Outbound ports: Managing iOS and Android devices
BlackBerry Enterprise Service 10 components use the following ports to send data to sources that are outside of your organization's firewall, such as the BlackBerry Infrastructure, and to receive data back from these sources.
Configure your organization's firewall to allow outbound and inbound connections over these ports. For more information about domains and IP addresses to use in your firewall configuration, visit www.blackberry.com/go/kbhelp to read articles KB34193 and KB03735.
|
From |
To |
Purpose |
Protocol |
Port |
Where you can change the port |
|---|---|---|---|---|---|
|
BlackBerry Secure Connect Service |
BlackBerry Infrastructure |
To connect to the bbsecure.com subdomain (<region>.bbsecure.com) to allow work-space enabled devices to access work data, to send activation and management data between iOS and Android devices and BlackBerry Enterprise Service 10, and to allow iOS devices to connect to APNs for device notifications. |
TCP |
3101 |
Cannot change |
|
BlackBerry Secure Connect Service through a TCP proxy server (optional) |
BlackBerry Infrastructure |
To route data through a TCP proxy server if you do not want a direct connection to the BlackBerry Infrastructure. |
TCP |
3101 |
Administration Console |
|
BlackBerry Licensing Service |
BlackBerry Infrastructure |
To connect to the licensing infrastructure (license.blackberry.com) to activate licenses. |
HTTPS |
443 |
Cannot change |
|
Administration Console |
BlackBerry Infrastructure |
To request a signed CSR from BlackBerry so you can obtain and register an APNs certificate. The APNs certificate is required to manage iOS devices. |
HTTPS |
443 |
Cannot change |
|
Universal Device Service core components |
BlackBerry Infrastructure |
To connect to the <region>.swstps.bbsecure.com subdomain to authenticate BlackBerry Enterprise Service 10 and enable the use of the Secure Work Space on iOS and Android devices. |
HTTPS |
443 |
Cannot change |
|
Universal Device Service core components |
BlackBerry Infrastructure |
To connect to <region>.swsmanager.bbsecure.com subdomain to enable administrative control over the work space on iOS and Android devices. |
HTTPS |
443 |
Cannot change |
|
BlackBerry Work Connect Notification Service |
BlackBerry Infrastructure |
To provide new or changed email and organizer notifications to work space-enabled iOS devices. |
HTTPS |
443 |
Cannot change |
|
Scheduler |
BlackBerry Infrastructure |
To check a hosted metadata file each day at midnight for new device or OS data. Updates are downloaded to the Universal Device Service database. The hosted file is located at https://origin-www.blackberry.com/download/metadata/BES/metadata.xml.gz (IP address 208.65.77.102). |
HTTPS |
443 |
Cannot change |
|
Core Module |
Apple Root Certification Authority |
To check the certificate revocation list (used if you do not set up an APNs proxy server). |
HTTPS HTTP |
443 80 |
Cannot change |
|
Core Module |
SMTP gateway |
To enable SMTP for an external SMTP gateway (optional). |
TCP |
25 |
Administration Console |