According to the documentation, these are the ports to be opened on a firewall to send notifications from a server, but it is unclear whether to allow the inbound and outbound connections in the firewall or only outbound connections:
For push notification to be sent, the following servers must be accessible from a MobileFirst Server instance:
iOS
Sandbox servers:
gateway.sandbox.push.apple.com:2195
feedback.sandbox.push.apple.com:2196
Production servers:
gateway.push.apple.com:2195
Feedback.push.apple.com:2196
1-courier.push.apple.com 5223
Android
The ports to open are: 443, 5228, 5229, and 5230. GCM typically uses only 5228, but it sometimes uses 5229 and 5230.
GCM does not provide specific IP addresses, so you must allow your firewall to accept outgoing connections to all IP addresses that are contained in the IP blocks listed in Google ASN of 15169.
Windows Phone 8
No specific port needs to be open in your server configuration.
MPNS uses regular http or https requests.
Both incoming and outgoing...
As an example, which will apply to all vendors, see Apple's support document: https://support.apple.com/en-ap/HT203609
If you have iOS devices inside your network, then for the devices to receive the notification you must have the following available for incoming connections:
For APNs traffic to get past your firewall, you'll need to open these
ports:
TCP port 5223 (used by devices to communicate to the APNs
servers)
TCP port 2195 (used to send notifications to the APNs)
TCP port 2196 (used by the APNs feedback service)
TCP Port 443 (used as a fallback on Wi-fi only, when devices are unable to communicate to APNs on port 5223)
The APNs servers use load balancing. Your devices will
not always connect to the same public IP address for notifications.
The entire 17.0.0.0/8 address block is assigned to Apple, so it's best
to allow this range in your firewall settings.
And since apple's servers have a specific range and ports, you need them open for outgoing connections as well...
Related
if when i try to connect with webRTC from outside the local network, it uses a STUN server to exchange info like ip address, port..., and then once the two clients know each other they will directly connect, but the thing is, if any router by default blocks any port that's opened exept for 80, then how do the two clients connect, on what port?
WebRTC is an open framework and does not dictate how the connections are established between the communicating peers. Establishing the connection itself involves the following.
1-The peer discovery is made via Signaling for doing SDP exchanges and exchanging remote host identities. The Signaling can be done over any transport – UDP/TCP, any protocol and via any standard (SIP/XMPP) or custom application level protocol over HTTP/WebSockets etc. The choice of Ports for signalling traffic is left open to the application developer.
2-Once the peer discovery is complete, and the PeerConnections are established at each endpoints, the media data can be sent. Depending on the network topology of the Peers (whether they are in the same host network, or they are in different network (behind Nated IP address), they can choose to connect such that the media traffic is sent over UDP or over TCP. For a more protected environment, the peers may even need a TURN server to relay the media traffic on Peers behalf. Here again, the choice of Media Ports is left open and can be decided via the end application.
I found this on web I hope its helpful
We are investigating adding the Kaa client to our products and using the Kaa server operationally, and we have some questions in the networking and protocol area. Our main concern is having the IoT device access the IoT server through the Internet without being blocked by the firewall at the IoT device in a "typical" environment. For this reason we see that HTTP/HTTPS using port 80/443 is often used.
Do you believe that most of the IoT device will communicate because most firewalls allow all outgoing traffic?
Or do you think that most end users will have to explicitly configure a firewall rule for the IoT device?
What was the rationale for using the port numbers 9889/9888 and 9999/9997?
Can these port numbers be reasonablely modified? If so, where and how?
Is there a specification of the Kaa TCP protocol?
Thank You
Keith Krajewski
About Kaa TCP protocol use official documentation page
you can change ports of bootstrap and operations services in this files:
bootstrap-http-transport.config
bootstrap-tcp-transport.config
operations-http-transport.config
operations-tcp-transport.config
I want to access the contents of the biometric device using a command prompt or a shared folder instead of using the software that comes with it. I am new in networking, I did the following:
1. Set a static IP to my biometric device: 192.168.1.201 port 4370 (default)
2. configure ethernet in my PC using ip: 192.168.1.1, subnet 255.255.255.0
3. Connected my PC to the device using crossover cable.
The device is pingable, my firewall is off. I cannot access the device in browser http://192.168.1.201, or in directory \\192.168.1.201
I am planning to create a vbscript or a php code to access the biometric instead of the software that comes with it. So as a requirement, I need to have access to the device
You can not access the biometric machine through telnet. The username and password is set by the manufacturer. They will use the telnet account credentials only for their internal development and testinng purpose. #Hans-Martin Mosner, machine can well connect with port 80. Only thing is software will not listen at port 80 as it has been bound with http. If you remove the port 80 from listening for http then you can make your application to connect with port 80
If you are trying for accessing the biometric machines to associate with your web application, go for CAMSUnit machines. CAMS provides the WEB APIs for their biometric machines. It supports registering the callback URL which gets called every time new attendance gets registered.
Suppose I have a VPS with private networking setup such that the only ports that are open are the port for SSHing into the server and the port that connects the server to other servers on the private network. Can this same server still send requests through the internet and receive back responses? If so, through what 'channel' are the requests/responses being sent/received?
It depends on what the outbound firewall settings are on the server. If the firewall allows all outbound connections then you can connect out to any server on any protocol.
However, depending on the hosting provider, they may limit the ports which you can use for outbound connections. Most likely (but not guaranteed) you'll be able to use HTTP (80) and HTTPS (443). It is quite possible that SSH (22) would be open as well. Those three should cover most, if not all, of the needs to would have.
What network services, port numbers, outgoing incoming or both, need to be open on a network for an ipod touch to receive Apple Push Notifications?
I know the outgoing port number to set when sending the apns. The only thing is, in my school practically every outgoing (and incoming) port is blocked and as a result APNs do not work. I am sure that if I talked to my network administrator and told him which port to unblock, he would do so. So my question is: What network services, port numbers, outgoing incoming or both, need to be open on a network for an ipod touch to receive Apple Push Notifications?
According to Apple's docs: port 5223.
If the device is connected over Wi-Fi
and is still unable to receive
notifications, the Wi-Fi network
you're using might have a firewall
that is blocking port 5223. This port
must be open to TCP traffic for
notifications to work.
For APNS to work from within your network you must be able to communicate to 17.0.0.0/8:5223. The TCP connection is made from iOS device out to *.push.apple.com. There is no inbound TCP connections required.