Default TCP and UDP Port Usage

FileWave software uses the below-listed TCP/IP ports. These are default settings and may be configured to listen on different ports if required. Consider FileWave Server should not have IPv6 enabled for the best experience.

Port Testing

Please consider downloading the FileWave Port Testing macOS/Windows utility to confirm communication of Google Cloud Messaging, Apple Push Notifications and connectivity between device network(s) and Server/Boosters.

The following may be run from the server to confirm Apple, Microsoft, and FileWave services:

Server Command Line

sudo /usr/local/filewave/python/bin/python /usr/local/filewave/django/manage.pyc check_connections

TeamViewer Ports

TeamViewer has an additional set of ports to consider:

https://community.teamviewer.com/English/kb/articles/4139-ports-used-by-teamviewer

FileWave Server Ports

MDM default port is now 20445 as shown throughout this KB. On older versions of FileWave, this was 20443. To confirm the defined port, check the Port setting in FileWave Central > Preferences > Mobile > MDM Server > Port

The ports in this table are listed from the FileWave Server’s perspective, so the “Server In/Out” column indicates the direction of traffic relative to the Server.

Server Ports	Service	Protocol	Server In/Out	Description
80	HTTP	TCP	Outgoing	FileWave Software Updates (apple.com & microsoft.com) ***
443	HTTPS	TCP	Outgoing	* FileWave License Server (fwks.filewave.com & logstash.filewave.com) * FileWave Software Updates (apple.com) *** * FileWave/TeamViewer Session Server (rcs.filewave.com) * FileWave/TeamViewer Push Notification Server (fwpn.filewave.com) * FileWave Kiosk ( *.filewave.cloud ) * FileWave AutoPkg integration (le7bqzikha.execute-api.us-east-1.amazonaws.com) * FileWave Software Updates (apple.com & microsoft.com) ***
443	HTTPS	TCP	Incoming	* API endpoints - Anywhere API (v2 API) * Device to Server (Enrollment URL) - Google/Azure/Okta
20015	Proprietary	TCP	Incoming	DO NOT OPEN FileWave Client to Server; Legacy, but should be configured only. SSL traffic will run on 20017.  (Removed in FileWave 15.4+) Server no longer listens on this port.
20016	SSL	TCP	Incoming	FileWave Central to Server
20017	SSL	TCP	Incoming	FileWave Client to Server: Secure Set port 20015, not 20017, in Client Configuration
20019	SSL	TCP	Incoming	Booster to Server: Priority Traffic
20022	SSL	TCP	Incoming	FileWave Central to Server: NATS   FileWave Client to Server: NATS IVS to Server: NATS
20023	SSL	TCP	Incoming	FileWave Booster to Server: NATS
20124	SSL	TCP	Incoming	FileWave Server JSON Websockets (JWT)  Websocket connections for NATS SERVER used between FW Anywhere and FW Server.
20441	Proprietary	TCP	Incoming	FileWave Client to Server: Remote Client Monitor
20443	HTTPS	TCP	Incoming	* FileWave Client to Server: Inventory * Apple Devices to Server: Inventory, Profiles, DDM, MDM * Android Devices to Server: Companion App * Chromebook to Server: Inventory * Booster to Server: Inventory/Discovery * API endpoints - Command Line API (v1) * App Portal to Server * FileWave Central and FileWave Anywhere to Dashboard
20445	HTTPS	TCP	Incoming
20446	HTTPS	TCP	Incoming	DO NOT OPEN FileWave Central and FileWave Anywhere to Dashboard (Removed in FileWave 16.0+) Server no longer listens on this port.

NATS includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications
*** Also used by FileWave Central to vendor Software Update Servers.

Configuring port 20015 also automatically configures SSL port; 20017 [port entered +2].  20015 is now deprecated and 20017 will be used where 20015 is set.  Open port 20017 alone for Client communication.

FileWave Kiosk Ports

The ports in this table are listed from the Kiosk on the Client's perspective, so the “In/Out” column indicates the direction of traffic relative to the macOS or Windows Kiosk running there.

Kiosk Ports	Service	Protocol	In/Out	Description
443	HTTPS	TCP	Out	Devices to *.filewave.cloud (To download the Kiosk App)
20443	HTTPS	TCP	Out	Devices to FileWave Server
20445	HTTPS	TCP	Out	Devices to FileWave Server

FileWave Client Ports

The ports in this table are listed from the FileWave Client's perspective, so the “In/Out” column indicates the direction of traffic relative to the macOS or Windows Client.

Client Ports	Service	Protocol	In/Out	Description
443	HTTPS	TCP	Out	FileWave Software Updates (apple.com & microsoft.com) ***
20010	Proprietary	TCP	In	DO NOT OPEN FileWave Central to Client: Client Monitor: macOS, Windows & Android APK (Removed in FileWave 16) Client no longer listens on this port.

*** Also used by FileWave Central to vendor Software Update Servers.

FileWave Booster Ports

The ports in this table are listed from the Booster's perspective, so the “In/Out” column indicates the direction of traffic relative to the Booster.

