How do I allow ZeroTier through my corporate firewall?

There are 3 classes of nodes in a working ZeroTier system: The roots, a controller, and your devices.

Your devices need to be able to communicate directly with each other.

The difficulty for strict firewall configurations is: the my.zerotier.com controllers and your devices are on dynamic IP addresses and are listening on random UDP ports.

Default zerotier-one listening ports are:

  • 9993

  • Secondary Port, randomized each start up and after being “offline” for too long.

  • Random Port for UPnP

If you allow outgoing 9993 and incoming return traffic, you may have some luck.

For best results, a device needs be able to send to any address, on any UDP port.

 

If the NAT type is “symmetric” or “strict”, each vendor uses different terminology, it will be difficult to make direct connections. Look for Full Cone NAT, options related to VoIP, persistent NAT, etc…

Ask your vendor. Let us know what works.

 

 

See also:

https://zerotier.atlassian.net/wiki/spaces/SD/pages/6815768