While the Zoom Mesh service utilizes the Zoom Client for the eCDN service, there are firewall rules that must be added to ensure there are no issues when utilizing the Zoom Mesh service.
Note: These firewall rules are for both incoming and outgoing traffic, except for Parent-Child Discovery.
Purpose | Protocol | Ports |
Parent-Child Discovery | UDP (Multicast) | 224.1.1.1:36699 |
Parent-Child Control Traffic |
TCP (TLS) |
18801-19800 |
Parent-Child Media Relay |
UDP |
18801-19800 |
Note: Multicast is used within the network segment for discovery. However, multicast routing is not required or suggested.
Source | Destination | Direction |
Protocol | Port | Purpose |
Zoom Clients within an internal network | Zoom Cloud IP range | Outgoing | TCP | 443 | Authentication and joining (Direct TLS or Web Proxy**) |
Zoom Clients within an internal network | Zoom Cloud IP range | Outgoing | TCP | 443 | Client Signaling (TLS) |
Zoom Clients within an internal network | Zoom Cloud IP range | Outgoing | UDP*** | 8801* | Client Media (AES 256 GCM) |
Zoom Clients within an internal network | Local subnet | Outgoing and incoming | UDP (Multicast to 224.1.1.1)** | 36699 | Mesh Discovery |
Zoom Clients within an internal network | Zoom Clients within an internal network | Outgoing and incoming | TCP | 18801-19800 | Mesh Control |
Zoom Clients within an internal network | Zoom Clients within an internal network | Outgoing and incoming | UDP | 18801-19800 | Mesh Media |
*Note: Port separation for media (UDP 8801-8803) is supported. Adjust the firewall rule to include 8802 and 8803 if port separation is enabled.
**Note: Multicast is used within the network segment for discovery. However, multicast routing is not required or suggested.
***Note: The Zoom Client will fall back to TCP 443 if UDP 8801 is unavailable.