APNS on a PCI network

bevo_79's picture

bevo_79

Joined: Aug 23, 2016
WWW
Your rating: None (2 votes)

Does use iOS devices on a secure PCI network? If so, can you tell me what you have done to allow APNS to communicate with those devices? Did you open your firewalls to allow communication to Apple's entire 17.0.0.0/8 network as many MDM providers suggest? Or did you only open it to Apple's APNS URLs?

1-courier.push.apple.com 5223
gateway.sandbox.push.apple.com 2195
gateway.push.apple.com 2195

i cannot fathom opening our firewall to the entire 17.0.0.0 class A network - even if it is all owned by Apple. That's over 16.5 million IP addresses!

Top
apupavithran's picture

apupavithran

Joined: Nov 24, 2014
WWW

Re: APNS on a PCI network

Your rating: None

Hi Bevo_79,

You does not need to open the entire 17.x.x.x.

We have an MDM Product, Hexnode MDM, and we normally ask the customers to open the 2195 and 5223 ports. I am not sure about other MDM vendors.

Please refer the below links:
http://support.apple.com/en-us/HT203609
https://developer.apple.com/library/ios/technotes/tn2265/_index.html

Thanks and regards
Apu Pavithran
Consultant | Hexnode MDM

Thanks and regards
Apu Pavithran
Hexnode | Mitsogo Inc
www.hexnode.com/mobile-device-management

Top
JD's picture

JD

Joined: Dec 4, 2014

An additional issue that has

Your rating: None

An additional issue that has come up since early November 2015 is there is an additional certificate revocation list that iOS devices attempt to access on port 80 that can cause persistent APNS failure. Apple changed the root CA from them to an Akamai server and didn't realize how it would screw people.
They seem to be in the early stages of diagnosing the effects and offering a definite solution.
I'll share more when I get more info.

Top
bevo_79's picture

bevo_79

Joined: Mar 24, 2014
WWW

Hi JD, HOLY &%#$ that has

Your rating: None

Hi JD,

HOLY &%#$ that has been an issue as well! Do you have any links where I could research this?

Top
bevo_79's picture

bevo_79

Joined: Mar 24, 2014
WWW

Re: APNS on a PCI network

Your rating: None

Apu,

Yes, 2195 and 5223 are currently open, but the destination IP with Apple periodically changes. Apple does not publish when they change, or what the new IP addresses are. Our firewalls do not allow us to enter URLs - we have to use IP addresses. Apple's recommendation is to open the 5223 and 2195 open to all of 17.0.0.0 as a workaround.

Top

Who is online?

There are currently 0 admins, 0 users and 48 guests online. Connected users: .

Recent Activity