3 Replies Latest reply: May 3, 2012 3:32 PM by AntWin
AntWin Level 1 Level 1 (0 points)

Hey everyone,


Is anyone out there managing their iPads (with an MDM solution) over 3G MPLS? I'm just curious as to what needed to be setup for the iPad devices in regards to networking and firewall changes as they will be on an internal IP range rather than out there on the internet. I'm assuming that certain ports will need to be opened for the iPads to communicate with the outside world for APNS and Policy updates to occur?



iPad, iOS 5.0.1
  • AntWin Level 1 Level 1 (0 points)

    I should clarify my request a little better. I am using an MDM to manage iPads via MPLS. I am able to enroll the devices and apply the initial payload policies to the iPads but once enrolled I can no longer update policies or remote lock the devices. I can still remove and reset the MDM agent or gather the GPS data etc though. I'm assuming it is because I have something configured not quite right in relation to the iPads communication over the MPLS.

    I can put the device out on the internet and apply policies without issue.

    Currently the iPads sit behind a proxy and have port 5223 open to APNS as per vendor documentation.

    I cannot see any errors on the MDM agent logs, the MDM server or the firewall.



  • rccharles Level 5 Level 5 (6,595 points)

    The site name is a bit scary, but this pdf describes the MDM protocol.

    https://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.p df


    "This paper describes how Apple’s MDM system works. It details the method by

    which an MDM server initiates a connection to a managed device, how the device

    enrolls with the server, and the various commands available to the system. Full

    parameters are provided for each command, as well as details for specialized

    responses from the device. Finally, source code is provided for a very simple MDM

    server, that will permit basic experimentation with the MDM protocol using actual

    iOS devices."



  • AntWin Level 1 Level 1 (0 points)

    Thanks Robert,


    The issue ended up being due to 2 problems. A missing route on the IP range that the iPads were on internally and a firewall rule. Both are fixed now and I can update policies fine