Meraki

Community

Opening ports in FW for the AP CW9172I-CFG

Solved
shlomoi
Getting noticed
yesterday
yesterday

Opening ports in FW for the AP CW9172I-CFG

Hi

I'm trying to figure out which ports need to be opened in our FW for the APS CW9172I-CFG.

The dashboard shows a large number of ports and my client is afraid to open unsecured ports.
Are all the ports that appear in the dashboard really necessary,
443 is fine

do I need these too ?
80 ?
7734?
7351 ?
7752?

123?

 

 

shlomoi_1-1764450407752.png

 

Thanks

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

With modern firmware:

* tcp/443 (HTTPS) is used for all cloud communications

* tcp/80 (HTTP) is needed for retrieving CRLs for checking certificates

* udp/123 (NTP) is needed for time synchronisation - although I think most devices now synchronise over the 443 tunnel.

 

I don't think 7734, 7351, and 7752 are really needed anymore, but they are used for backup comms in case something goes wrong.  Not having those may limit the ability of the network to repair should an adverse event happen.

View solution in original post

3 Replies 3
RaphaelL
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Yes.

PhilipDAth
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

With modern firmware:

* tcp/443 (HTTPS) is used for all cloud communications

* tcp/80 (HTTP) is needed for retrieving CRLs for checking certificates

* udp/123 (NTP) is needed for time synchronisation - although I think most devices now synchronise over the 443 tunnel.

 

I don't think 7734, 7351, and 7752 are really needed anymore, but they are used for backup comms in case something goes wrong.  Not having those may limit the ability of the network to repair should an adverse event happen.

In response to PhilipDAth
shlomoi
Getting noticed
3 hours ago
3 hours ago

Thanks

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.