FileWave General Info

FileWave Components

In this section, we will describe the key FileWave components:

FileWave Server

The FileWave Server is the central repository hosting every file to be delivered to Clients. It consists of five processes and a web server. The first process interacts with logged-in Administrators. The second process services incoming requests from Clients and Boosters. The third process interacts with a directory server through LDAP. The fourth process communicates with Apple and Microsoft software update servers to download the current lists of available software updates. The fifth process is the Postgres database service for Inventory and MDM. Finally, the web server is the FileWave MDM Server; it handles Mobile Device Management (MDM) components. Detailed information on setting up the FileWave server is covered in Chapter 2 of this manual.

FileWave Central application

The FileWave Central application is the primary interface to the FileWave Server. The FileWave Admin displays different views that give a representation of the FileWave Server's database. These views are the Dashboard, Clients, Filesets, Associations, Imaging, optional Classroom, iOS Inventory, License Management, Boosters, and Inventory Queries views. FileWave Admin also acts as the unified management console for creating and administering FileWave administrator accounts; network imaging for the Imaging Appliance; managing Apple DEP and VPP associations; system software updates for iOS 9+, OS X (macOS) and Windows; and overall management of all devices and Filesets. Multiple instances of the FileWave Admin application can be in use at the same time with specific devices, Groups and Filesets assigned to various administrator accounts. Detailed information on configuring and using the FileWave Admin application is in Chapter 2 of this manual.

FileWave Anywhere

The FileWave Web Console is an Inventory tool designed to help with quick FileWave inventory references for specific clients in your server. Within the Web Console you will be able to view all devices currently enrolled, their Filesets, installed applications, users who have logged in, what groups they are apart of, and in the case of MDM enrolled Apple devices the command history. For more information please visit the page linked here.

FileWave Client (macOS and Windows)

The FileWave Client has two processes, fwcld and fwGUI. The first runs as a Launch Daemon on macOS and as a service on Windows. This means it runs in the background without any user interface. The client starts automatically after being installed and each time the computer boots. The fwcld process always runs with root (Mac) or local system (Win) privileges to allow for maximum access by any management operations. The second process, fwGUI, handles user interaction with the client, such as asking the client to quit open applications and informing them of the status when activating Filesets that require rebooting. The fwGUI process is what provides the Kiosk / self-service functionality. The Imaging Virtual Server (IVS) contains a modified version of the fwcld for reporting its status back to the FileWave Admin. Chapter 4 of this manual covers the installation and configuration of the FileWave client.


FileWave's patented Fileset technology provides the ability to distribute applications, content, and management settings at the file level. While FileWave supports distribution of the standard .pkg and .msi packages, its capability to distribute individual files, application bundles, content, and management profiles allows for a level of granular control missing from other client management solutions. Filesets can be distributed to clients and cached for activation at a later date; a process that provides maximum scalability and control over the deployment cycle.

When a Fileset is distributed, it is protected from network outages. If there is an interruption in the transmission, FileWave will resume the distribution as soon as the network is restored. Filesets can also be modified after distribution. If any portion of the Fileset is modified by the administrator, only that specific portion of the Fileset is sent out to the associated clients. This process greatly reduces the network traffic. Another feature is the ability to deploy content and roll back to the previous version of that item if there is a problem with the deployed item. Self-healing functionality allows a Fileset to automatically repair itself if the end user deletes a portion of the payload. Chapter 5 of this manual covers the creation, configuration, distribution, and management of Filesets.

Self-service Kiosk

FileWave's self-service Kiosk provides the ability to allow end users access to content with their own device. In a BYOD deployment, you could post institutionally owned applications, documents, and updates for the end users to install at their convenience. In most of the deployment models, you can assign custom application sets to Groups as needed. Users do not need to be local administrators in order to install applications or content. End users can be provided with new applications, updates, documents, and other key content needed. The end user also has the option of un-installing that same content to free up space as needed. Use and configuration of the Kiosk is covered in Chapter 4.


The FileWave Booster is designed to act as a Fileset caching device for computer clients assigned to it as well as as to handle all Client-Server communications. Unlimited Boosters are allowed, regardless of license count or type. The FileWave Boosters allow administrators to increase the speed and scale of the Server's distribution of Filesets to Clients as well as offloading the overhead for constantly opening sockets for Client communications. When a set of Clients are connected to a Booster, their total network load on the Server will be roughly equivalent to a single Client connecting directly to the Server from that location. The use of Boosters can benefit remote sites with bandwidth constraints by providing a focused, local target for Clients as well as a single point of distribution from upstream.

Boosters are designed to work with Windows, OS X (macOS), and Android clients. iOS clients do not have the ability to use a Booster for cached Filesets, but they can utilize a Mac caching server, part of macOS that runs just fine on a Mac mini. 

Imaging Virtual Server (IVS)

The FileWave Imaging Virtual Server is a standalone Linux container (CentOS) that you can download from the Support site and run on any device that supports a Virtual Machine application, such as VMware™. The IVS provides NetBoot and PXEboot services. Storage for network images for Mac and Windows, as well as Windows Drivers images is now on the FileWave server. FileWave Admin provides the management console for associating network images with designated client computers. 


