Networking requirements for devices enrolled in Meta Quest for Business
Domains used by Meta Quest for Business
Desktops need access to the following domains to access Admin Center and managed Meta accounts and to manage devices:
Meta Quest devices need access to the following domains during setup and enrollment and when installing updates:
Desktops need access to the following domains to manage devices, and Quest devices need access to fetch configurations:
Desktops need access to the following domains to view a Meta Quest device cast:
Desktops need access to the following domains to use Meta Quest PC Link app:
Desktops and Meta Quest devices need access to the following domains to connect to the Meta Quest Remote Desktop app:
You may also need to add app-specific URLs to your network allowlist to ensure that all required endpoints are reachable. These URLs need to be provided by the app developer.
Additional ports requirements
As well as ports 80/443, consider unblocking the following Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports so devices involved in your organization’s Meta Quest for Business can communicate with each other:
- TCP: 3478; 3479; 8080.
- UDP: 40003; 40005; 40007; 40008. We’d also recommend unblocking 50000-59999 for additional range.
IP ranges used by Meta Quest for Business
Meta Quest for Business dynamically manages network traffic, so allowlisting by IP is not recommended. Meta’s Autonomous System (AS) number is AS32934. If your organization’s firewall can only be configured with IP addresses, we recommend using the following command to return IPv4 and IPv6 subnets:
- whois -h whois.radb.net -- ‘-i origin AS32934’
This command should be run at least once a month to keep the IP addresses up to date.
Validate Meta Quest device access to domains and ports
To validate desktop or device access or debug access failures, your desktop needs to have Wireshark. You also need your Meta Quest device and a data USB cable.
Then:
- Connect your Meta Quest device to your desktop using a data USB cable.
- Open a terminal window and verify Android Debug Bridge (adb) devices displays the Quest device’s serial number.
- Run a tcpdump to take an ongoing packet capture.
- Complete the desired test case scenario.
- End the ongoing tcpdump.
- Pull the .pcap file from the Quest device to your desktop using the following command:
- > adb pull /sdcard/[FILENAME].pcap
- Use the following commands to identify the domains and ports used:
- > tshark -r [FILENAME].pcap -T fields -e dns.qry.name -e http.host -e tcp.dstport -e udp.dstport “dsn.qry.name != \”\”” > [OUTPUT-FILE].txt
- View the domains and ports in the [OUTPUT-FILE].txt file.