How do I allow ZeroTier through my corporate firewall?

There are 3 classes of nodes in a working ZeroTier system: The roots, a controller, and your devices.

Your devices need to be able to communicate directly with each other.

The difficulty for strict firewall configurations is: the my.zerotier.com controllers and your devices are on dynamic IP addresses and are listening on random UDP ports.

Default zerotier-one listening ports are:

  • 9993

  • Random Port based on Node ID

  • Random Port for UPnP

Therefore, a device needs be able to send to any address, on any UDP port to directly connect with other devices.

 

 

See also:

https://zerotier.atlassian.net/wiki/spaces/SD/pages/6815768/Router+Configuration+Tips