Mobile device configuration (Wi-Fi requirements)
Wi-Fi
requirements)The port requirements in this section are for mobile devices to connect to the
BlackBerry Infrastructure
. These addresses and ports may not be required by the BlackBerry UEM
server components. For example, in a typical Wi-Fi
network setup, connectivity to the internet on port 443 is allowed, but connectivity to APNs may be blocked.Mobile devices managed by
UEM
also have specific connectivity requirements. Whether the device is attempting a connection over the mobile network or a Wi-Fi
network, the port requirements must be met.<region>
represents a unique region code depending on the EULA selected during installation. For example, if Canada was selected, then <region>
is ca. To find a specific country code, see the ISO Standard.OS or service | TCP port | Protocol | Domain |
|---|---|---|---|
iOS Android | 443 | HTTPS/TLS 1 | <region> .bbsecure.com |
iOS | 5223 | TCP | gateway.push.apple.com |
EMM/ Google APIs2 | 443 | TCP | android.apis.google.com |
Google
Play 2 | TCP/443 TCP UDP/5228-5230 | TCP, UDP | play.google.com googleusercontent.com google-analytics.com gstatic.com android.com gvt1.com gvt2.com ggpht.com |
Google authentication2 | 443 | TCP | accounts.google.com |
Google Cloud Messaging2 | TCP/443,5228-5230, 5235,5236 | TCP | gcm-http.googleapis.com, gcm-xmpp.googleapis.com android.googleapis.com |
Google Firebase Cloud Messaging 2 | TCP/443,5228-5230 | TCP | fcm.googleapis.com www.googleapis.com oauth2.googleapis.com fcm-xmpp.googleapis.com |
Google certificate revocation2 | 443 | TCP | pki.google.com clients[1-9].google.com |
Android (Android Enterprise /Samsung Knox ) | 443 | TCP | <region> .turnd.bbsecure.com |
BlackBerry
Dynamics apps | 49152 | TCP | gdmdc.good.com For March 2025 and later: prod.dynamics.blackberry.com prod-mdc.dynamics.blackberry.com |
BlackBerry
Dynamics apps | 443 | TCP | gdmdc.good.com For March 2025 and later: prod.dynamics.blackberry.com prod-mdc.dynamics.blackberry.com |
BlackBerry
Dynamics apps (Access Desktop macOS and Windows only) | 15000 | TCP | gdrelay.good.com |
BlackBerry
Dynamics apps (Access Desktop macOS and Windows only) | 443 | TCP | gdrelay.good.com |
BlackBerry
Dynamics apps | 443 | TCP | <region> .bbsecure.com |
BlackBerry
Dynamics apps | 443 | TCP | gdweb.good.com For March 2025 and later: prod.dynamics.blackberry.com prod-mdc.dynamics.blackberry.com |
BlackBerry
Dynamics apps | 443 | TCP | gdentgw.good.com For March 2025 and later: prod.dynamics.blackberry.com prod-mdc.dynamics.blackberry.com |
BlackBerry Analytics 3 | 443 | TCP | analytics.blackberry.com receiver.analytics.blackberry.com |
BlackBerry UEM Client | 443 | HTTPS | discoveryservice.blackberry.com |
BlackBerry Android certificate server | 80 | HTTP | pki.services.blackberry.com |
CylancePROTECT | 443 | HTTPS | score.cylance.com |
BlackBerry Enterprise Identity | 443 | HTTPS | idp.blackberry.com |
1
In addition to standard HTTPS traffic, UEM
components may also need to make an HTTP CONNECT and HTTP OPTIONS call on port 443. Because some firewalls are configured to block non-HTTPS traffic detected on port 443, this traffic may need to be explicitly allowed. Similarly, some firewalls incorrectly recognize TLS traffic on port 3101 as nonstandard and block the traffic. Ensure that necessary allow lists are in place on your firewall or other network appliances. 2
When using Samsung Knox
with BlackBerry Secure Connect Plus
, all device traffic, including HTTP and TCP traffic, is redirected to the UEM
server. The device-side TCP ports must be allowed from the UEM
server. For more information, visit KB 46317.3
To open the firewall to specific IP addresses, for analytics.blackberry.com use 74.82.73.148, and for receiver.analytics.blackberry.com use 74.82.73.149.