Zoom Meetings Hybrid module firewall requirements

To allow connections between the Zoom Meetings Hybrid module, the Zoom Node server, Zoom, and the Zoom Meeting client, the following firewall rules need to be added to your network.

Table of Contents

How to configure a firewall for the Zoom Meetings Hybrid module

If your Zoom Meetings Hybrid module is behind a firewall, please also set the following parameters:

 

ProtocolPortsSourceDestination
TCP80MeetingConnector.IP
MeetingConnector.IP2
MeetingConnector2.IP
MeetingConnector2.IP2
ocsp.digicert.com*
UDP8801, 8802, 8803Hybrid MMRs and ZCZoom’s Meetings and Webinars IP range
UDP8801, 8802, 8803Hybrid MMR-1Hybrid MMR-2*
TCP80, 443Zoom Node serverZoom’s Meetings and Webinars IP range
UDP8801, 8802, 8803***ClientHybrid MMRs
TCP80, 443Client*.zoom.us
*.zoomonprem.com
TCP80, 443ClientHybrid MMRs
TCP 443Hybrid MMRs*.zoom.us
*.zoomonprem.com
one.digicert.com
acme.digicert.com

*Note: This is only required if running internal mode

**Note: For ocsp.digicert.com, the firewall needs to allow HTTP and HTTPS traffic, as well as DNS resolution.

***Note: In addition to the listed ports, the Zoom client application will use a randomly chosen port from the ephemeral range (1024-65535) as the local source port for communication to the Hybrid MMR, as determined by the hosting operating system. Due to this, any firewall between the client and the Hybrid MMR must allow return traffic back to the client along those ports.

How to configure a firewall for Zoom Recording Hybrid services

The following ports will need to be configured to allow communication between the Zoom Node server hosting the Meeting Recorder and the NFS Storage utilized for saving recordings:

 

ProtocolPortsSourceDestination
TCP/UDP2049Zoom Node serverConfigured NFS server
TCP/UDP111Zoom Node serverConfigured NFS server
TCP/UDP20048Zoom Node serverConfigured NFS server

How to configure a firewall for the Real-time Web Gateway service

In addition to the Meeting Hybrid module firewall requirements, the following ports will need to be configured if also deploying the Real-time Web Gateway service:

 
ProtocolPortsSourceDestination
TCP443, 8801, 8802Web clientWeb Access Gateway
UDP8801-8810Web clientWeb Access Gateway
TCP443Web clientWeb Access Controller Proxy 
TCP443, 8801, 8802Web Access GatewayZoom Cloud
UDP 8801-8810Web Access GatewayZoom Cloud
TCP443Web Access Controller ProxyZoom Cloud