FileWave provides an integrated Dashboard displaying a snapshot of the current status of the FileWave infrastructure. The Dashboard can be "torn off" to run on a separate display, and you can copy the URL of the Dashboard to provide to another systems administrator for viewing on their own device, including on a tablet. The information posted includes the status of all major services, such as DEP, VPP, and LDAP; account sync status; server performance status; and server licenses; plus much more.

How does FileWave work?

FileWave is a combination of tools and services integrated through a common administrative application front end. Since the FileWave Admin application is multi-platform, using Apple's macOS and Microsoft Windows, a systems administrator is not limited to a single platform for day-to-day lifecycle management. The FileWave basic workflow involves the 'push-pull' interaction between the FileWave Admin, FileWave server, and FileWave clients.

A FileWave administrator creates a Fileset which resides on the FileWave Server. Filesets contain applications, images, profiles, books, settings, or other content are associated with client devices. The FileWave Client is sent a Manifest that identifies a new Fileset. The Client then requests the Fileset, that may be cached at a FileWave Booster in order to provide better scalability. A basic FileWave configuration consists of a single administrator connecting to a FileWave Server to manage and maintain a set of clients. Multiple administrators may be in use, as well as Boosters to decrease network load by distributing Filesets closer to the client systems as well as, with FileWave handling all Client-Server communications, with the exception of inventory. Each of the major components is described in the following section.

To learn more you can review the Evaluation Guide or video our video based intro course FileWave Foundry: Onboarding Videos

Default TCP and UDP Port Usage

FileWave software uses the below-listed TCP/IP ports. These are default settings and may be configured to listen on different ports if required. Consider FileWave Server should not have IPv6 enabled for the best experience.

Port Testing

Please consider downloading the FileWave Port Testing macOS/Windows utility to confirm communication of Google Cloud Messaging, Apple Push Notifications and connectivity between device network(s) and Server/Boosters.

The following may be run from the server to confirm Apple, Microsoft, and FileWave services:

Server Command Line

sudo /usr/local/filewave/python/bin/python /usr/local/filewave/django/manage.pyc check_connections

TeamViewer Ports

TeamViewer has an additional set of ports to consider:

FileWave Server Ports

MDM default port is now 20445 as shown throughout this KB. On older versions of FileWave, this was 20443. To confirm the defined port, check the Port setting in FileWave Central > Preferences > Mobile > MDM Server > Port

Server Ports Service Protocol Server In/Out Description
80 HTTP TCP Outgoing

FileWave Software Updates ( & ***

443 HTTPS TCP Outgoing FileWave License Server ( &

FileWave Software Updates ( ***

FileWave/TeamViewer Session Server (

FileWave/TeamViewer Push Notification Server (

443 HTTPS TCP Incoming FileWave Anywhere
API endpoints - Anywhere API (v2 API)
20015 Proprietary TCP Incoming FileWave Client to Server; Legacy but should be used as the port by the Agent. SSL traffic will run on 20017.
20016 SSL TCP Incoming FileWave Central to Server
20017 SSL TCP Incoming FileWave Client to Server: Secure (used after connecting on 20015)
20019 SSL TCP Incoming Booster to Server: Priority Traffic
20022 SSL** TCP Incoming FileWave Central to Server: NATS


FileWave Client to Server: NATS

IVS to Server: NATS

20023 SSL** TCP Incoming FileWave Booster to Server: NATS
20124 SSL TCP Incoming FileWave Server JSON Websockets (JWT) Websocket connections for NATS SERVER used between FW Anywhere and FW Server. (Added 14.10.0)
20441 Proprietary TCP Incoming FileWave Client to Server: Remote Client Monitor
20443 HTTPS TCP Incoming FileWave Client to Server: Profiles

Booster to Server: Inventory/Discovery
API endpoints - Command Line API (v1)

20445 HTTPS TCP Incoming FileWave Client to Server: Inventory

Booster to Server: Inventory/Discovery
API endpoints - Command Line API (v1)

20446 HTTPS TCP Incoming FileWave Central and FileWave Anywhere to Dashboard

* NATS includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications
** Only encrypted when compatibility mode is disabled
*** Also used by FileWave Central to vendor Software Update Servers.

FileWave Client Ports

Client Ports Service Protocol In/Out Description

FileWave Kiosk ( * )

20010 Proprietary TCP In FileWave Central to Client: Client Monitor: macOS, Windows & Android APK


FileWave Booster Ports

Booster Ports Service Protocol Server In/Out Description
20013 Proprietary TCP Incoming FileWave Client to Booster; legacy (used for configuration only)
20014 SSL TCP Incoming FileWave Client to Booster: Secure (Booster Priority fallback)
20018 SSL TCP Incoming Booster to Booster: Priority Traffic
20026 SSL TCP Incoming FileWave Client to Booster connections using NATS Server

† NATS includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications
† Only encrypted when compatibility mode is disabled