TCP/IP Port requirements
For BigFix MDM Server and BigFix PlugIn Portal to communicate properly with the devices that you manage, it is essential to configure the necessary TCP/IP ports. This section provides a comprehensive list of the required ports for managing your devices effectively.
Port Number | Type | Purpose | Direction |
---|---|---|---|
443 | HTTPS |
All device enrollment and management requests are sent to this port. This must be an internet-facing port for the endpoints to reach the enrollment server. |
Inbound to the MDM Server from the network where MDM managed endpoints are located. |
443 | HTTPS | MDM Server to Offline Domain Join Server | Inbound to the Offline Domain Join Server specifically for requests from the MDM Server |
443 | HTTPS | For sending messages from MDM Server to notification services and
identity service.
|
Outbound from MDM server to:
|
5671 | AMQP |
MDM Plugin receives the asynchronous notifications that the MDM Server gets from the enrolled devices through this port. This inbound port to the MDM Server must be opened for the Plugin Portal server to establish the session and subsequently receive the device notifications. |
Inbound to the MDM Server from Plugin Portal server |
8443 | HTTPS | For sending HTTPS requests to the MDM Server REST API. | Inbound to the MDM Server from Plugin Portal server and WebUI |
636 | LDAPS | For Active Directory to securely authenticate end users during enrollment. | Outbound from MDM Server to the Customer LDAP |
389 | LDAP | For Active Directory insecure authentication of end users during
enrollment. Note: In case the Active Directory secure port is not
enabled, the default insecure port is 389. For best results, use the
LDAPS (secure communication) with Active Directory. |
Outbound from the MDM Server to Customer LDAP |
2195* | TCP | Backup port for sending messages from the MDM Server to APNs. | Outbound from the MDM Server to the APNs Server (Internet). |
2196* | TCP | Used by the MDM Server to connect to APNs for feedback. | Outbound from the MDM Server to the APNs Server (Internet). |
5223 | TCP | For sending messages to APNS from the computers in your network. | Outbound from Mac devices (whichever network they are on) to the APN Server (Internet). |
8080 | TCP | For internal NDES configuration or as configured in the SCEP URL in the fixlet Configure settings for SCEP functionality on MDM server | Outbound from MDM Server to SCEP |
*To ensure reliable Apple MDM server communication, allow outbound connections from the MDM Server to the Apple 17.0.0.0/8 block over TCP ports 2195 and 2196.