Open Firewall Ports for Session Access

May 2023

There are many ways to connect to dCloud sessions. Today, we recommended Meraki. While some legacy routers are permitted, many are soon becoming obsolete because of the simplicity and benefits Meraki routers and endpoints provide.

Also See: Get a Meraki MX Router for dCloud Use.

A Cisco Meraki Device must be able to communicate with the Cisco Meraki cloud (dashboard) over a secure tunnel. This tunnel is created between Cisco Meraki devices and dashboard to pass management and reporting traffic in both directions. 

Table 1 is in progress.

Table 1.    Meraki Ruleset Required for dCloud

Table 2. Supported Meraki Endpoints

Meraki Details and Troubleshooting

To learn more about Meraki Firewall rules and services, review:

• Get a Meraki MX Router for dCloud Use
• Upstream Firewall Rules for Cloud Connectivity
• Configuration and Troubleshooting
• MV Firewall Requirements
• Cisco Meraki Developer Hub. 

If you connect to a session through a firewall, the ports that must be permitted and opened on that firewall depend on the method you use to connect to the session. The table lists dCloud access methods and the firewall port number that must be permitted to enable the communication type used by each method.

Table 1. Firewall Port to Open and Communication Type to Enable Session Access Methods

Firewall

For VPN connections (the first three access methods): When you permit a VPN connection to dCloud sessions for the specified port, you don't need to make any further modifications to the firewall.

Example: Assume you have a router that you want to connect to a dCloud session via VPN. You must permit port 443 on the firewall for the VPN to establish between your router and dCloud. When VPN is established, any device connected to your router can connect through the router directly to the active session. This is because

After the VPN is established,

all traffic to the active session will go over the VPN; however, any Internet browsing traffic is sent over the local connection. This is done by the split-tunneling setup on the router. Similarly, assume that you want to connect an endpoint device to a dCloud session using AnyConnect.

When the VPN connection is permitted across port 443 and established, all traffic between the endpoint device and the session across that VPN is allowed.

Some dCloud content may require that additional firewall ports be opened for specific communication types. Those port numbers will be provided in the content documentation or the Help for that architecture.

Meraki is Recommended

As Meraki endpoints & routers are now recommended, multiple legacy routers are moving toward retirement and some will continue to be permitted. Review these topics for helpful information:

• Supported Routers and Endpoints
• How Routers Work with dCloud
• Unsupported Router Use with dCloud
• Routers Frequently Asked Questions

Resources

Contact these teams for support:

• dCloud Support: Navigate Help content, provide Feedback to/about dCloud, & open a Ticket.
• Engage with dCloud Technical Leads for Collaboration, Data Center Virtualization, Enterprise Networks, IoT, Security, and Service Provider.

Back to top