Category Filter

Network Ports used by Hexnode UEM

This article explains the network ports used for connections with Hexnode or for integrating third-party services.

A port is a specific location through which information flows between various computers or networks. Hexnode uses several ports for enrolling and managing Android, Apple, and Windows devices. Make sure to keep these ports open for a full MDM feature implementation.

Following is the list of several ports needed for establishing connectivity between the various servers and components in Hexnode UEM.

Ports for Android devices

Communications for enrolling and managing Android devices use HTTPS on TCP 443. Hexnode uses standard FCM ports and services (Ports 5228, 5229, and 5230). The port 1883 (outbound) can be used for devices without FCM.

Port Number Inbound/Outbound Source Destination Description
8998 Outbound AD Agent Hexnode Cloud AD Agent Service
443 Bidirectional Android Devices
  • *.samsungknox.com
  • *.secb2b.com
  • *.samsung.com
Samsung Knox Enrollment
443 Bidirectional Android Device www.googleapis.com Zero-touch Enrollment
443 Bidirectional Android Device
  • *play.googleapis.com
  • *.googleusercontent.com
  • android.clients.google.com
  • *.ggpht.com
  • *.gvt1.com
  • com.android.providers.downloads
App Management
443 Bidirectional Hexnode Cloud Devices HTTPS port used for secure and encrypted communication between Hexnode server and devices
443 Bidirectional Devices
  • s3.eu.central-1.amazonaws.com
  • s3.amazonaws.com
HTTPS port used for file, app management.
443 Bidirectional Devices
  • *.manage.microsoft.com
  • *api.office.com
  • *go.microsoft.com
  • *login.windows-ppe.net
  • *secure.aadcdn.
    microsoftonline-p.com
  • *vortex.data.microsoft.
    com
HTTPS port used for Office365 Login.
5228, 5229, 5230 Bidirectional Android Devices Internet Receive push notifications via Firebase Cloud Messaging (FCM)
3478 (TCP and UDP), 5349 (TCP) Bidirectional Android Devices
  • global.stun.twilio.com
  • global.turn.twilio.com
Simple Traversal of UDP Through NAT (STUN) port for Remote View support, STUN over TLS for Remote View support.
443 Bidirectional Android Devices remoteview.hexnodemdm.
com
Remote View Server

Ports for Apple devices

Communications for enrolling and managing devices use HTTPS on TCP 443. Port 80 is the default application port used during the installation of Hexnode. Hexnode uses standard ports (TCP 2195 – outbound) to communicate with APNs (host address is gateway.push.apple.com). If the Apple devices are connected to the internet through Wi-Fi and fail to receive APNs notifications, there are chances that the firewall in your network blocks the outbound port 5223. Make sure that this port remains open to TCP traffic for notifications to work.

Port Number Inbound/Outbound Source Destination Description
8998 Outbound AD Agent Hexnode Cloud AD Agent Service
443 Bidirectional Apple Devices mesu.apple.com HTTPS port used for secure and encrypted communication between Hexnode server and Apple devices.
443 Bidirectional Hexnode Cloud Devices HTTPS port used for secure and encrypted communication between Hexnode server and devices
443 Bidirectional Devices
  • s3.eu.central-1.amazonaws.com
  • s3.amazonaws.com
HTTPS port used for file, app management.
443 Bidirectional Devices
  • *.manage.microsoft.com
  • *api.office.com
  • *go.microsoft.com
  • *login.windows-ppe.net
  • *secure.aadcdn.
    microsoftonline-p.com
  • *vortex.data.microsoft.
    com
HTTPS port used for Office365 Login.
3478 (TCP and UDP), 5349 (TCP) Bidirectional iOS Devices
  • global.stun.twilio.com
  • global.turn.twilio.com
Simple Traversal of UDP Through NAT (STUN) port for Remote View support, STUN over TLS for Remote View support.
443 Bidirectional iOS Devices remoteview.hexnodemdm.
com
Remote View Server
5223 Inbound Apple Devices 17.0.0.0/8 Apple Push Notification service (APNs) for Apple devices.
Notes:


Allow access for the entire 17.0.0.0/8 address block as Apple may use any address from the range for pushing notifications.

Or you may open access to the following network ranges via the same ports:

IPv4

  • 17.249.0.0/16
  • 17.252.0.0/16
  • 17.57.144.0/22
  • 17.188.128.0/18
  • 17.188.20.0/23
  • IPv6

  • 2620:149:a44::/48
  • 2403:300:a42::/48
  • 2403:300:a51::/48
  • 2a01:b740:a42::/48
  • Ports for Windows devices

    TCP port 443 is used in the case of the Windows Notification Service.

    Port Number Inbound/Outbound Source Destination Description
    8998 Outbound AD Agent Hexnode Cloud AD Agent Service
    443 Bidirectional Windows Devices
    • *.notify.live.net
    • *.wns.windows.com
    • *.notify.windows.com
    HTTPS port used for secure and encrypted communication between Hexnode server and Windows devices.
    443 Bidirectional Hexnode Cloud Devices HTTPS port used for secure and encrypted communication between Hexnode server and devices
    443 Bidirectional Devices
    • s3.eu.central-1.amazonaws.com
    • s3.amazonaws.com
    HTTPS port used for file, app management.
    443 Bidirectional Devices
    • *.manage.microsoft.com
    • *api.office.com
    • *go.microsoft.com
    • *login.windows-ppe.net
    • *secure.aadcdn.
      microsoftonline-p.com
    • *vortex.data.microsoft.
      com
    HTTPS port used for Office365 Login.