Connect to Hexnode MDM through a manual FirewallSolved

Participant
Discussion
3 years ago

I am trying to setup a manual firewall. But as soon as I enable the firewall, policies from Hexnode are not getting applied.

Replies (3)

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

The firewall may be blocking the connection from mdm.

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

I had the same problem with my apple phones. Apple deprecated ports 2196 and 2195. It started working normally when I updated the configuration to the newer port – 2197.

Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review

Hey there. @akach and @nia Great inputs. That could exactly be the issue here too.

@fee The firewall is designed to block all connections except the connections that are absolutely required by the system to function and the connections that are whitelisted. In some cases, aggressive firewalls may block the connections to and from the MDM console, thus hindering device management functionalities. Such issues are always difficult to diagnose.
You can configure the firewall settings to allow the following connections to continue managing your devices.

Android devices –

Hexnode usually uses FCM to connect to your Android device. Once enrolled, allow the connections from-

  1. All IP from ports 443, 5228, 5229, 5230 for FCM

Please note that the IP addresses are not static. This means that they are frequently updated. Google randomly uses any of the ports mentioned above and the IP addresses are frequently updated. Visit the link – FCM ports on firewall to view the latest FCM IP addresses and recent updates.

Apple devices –

For iOS and macOS devices, you are required to keep the connection to APNs open. Your Apple devices must be able to connect to the entire 17.0.0.0/8 address block, which is assigned to Apple, on the following ports.

  1. TCP port 5223 to communicate with APNs.
  2. TCP port 443 or 2197 to send notifications to APNs.

Windows Device –

On Windows devices, all traffic is routed through port 443. The list of IP addresses is available for download from the Enterprise Firewall and Proxy Configurations to Support WNS Traffic documentation.

Generally, Hexnode servers use the domain *.hexnodemdm.com on port 443. So, you will also need to keep this connection active for uninterrupted services.

Additionally, several features integrated into Hexnode might require other connections to be functional. You can find the list of all such requirements in the Hexnode-Architecture documentation.

I hope I was of some help today.

Shawn Payne.
Hexnode UEM.