Currently, we are able to create configuration profiles and have them pushed to computers outside of the network but not to computers that are on our internal network. I assume that this means that we have an issue with APNs connecting to our internal computers. Anyone know what we would need to unblock on our firewall for this to work?
Question
APN issue
+8
+8I do currently allow all traffic to all internal clients from any external address from TCP ports 5223, 2195 and 2196 for testing purposes, so it should work as long as those are the ports used.
+21Every client needs to be able to reach the JSS over 8443. They also need to be able to reach Apple (17.0.0.0/8) over 5223. The JSS needs to be able to reach Apple over 2195 and 2196.
With push notifications, clients have to make an outbound connection which then persists and data from Apple comes back down the open pipe. It's possible that your corporate firewall allows outbound traffic, but blocks what is called established traffic. Both need to work for push notifications.
+15Unable to use Apple Push Notification service (APNs)
http://support.apple.com/kb/TS4264
This is a great tool for trouble shooting APNS from the server.
http://twocanoes.com/push-diagnostics/
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.