Firewall ports needed for Apple devices, including APN

Follow

For Apple devices to work properly with TechPilot, devices need to be able to Communicate with TechPilot Control Tower and receive Apple Push Notifications (APN)

 

TechPilot Communication

To allow communication with TechPilot please allow traffic to and from the following IP addresses on ports 80 and 443:

54.164.36.33 

52.73.26.101 

54.165.240.169 (needed for device enrollment)

18.205.10.56 (needed for device enrollment)

Apple Push Notifications

If Apple devices don't seem to be communicating with TechPilot when issuing MDM commands, it could be because they are not receiving Apple Push Notifications due to your firewall.  You may need to unblock certain ports for APN to work.  You can find details in this Apple KB article: https://support.apple.com/en-us/HT203609 

You may also find this blog post about Apple services, ports, and addresses helpful: http://www.richard-purves.com/2016/09/10/apple-services/.  We can't vouch for the information provided and the article is a bit old, but it might be useful.

Intruder Detection:  Some Firewalls provide intruder detection systems or IDS.  This looks for patterns of traffic that might indicate an attack and can temporarily shut down communication with the suspected offending IP address for a given number of minutes before clearing the alert.  This can explain situations where things seem to be working fine, then devices suddenly stop communicating or receiving commands from TechPilot for some length of time, like an hour, before working again.  It's possible that your system would see a flood of push notifications to your devices as a threat and trigger as a false positive pattern, thinking it's an attempted attack.  You may want to temporarily disable intruder detection when troubleshooting these types of issues.

Troubleshooting Tip #1 - Try another network: If devices are not communicating properly, one of the best first steps in troubleshooting is to determine if it's related to your network by taking a couple of devices OUTSIDE of your network and putting them on a mobile hotspot, phone tether, or home network.  If the devices work properly in that environment, then you know you need to work on your network's firewall or filtering.  This is one of the first things a TechPilot support technician will ask you to verify when troubleshooting issues that might be related to connectivity.

Troubleshooting Tip #2 - Feature disable: Temporarily disable different types of filtering offered by your firewall until you find which one is detecting something that it doesn’t like.  For example, your firewall might have intruder alert detection of various types or different types of filtering and blocking. Turn off just one at a time.  Once you find the one that’s the problem, you may be able to configure it to skip checking for just our URL or IP address only so that you don’t have to leave the feature off completely.

Other:

Barracuda Firewalls: Try using "IP Bypass" for the sites and ports above

Sonicwall Firewalls:  Look for "CFS exclusion" under Security Services

Have more questions? Submit a request

Comments