iOS MDM Profile Manager ports usage

3
votes

I have an MDM with Profile Manager configured targeting iOS and OSX clients.
Everything works fine in my home network. Now, I would like to apply this in my company.

From Apple Support website:

Port 2195, 2196 - TCP - Used by Profile Manager to send push notifications
Port 5223 - TCP - Used to maintain a persistent connection to APNs and receive push notifications
Port 80/443 - TCP - Used by Profile Manager to send push notifications
Port 1640 - TCP - Enrollment access to the Certificate Authority

Due to security reasons, I have to specify, which of those ports are used to receive data and which of those are used to send data (or both). Anyone could provide me with this information?

1
iostcpportmdmapple-profile-manager

1 Answers

3
votes

If my memory is correct...

  • 2195, 2196: outbound from your MDM to Apple
  • 5223: outbound from your MDM to Apple and outbound/inbound from your client device to Apple
  • 80/443: outbound from your MDM to Apple and your client device, outbound/inbound on your client device to your MDM (assuming your MDM is operating on those ports)
  • 1640: I'm not familiar with this one. I'd have to assume it's outbound from your client device to your CA.

Have you tried monitoring your traffic at both your MDM and iOS devices to determine the originating flow of the ports? Apple will often say "just open up ports XX:YY and you're good" which obviously doesn't translate to reality.