Porte e protocolli

This section lists the communication details for required and optional network connections.

From the internet to the Sophos Mobile server

Port forwarding, NAT, WAF, Reverse Proxy are supported.

Protocol

Port

Destination

Comment

Optional?

HTTP

80

<Sophos Mobile server>

Forwards to HTTPS port

Yes

HTTPS

443

<Sophos Mobile server>

Access to Sophos Mobile Admin and Sophos Mobile Self Service Portal, device sync, UTM, NAC

From the internal network to the Sophos Mobile server

Protocol

Port

Destination

Comment

Optional?

HTTP

80

<Sophos Mobile server>

Forwards to HTTPS port

Yes

HTTPS

443

<Sophos Mobile server>

Access to Sophos Mobile Admin and Sophos Mobile Self Service Portal, device sync, UTM, NAC

From the Sophos Mobile server to the Internet

Nota A proxy can be used for this traffic. Make sure it can access the APNs servers and keeps the client certificate for services.sophosmc.com intact.

Protocol

Port

Destination

Comment

Optional?

HTTPS with client cert.

443

services.sophosmc.com (85.22.154.49)

For push notifications to Apple (APNs), Microsoft (MPNS, WNS), Android (Baidu Push) devices

HTTPS

443

android.googleapis.com

fcm.googleapis.com/fcm/send

Google Firebase Cloud Messaging for Android devices

APNs with client cert.

443

api.push.apple.com (17.0.0.0/8)

Apple Push Notification service

HTTPS

443

vpp.itunes.apple.com (17.0.0.0/8)

Apple Business Manager

Yes

HTTPS

443

itunes.apple.com (17.0.0.0/8)

Apple app identifier search

HTTPS

443

deviceservices-external.apple.com (17.0.0.0/8)

Apple Activation Lock Bypass for supervised devices

Yes

HTTPS

443

mdmenrollment.apple.com (17.0.0.0/8)

Apple Business Manager

Yes

HTTPS

443

login.live.com

*.notify.windows.com

Windows Push Notification service

HTTPS

443

www.googleapis.com

Android Enterprise

Yes

HTTPS

443

www.google.com/recaptcha/api/siteverify

Google reCAPTCHA service for password reset and token enrollment

HTTPS

443

login.microsoftonline.com

graph.microsoft.com

Intune app protection, federated authentication with Azure AD

Yes

HTTPS

443

login.teamviewer.com

webapi.teamviewer.com

start.teamviewer.com

TeamViewer integration

Yes

HTTPS

443

One of the following Sophos Central regions:

smc-device-if-cloudstation-eu-west-1.prod.hydra.sophos.com

smc-device-if-cloudstation-eu-central-1.prod.hydra.sophos.com

smc-device-if-cloudstation-us-west-2.prod.hydra.sophos.com

smc-device-if-cloudstation-us-east-2.prod.hydra.sophos.com

Migration from Sophos Mobile to Sophos Central

Yes

From the Sophos Mobile server to the following internal hosts

Protocol

Port

Destination

Comment

Optional?

MS SQL

1433

<your database host>

Only if on a different computer than Sophos Mobile

MySQL

3306

SMTP plain

25

<your SMTP host>

Enrollment and maintenance emails

SMTP SSL

465

SMTP TLS

587

LDAP

389

<your LDAP host>

To your directory server

Yes

LDAPS

636

HTTPS

443

<your Exchange server>

For ActiveSync traffic

Yes

HTTPS

443

<your SGN server>

For SGN integration

Yes

From Android devices to the internet

Service

Port

Destination

Comment

Optional?

FCM

5228-5230

Internet

(tutti i blocchi degli IP elencati in ASN 15169 di Google)

Google Firebase Cloud Messaging (FCM).

Gli intervalli di IP cambiano frequentemente. Se si utilizzano restrizioni per gli IP, controllare il documento ASN 15169 almeno una volta al mese.

HTTPS

443

www.googleapis.com

Zero-touch enrollment

Yes

HTTPS

443

*.samsungknox.com

*.secb2b.com

*.samsung.com

Samsung Knox Mobile Enrollment

Yes

HTTPS

443

4.sophosxl.net/lookup

Sophos website classification service. Required for Sophos Intercept X for Mobile Web Filtering.

From iPhones, iPads, and Macs to the internet

Service

Port

Destination

Comment

Optional?

APNs

5223

17.0.0.0/8

Apple Push Notification service for iPhones, iPads, and Macs.

HTTPS

443

mesu.apple.com

Apple service for available iPhone, iPad, and Mac updates.

Yes1

HTTPS

443

push-services.sophosmc.com

Sophos notification service for the Sophos Secure Email iPhone or iPad app.

Yes2

HTTPS

443

4.sophosxl.net/lookup

Sophos website classification service. Required for Sophos Intercept X for Mobile Web Filtering.

From Windows computers to the internet

Service

Port

Destination

Comment

Optional?

HTTPS

443

*.notify.windows.com

*.wns.windows.com

*.notify.live.net

Windows Notification Service (WNS) and Microsoft Push Notification Service (MPNS) for Windows computers.

From Chrome devices to the internet

Service

Port

Destination

Comment

Optional?

FCM

5228-5230

Internet

(tutti i blocchi degli IP elencati in ASN 15169 di Google)

Google Firebase Cloud Messaging (FCM).

Gli intervalli di IP cambiano frequentemente. Se si utilizzano restrizioni per gli IP, controllare il documento ASN 15169 almeno una volta al mese.

HTTPS

443

4.sophosxl.net/lookup

Sophos website classification service. Required for Sophos Chrome Security Web Filtering.

1 If not available, Sophos Mobile has no information about updates. For example, compliance rules regarding mandatory updates have no effect.
2 Required to use Exchange Web Services (EWS) notifications. See Sophos knowledge base article 127137.