The firewall setting worksheets help you prepare to deploy System Center Mobile Device Manager (MDM) for your enterprise. Maintaining a list of ports settings can help you prepare to deploy MDM and help resolve problems and maintain installation settings.
MDM Server Ports
Traffic source | Destination | Default | Value | Complete? |
---|---|---|---|---|
MDM Device Management Server |
MDM Gateway Server |
TCP 443 (SSL) configurable |
[ ] |
|
Device (native IP address) |
MDM Enrollment Server |
TCP 443 (SSL) not configurable |
[ ] |
|
Device (assigned VPN IP address) |
MDM Device Management Server (through MDM Gateway Server) |
TCP 8443 (SSL) configurable |
[ ] |
MDM Console Ports
Traffic source | Destination | Default | Value | Complete? |
---|---|---|---|---|
MDM Console |
MDM Device Management Server |
TCP 8446 (SSL) configurable |
[ ] |
|
MDM Console |
MDM Enrollment Server |
TCP 8445 (SSL) configurable |
[ ] |
IPsec Traffic
Traffic source | Destination | Default | Value | Complete? |
---|---|---|---|---|
Device (native IP address) |
MDM Gateway Server |
UDP 500 bi-directional |
[ ] |
|
Device (native IP address) |
MDM Gateway Server |
UDP 4500 bi-directional |
[ ] |
|
Device (native IP address) |
MDM Gateway Server |
IP Protocol 50 (IPsec) bi-directional |
[ ] |
Other MDM Ports
Purpose | Traffic source | Destination | Default | Value | Complete? |
---|---|---|---|---|---|
VPN services — network address translation (NAT) timeout detection |
Device (native IP address) |
MDM Gateway Server |
UDP 8901 (bi-directional) |
[ ] |
Software Distribution
Traffic source | Destination | Default | Value | Complete? |
---|---|---|---|---|
Managed device (issued IP address) |
MDM Device Management Server |
TCP 8530 bi-directional TCP 8531 (SSL) bi-directional |
[ ] |
Additional Ports
Purpose | Traffic source | Destination | Default | Value | Configured? |
---|---|---|---|---|---|
Line of business (LOB) applications that use SSL |
Managed device (issued IP address) |
LOB application server |
TCP 443 |
[ ] |
|
LOB applications (other) |
Managed device (issued IP address) |
LOB application server |
Defined by type of application |
[ ] |
|
External Web site access |
Managed device (issued IP address) |
Network Address Translation (NAT) or proxy server in the perimeter network |
TCP 443, TCP 80 |
[ ] |