Document required ports used by Zwift

Was alone yesterday in Zwift, didn’t do too much because I was doing a workout. Today I was going to ride ZSUN social ride. It was empty again. Had to fire up tcpdump to see that Zwift had a requirement for a new tcp port: 3023. Why can’t Zwift document this? Not everyone has a firewall that is open. So I missed the social ride.

So I have tcp 80, 443, 3023, 21587 and udp 3022 open for Zwift. I’m not sure that is all ports required, I did see others today. I ask that Zwift document required ports and notify when adding new ports.

1 Like

Yes, i’ve read that, it is new port requirement since last week, tcp 3023. I wish Zwift documented this. A user should not have to use tcpdump to find out which ports is used.

Doesn’t seem to be a “since last week” thing :man_shrugging:

Glad I stumbled across this post, i was about to do a monitor on my pfsense firewall and a wireshark dump on my PC. I have my wireless network fairly well locked down for outbound ports and countries.

1 Like

Absolutely appalling how much [failed] web searching you have to do to find the network [firewall] requirements for an application that depends on networking. What I know is only because I found some multi-year-old Zwift info on someone’s personal website. It also appears Zwift adds/changes ports without publishing the change (e.g. UDP 3023 when it was previously 3022). To configure Windows Defender (or pretty much any firewall), we need to know which executable(s) need what Outbound ports and then which executable(s) need which Inbound ports. I have all the .exe programs in the Zwift/ folder able to use all TCP and UDP ports outbound and all UDP ports inbound and ZwiftLauncher (that was just updated today) still says it cannot connect to the internet. Is it trying to do something through the Edge browser … ALSO ? I mean, really guys, what do we need to do, EXACTLY?

I just temporarily added an Outbound rule allowing any program to use ports 80 and 443, and I got past the “unable to connect” and can see the Zwift login screen. Since I had already given those permissions to the individual Zwift executable files and MSEdge and it didn’t work, some part of the Zwift startup is using some other executable that I haven’t previously granted such access. We still need to know what remote UDP ports to specify for inbound traffic, but now it appears we need to know what other executables must be granted outbound access to ports 80 and 443. It would be nice if Windows netstat could tell us which process has the displayed socket open, but alas, 40 years later and it still doesn’t give that information.

Not sure where or how your are searching/looking, but aside from the info here on the forums, a quick Google search of “zwift ports required” returned w/the top result being: Check Your Internet Connection Error which includes the following information:

Your router firewall should allow all incoming/outgoing TCP traffic on remote ports 443, 3023, and 3025 all incoming/outgoing UDP traffic on remote ports 3022 and 3024.

Its insufficient information. As noted, I already allow all outbound TCP and UDP ports, and had specified UDP ports 3022-3030 for the 6 specific Zwift executables to use and it doesn’t work. Only when I all ANY executable to use TCP 80 and 443 does it work, but I’m unwilling to leave it that way. I want to know what executable(s) use those ports during Zwift startup.

Well for starters, you only need allow UDP for 3022 and 3023.

It’s been a while since I used Windows, but unless it’s changed drastically, netstat should display the process id (PID) (I forget the specific option) which you can then cross-reference in Task Manager to see the specific executable name.

I found the answer I needed. In addition to what I said above, Windows Defender Firewall needs an outbound rule to allow %ProgramFiles% (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe access to ports 80 and 443. I realize this folder path with a specific version is a long-term maintenance headache, but it gets me over the current hurdle. Netstat -abn sorta helps, but Task Manager with the ImagePathName column is what eventually revealed the secret while Zwift Launcher was running (and my rule opening up ports 80 and 443 for ALL programs enabled). Thanks for trying to help; it is appreciated.

You yourself identified UDP 3025 in your previous post; a port I had not previously seen anywhere in my web searching. Having seen the “creep” upward from 3022, I’m just trying to add a bit of future-proofing.