How should the IoT communications work? The communication between the IoT gateway and IoT cloud will use TCP/IP, but there are many things in addition to that. One issue is the selection of communication method, specifically which communication end initiates the communications. In a traditional “old Internet” it would have not mattered too much which end starts the communications, or does it use TCP or UDP protocols to transfer the data. As long as the end starting the communications knows the IP address of the other end, things worked well. So if the IoT gateways and IoT cloud have a fixed IP address or network name, it would be trivial to start the communication in any direction you want.
In modern Internet the situation is different, mostly due two facts: shortage of IP addresses and security reasons. Modern IoT communications use IoT model that had or can have many firewalls/router devices on the way from IoT gateway to IoT cloud. Besides firewalls there can be also NAT (network address translation) devices on the way.
In this modern IoT model usually the only practical way is that the IoT gateway is the device that initiates the connection to IoT cloud. The typical situation is that IoT cloud is the only device that practically can have fixed IP address (or name) that is easy to define to IoT gateway. Typically the IoT gateways can have address that can change over time (for example connected through cellular network).
When there are stateful firewalls and/or NT device on the way, usually the only direction that is well tested to work is that when the communications is initiated by IoT gateway the reply packets can also pass through firewall back. But if IoT cloud would try to do initiate connection to IoT gateways, it is typically blocked by firewall / NAT device unless a special rules that allow this specific device to communicate are added to firewall (usually hard to manage solution that takes lots of work to get approved and configure correctly in corporate networks).
So the most practical way is that for Internet of Things communications the IoT gateway opens the connection to the IoT cloud. On the protocol side, the safest bet is to use TCP connection for the communications (usually firewalls limit the use of UDP services more). When taking account how most firewalls are configured, the best idea is to use a TCP port addresses that are commonly used also for other applications (and is thus normally passed through firewall). Usually the safest bet is is to use TCP port 80 (normal web HTTP port). Other potential ports are 443 (HTTPS) and 22 (SSH).
Keep in mind that I am here only considering the opening direction of the TCP connection. This does not affect the actual direction of the application data, when the TCP connection is open both ends of the connection are free to send the messages to each other as they wish. So at the applications level when the TCP connection is active, it can be freely IoT cloud or IoT gateway that initiates the actual application level communications.