol Port Purpose

UDP	7351	Meraki Auto VPN
UDP	9350	Meraki Auto VPN
UDP	500	IKE (for VPN)
UDP	4500	NAT-T (for VPN)
UDP	53	DNS resolution
TCP	80	Dashboard communication (HTTP)
TCP	443	Dashboard communication (HTTPS)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

cmr

Adding to what @alemabrahao said, the ones highlighted in green are needed, the others not for a Z, only generally an MX:

Source IP	Destination IP	FQDN	Ports	Protocol	Description
Your network(s)	64.62.142.12/32, 158.115.128.0/19, 209.206.48.0/20, 216.157.128.0/20		7351, 9350-9381	UDP	Meraki cloud communication, VPN registry
Your network(s)		cloud-meraki-asn.amp.cisco.com	443	TCP	Advanced Malware Protection (AMP) Lookups
Your network(s)		cloud-meraki-est.amp.cisco.com	443	TCP	Advanced Malware Protection (AMP) Enrollment
Your network(s)	158.115.128.0/19, 209.206.48.0/20, 216.157.128.0/20	syslog.log-ingester.emea.production.insight.meraki.com	443	TCP	Insight data collection
Your network(s)	158.115.128.0/19	registry.meraki-applications.com	443	TCP	Meraki Container Registry
Your network(s)	158.115.128.0/19, 209.206.48.0/20, 216.157.128.0/20, 2606:6940:0000:0000:0000:0000:0000:0000/32, 2606:7bc0:0000:0000:0000:0000:0000:0000/32, 2620:012f:c000:0000:0000:0000:0000:0000/44		80, 443, 7734, 7752	TCP	Meraki cloud communication, Splash pages, Backup Meraki cloud communication, Backup configuration downloads, Measured throughput to dashboard.meraki.com, Backup firmware downloads
Your network(s)	0.0.0.0/0		123	UDP	NTP time synchronization
Your network(s)	8.8.8.8/32, 158.115.128.0/19, 209.206.48.0/20, 216.157.128.0/20			ICMP	Uplink connection monitor

If my answer solves your problem please click Accept as Solution so others can benefit from it.

cmr

Note this is for a particular organisation, if you go to the firewall information on your organisation it may differ, but the same rows / descriptions are the important ones for a Z3.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

Ports used by Meraki Z3 Teleworker

Ports used by Meraki Z3 Teleworker