Firewall Configuration for Zoom Rooms
In addition to communication with Zoom cloud services, Zoom Rooms controllers and scheduling displays communicate directly over the network with their associated Zoom Rooms computer or appliance. Similarly, Zoom clients using direct share or companion audio communicate directly over the network with a Zoom Room computer or appliance. If your devices are on the same WiFi network but are still unable to connect with each other, please check the following on your WiFi router or firewall.
Firewall rules for Zoom Rooms
| Protocol | Ports | Source | Destination |
|---|
| TCP | 9090 | Zoom Room Controller | Zoom Room |
| TCP | 443 | Zoom Room Controller/Scheduler |
Zoom Cloud
|
| UDP | 3478, 3479, 8801 | Zoom Room | Zoom Cloud |
| TCP | 443 | Zoom Room | Zoom Cloud |
| TCP | 8888* | Zoom Client | Zoom Room |
| UDP | 8889* | Zoom Client | Zoom Room |
| TCP | 5590 - 5600** | Zoom Client | Zoom Room |
| UDP | 5590 - 5600** | Zoom Client | Zoom Room |
*Note: These ports are utilized for the direct share feature.
**Note: These ports are only necessary for using the companion audio feature and are not necessary for standard use of the Zoom Room client, as well as direct share and AirPlay functionality.
Additional firewall considerations
If you are utilizing calendar integration with your Zoom Rooms, the Zoom Room computer, appliance, or scheduling display needs access to the respective calendaring service, such as Microsoft Office 365 Exchange Online, Google Calendar, or Microsoft Exchange, to be able to check for calendar events and display them as upcoming meetings. Consult the calendaring system documentation for necessary URLs, protocols, and ports.
If your controller or scheduling display reports that it cannot connect to a Zoom Room and displays its IP address as 127.0.0.1, it is likely related to web proxy settings on the Zoom Room's device. You can perform one of the following steps to attempt to resolve the issue:
- Enter the correct proxy settings on the Zoom Rooms computer or appliance.
- Configure the proxy server to bypass the Zoom Rooms computer or appliance IP address.
- Check other firewalls, web filters, and proxy servers on the desktop or network.
If your controller, scheduling display and Zoom Rooms computer or appliance are all on the same WiFi network, the WiFi router/access point must permit "hairpinning" to allow the Zoom Rooms controller or scheduling display to communicate to the Zoom Rooms computer or appliance. Please consult the WiFi router/access point vendor's documentation to allow "hairpinning" between clients connected to the same WiFi network. Some vendors have features called "Client Isolation", "AP Isolation", or "Wireless Isolation", and these must be disabled to allow "hairpinning".
If you manage your Zoom Rooms devices with Zoom Device Management (ZDM) and your company network includes firewall or proxy servers, you must allow these devices to access the following URL:
* https://zdmapi.zoom.us
In addition, consult your device vendor's documentation for details on additional URLs necessary to support device firmware updates.
Related: