I would like to use ZeroTier in a corporate network. However, all traffic is initially blocked by the corporate firewall and the required connections have to be opened manually. The following destinations are already allowed:
Unfortunately for some corporate firewalls, there’s no real way to give you an answer to this. ZeroTier peers external to your corporate firewall can be running at any IP on a range of different ports. Our hosted network controllers are also not on static IP addresses, and the IP being used for those can change on the whim of the cluster in our datacenter. Your best bet will be to allow UDP/9993 from anywhere into your network at the corporate firewall.
For the best performance, we recommend allowing machines running ZeroTier to allow incoming traffic from anywhere to at least UDP port 9993. ZeroTier operates on a peer to peer basis and needs to be able to contact other nodes directly to do this.