Communication Data Points
If your devices are behind an enterprise firewall, you need to allow the following ports and URLs to ensure smooth communication while using SureMDM:
Below is the list of services along with ports used by mentioned services:
- SureMDM Services - These services are used for secured and encrypted communication between SureMDM enrolled devices and SureMDM Web Console.
- SureMDM Remote Support - SureMDM offers a secure way to remotely view and control enrolled devices using SureMDM Web Console.
- Firebase cloud messaging - Google Cloud Messaging (Firebase Cloud Messaging) by Google helps SureMDM server to send secure notifications to enrolled devices. Google uses any of these mentioned ports.
- Zero Touch Enrollment: Zero-touch enrollment allows enterprises to provision Android devices by assigning enterprise configuration and security policies right out of the box.
- Play Services and Android Management - Google Play services are used to securely update Google apps and apps from Google Play. It is also used for the communication and management of Android Enterprise (Work Managed Device) devices.
- Samsung KNOX Enrollment - Samsung KNOX Enrollment is used for Samsung Account authentication for Knox service and also for access of enterprise devices to the Knox servers.
- iOS APNS - iOS APNS enables secure communication of iOS and/or macOS devices through the SureMDM servers. This also enables third-party apps to send push notifications to iOS devices.
- Apple services - Apple services are used for Apple's Mobile Asset Software Update service to provide an XML file with information about available iOS updates.
- Microsoft services for Windows - This service is used for Windows notification service by Microsoft which allows secure communication between SureMDM and Windows devices.
- Office 365 services - This service is used for managing Windows devices and services behind firewalls and enables secure communication.
- The following ports should be allowed internally in Inbound rules for communication between Nodes:
- TCP 2379-2380
- UDP 8472
- TCP 10250
- TCP 6443
To facilitate the necessary services, specific ports must be configured for internal or public access based on operational needs:
- SQL Server: Port 1433 should be open to facilitate communication with SQL databases.
- MongoDB: Port 27017 is required for MongoDB operations.
- MinIO (Storage): Ensure the ports configured for both the MinIO console and server are accessible as per your setup.
The following table explains the communication data pointers for SureMDM:
| Port | Destination | Type | Protocol | Description |
|---|---|---|---|---|
| 443 | suremdm.42gears.com or yourdomain.suremdm.io | Outbound | HTTPS | SureMDM Services Note: Region can be included in the URL as in/us/eu during signup. |
| 443 | suremdm.42gears.com or yourdomain.suremdm.io | Outbound | TLS or WSS | SureMDM Remote Support Note: Region can be included in the URL as in/us/eu during signup. |
| 443 | activate.42gears.com | Outbound | HTTPS | 42Gears Services |
| 443 | s3.amazonaws.com | Outbound | HTTPS | Jobs, Reports, File store and Application store. Note: Select a URL based on the region selected. |
| mars.astrouploads.com | ||||
| The following URLs will be allowed based on the region selected during signup: | ||||
| 443, 5228, 5229, 5230 | All traffic or Google's ASN of 15169 | Outbound | TLS/HTTPS | Firebase Cloud Messaging |
| 443 | www.googleapis.com | Outbound | HTTPS | Zero Touch Enrollment |
| 443 | *.ggpht.com | Outbound | HTTPS | Play Services and Android Management |
| *.googleusercontent.com | Outbound | |||
| *.gvt1.com | Outbound | |||
| *play.googleapis.com | Outbound | |||
| android.clients.google.com | Outbound | |||
| 443 | *.samsung.com | Outbound | HTTPS | Samsung KNOX Enrollment |
| *.samsungknox.com | Outbound | |||
| *.secb2b.com | Outbound | |||
| 5223, 2195 - 2197 | 17.0.0.0/8 | Outbound | TLS/HTTPS | iOS APNS |
| 443 | mesu.apple.com | Outbound | HTTPS | Apple services |
| 443 | *.notify.live.net | Outbound | HTTPS | Microsoft services for Windows |
| *.notify.windows.com | Outbound | |||
| *.wns.windows.com | Outbound | |||
| login.microsoftonline.com | Outbound | |||
| login.live.com | Outbound | |||
| 443 | *.manage.microsoft.com | Outbound | HTTPS | Office 365 services |
| *api.office.com | Outbound | |||
| *go.microsoft.com | Outbound | |||
| *login.windows-ppe.net | Outbound | |||
| *secure.aadcdn. microsoftonline-p.com | Outbound | |||
| *vortex.data.microsoft. com | Outbound |