User profile for user: iPad786
iPad786 Author
User level: Level 1
0 points

Apple Profile Manager : MDM Ports , Push Notifications

Hi All

I have configured MDM with Mountain Lion , Server Tools 2.2.1 , worked fine with iOS device (checked with iPad) worked fine.

But when I push to OSX devices, it stuck , ... lot of search on Google and found some threads that people had the same issues.



http://serverfault.com/questions/102416/iptables-equivalent-for-mac-os-x/105736# 105736
https://discussions.apple.com/thread/4254271?start=0&tstart=0

https://discussions.apple.com/thread/4257714

http://krypted.com/iphone/managing-ios-devices-with-apple-configurator/


The solution was to open following ports:

o use Profile Manager, you should ensure that the following ports are open on your network.


Port TCP/UDP Description
2195, 2196 TCP Used by Profile Manager to send push notifications
5223 TCP Used to maintain a persistent connection to APNs and receive push notifications
80/443 TCP Provides access to the web interface for Profile Manager admin
1640 TCP Enrollment access to the Certificate Authority


But when I tried to open the ports (tried both text based and with ICE Flor)
sudo ipfw add 27860 allow tcp from any to any dst-port 2196
sudo ipfw add 27860 allow tcp from any to any dst-port 2195
add 78600 allow tcp from any to any dst-port 5223

When I use sudo lsof -i -P | grep -i "listen" , it didnot show me if the ports are open.

iPad, iOS 6

Posted on Apr 16, 2013 6:47 AM

Reply
6 replies
User profile for user: Andreas Schenk
Andreas Schenk
User level: Level 1
5 points

Jul 11, 2013 2:16 AM in response to iPad786


But when I tried to open the ports (tried both text based and with ICE Flor)
sudo ipfw add 27860 allow tcp from any to any dst-port 2196
sudo ipfw add 27860 allow tcp from any to any dst-port 2195
add 78600 allow tcp from any to any dst-port 5223

When I use sudo lsof -i -P | grep -i "listen" , it didnot show me if the ports are open.


You don't see those ports open on your server, because they are not supposed to be open and your server is not listening on them.

2195 and 2196 are used by your server to connect outgoing to APNS (Apple Push Notification Server), so your server won't need to listen there, nor be reachable here, but your server must be able to connect to Apple on these ports.

5223 is basically the same, but for your clients. Any Apple device that wants to have Push services will use this port for an outgoing TCP connection to APNS. So again, your server wont listen here.

The only incoming ports to the server are 443 (for both the web interface and the devices checking in for new profiles etc.) and 1640 (only used during inital enrollment).

Reply
User profile for user: Badriya Alaraimi
Badriya Alaraimi
User level: Level 1
6 points

Dec 22, 2014 12:55 AM in response to Andreas Schenk

hi,

also I have configure MDM Ariwatch in my company. sending notification and install profile in IOS devices is not working.

I have contact Airwatch support team, they ask me to open ports 2195 and 2196.

then I request my network team to open above ports, they have try using ULR- gateway and feedback-. its not working. Then they try to use IP address, but they noted that the IP is continually changing. I have request support team to gave me on IP than I can use., they send IP 17.0.0.0/8 for both ports.

then I informed firewall admin to open that port using 17.0.0.0 IP address, but he didn't accept this because its not secure to allow this range in firewall.

and Airwatch team say this limitation from Apple said.

please Advise.

Reply
User profile for user: rccharles
rccharles
User level: Level 6
13,037 points

Dec 24, 2014 2:18 PM in response to Badriya Alaraimi

Here is the list of well known ports. Can't a firewall limit access from an ip address and a port? Should get past network group protests.

TCP and UDP ports used by Apple software products - Apple Support



Well, the general Apple contact number is:


Apple

1 Infinite Loop
Cupertino, CA 95014
(408) 996-1010
I think there is some paid service that lets you dial 800 numbers in the US.
Apple will call you.
https://getsupport.apple.com/ServiceOptionAction.action
Here is the world wide contact info.
Contact Apple for support and service - Apple Support
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Apple Profile Manager : MDM Ports , Push Notifications

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up