Booster Ports	Service	Protocol	In/Out	Description
443	HTTPS	TCP	Out	FileWave Software Updates (microsoft.com) ***
20013	Proprietary	TCP	Incoming	DO NOT OPEN FileWave Client to Booster; legacy, but should be configured only. SSL traffic will run on  20014. Booster no longer listens on this port.
20014	SSL	TCP	Incoming	FileWave Client to Booster: Secure (Booster Priority fallback)  Set port 20013, not 20014, in Booster Configuration
20018	SSL	TCP	Incoming	Booster to Booster: Priority Traffic
20026	SSL	TCP	Incoming	FileWave Client to Booster connections using NATS Server
20030	SSL	TCP	Incoming	FileWave Client to Booster for Windows OS updates

NATS includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications
*** Also used by FileWave Central to vendor Software Update Servers.

Configuring port 20013 also automatically configures SSL ports; 20014 [port entered +1] and 20018 [port entered + 5].  20013 is now deprecated and 20014 will be used where 20013 is set.  Open port 20014 alone for Client to Booster communication.  Open ports 20014 and 20018 for Booster to Booster communication.

Booster should be able to connect with Microsoft OS Updates URL, if using FileWave to manage Windows Software Updates.

Apple MDM Ports

The ports in this table are listed from the FileWave Server’s perspective, so the “Server In/Out” column indicates the direction of traffic relative to the Server and these ports are specifically those needed to manage Apple devices. Apple devices will also need to reach the Apple servers on 17.0.0.0/8.

Apple MDM Ports	Service	Protocol	Server In/Out	Description
443	HTTPS	TCP	Outgoing	FileWave Server to Apple's servers (17.0.0.0/8) FileWave Admin to iTunes, DEP & VPP (17.0.0.0/8) Device to iTunes, DEP & VPP (17.0.0.0/8)
443	HTTPS	TCP	Incoming	VPP v2 Notifications from Apple
5223	APNS	TCP	Outgoing	FileWave Server to Apple's servers (17.0.0.0/8)
20443	HTTPS	TCP	Incoming	Device to Server: Profiles & MDM
20445	HTTPS	TCP	Incoming	FileWave Central to Server

Android EMM Ports

The ports in this table are listed from the FileWave Server’s perspective, so the “Server In/Out” column indicates the direction of traffic relative to the Server and these ports are specifically those needed to manage Android devices. Android devices will also need to reach the Google's servers.

Android EMM Ports	Service	Protocol	Server In/Out	Description
443	HTTPS	TCP	Outgoing	Server to EMM commands (androidmanagement.googleapis.com) Device to Activation servers (*.clients.google.com) Device to Play Store (play.google.com) EMM commands (androidmanagement.googleapis.com) FileWave Central to Play Store (play.google.com)
20016	SSL	TCP	Incoming	FileWave Central to Server
20445	HTTPS	TCP	Incoming	FileWave Central to Server: Inventory Companion App to Server: Location Tracking

Chromebook Ports

The ports in this table are listed from the FileWave Server’s perspective, so the “Server In/Out” column indicates the direction of traffic relative to the Server and these ports are specifically those needed to manage Google Chromebook devices. Chromebook devices will also need to reach the Google's servers.

Chromebook Ports	Service	Protocol	Server In/Out	Description
443	HTTPS	TCP	Outgoing	Server to Chrome API Chromebook to Chrome API (www.googleapis.com)
20016	SSL	TCP	Incoming	FileWave Central to Server
20445	HTTPS	TCP	Incoming	FileWave Central to Server Chromebook Inventory Extension to Server

Windows MDM Ports

The ports in this table are listed from the FileWave Server’s perspective, so the “Server In/Out” column indicates the direction of traffic relative to the Server and these ports are specifically those needed to manage Windows MDM devices. Windows devices will also need to reach the Microsoft's servers.

Windows MDM Ports	Service	Protocol	Server In/Out	Description
443	HTTPS	TCP	Incoming	Device to Server (Enrollment URL)
443	HTTPS	TCP	Outgoing	Server to Windows MDM (*.azure.com) Device to Windows MDM (*.azure.com)

NOTE: The FileWave client will also be installed and all previously listed FileWave client ports are required.

FileWave IVS Ports

IVS Ports	Service	Protocol	From	To	Notes	Open port on...
67	DHCP	UDP	Client	IVS	‡‡	IVS
69	TFTP	UDP	Client	IVS	‡‡	IVS
80	HTTP	TCP	Client	IVS		IVS
111	NFS	TCP/UDP	Client	IVS	‡	IVS
4011	DHCP	UDP	Client	IVS	UEFI PXE‡‡	IVS
2049	NFS	TCP/UDP			DO NOT OPEN Client to IVS‡ (Removed in FileWave 15.5+)	IVS
20015	Proprietary	TCP			DO NOT OPEN IVS to Server (Removed in FileWave 15.4+)	Server
20016	SSL	TCP	IVS	Server		Server
20017	SSL	TCP	IVS	Server		Server
20022	SSL	TCP	IVS	Server	NATS	Server
20443	HTTPS	TCP	IVS	Server	Inventory	Server
20444	HTTPS	TCP	Server	IVS	Non Hosted Only	IVS
			Client	IVS
				IVS	IVS Django
20490	VPN	TCP/UDP	Client	IVS	‡	IVS
20445	HTTPS	TCP	IVS	Server	Inventory	Server

‡ TCP/IP & UDP
‡‡ UDP only