Profile manager need port 443/80 to distribute updates
I'm trying to setup profile manager to be able to send updates to iOS and Mac users off our local network without opening access to server webpages. I have ports opened and forwarding through our firewall: 2195,2196,5223, and 1640. However, clients can not receive updates unless port 443 or 80 is also opened and forwarded. This would be fine, however I don't want the whole world to be able to access or hack my internal webpages or potentially hack into the Profile Manager web interface remotely. If I restrict web server access to only private networks I loose the ability to push out configuration updates or remote locks or wipes of iOS devices. Is there a way to allow configuration updates and commands to be pushed without opening up the web interface or other websites located on the server?
Thanks
Port | TCP/UDP | Description |
---|---|---|
2195, 2196 | TCP | Used by Profile Manager to send push notifications |
5223 | TCP | Used to maintain a persistent connection to APNs and receive push notifications |
80/443 | TCP | Provides access to the web interface for Profile Manager admin |
1640 | TCP | Enrollment access to the Certificate Authority |