Skip to end of metadata
Go to start of metadata

As of March 2021, Apple are deprecating APNs ports 2195/2196.  To continue to use Apple MDM services afterwards, FileWave server must be a minimum of FileWave 13, which uses port 443 for APNs communication.

https://support.apple.com/en-gb/HT203609


FileWave software uses the below listed TCP/IP ports. These are defaults settings and may be configured to listen on different ports if required.

FileWave 14.0 changes are highlighted in green

Port Testing

Please consider downloading the FileWave Port Testing macOS/Windows utility to confirm communication of Google Cloud Messaging, Apple Push Notifications and between the device network(s) and Server/Boosters.

The following may be run from the server to confirm Apple, Microsoft and FileWave services:

Server Command Line
sudo /usr/local/filewave/python/bin/python /usr/local/filewave/django/manage.pyc check_connections

Default Port 20445

MDM default port is 20445 as shown throughout this KB. On older versions of FileWave this was 20443. To confirm the defined port, check the Port setting in FileWave Admin > Preferences > Mobile > MDM Server > Port

Topology Diagrams

Server PortsServiceProtocolServer In/OutDescription
80HTTPTCPOutgoingFileWave Software Updates (apple.com & microsoft.com)
443HTTPSTCPOutgoing

FileWave License Server (fwks.filewave.com & logstash.filewave.com)

FileWave Software Updates (apple.com)

FileWave/TeamViewer Session Server (rcs.filewave.com)

FileWave/TeamViewer Push Notification Server (fwpn.filewave.com)

443HTTPSTCPIncomingFileWave Web Administrator
20015ProprietaryTCPIncomingFileWave Client to Server (Will be deprecated in a future release)
20016SSLTCPIncomingFileWave Admin to Server
20017SSLTCPIncomingFileWave Client to Server: Secure (replaces 20015)
20019SSLTCPIncomingBooster to Server: Priority Traffic
20030VNCTCPIncomingFileWave Client to Server: Remote Control Data
20005SSL**TCPIncoming

FileWave Client to Server: ZeroMQ*

FileWave Admin to Server: ZeroMQ* (Optional before v14 for Mobile Client only installs; mandatory since v14+)

Booster to Server: ZeroMQ*

20006SSL**TCPIncoming

FileWave Client to Server: ZeroMQ*

FileWave Admin to Server: ZeroMQ* (Optional before v14 for Mobile Client only installs; mandatory since v14+)

Booster to Server: ZeroMQ*

19995Local OnlyTCPIncomingServer local loop: Internal Messaging Publishing
20441ProprietaryTCPIncomingFileWave Client to Server: Remote Client Monitor 
20443HTTPSTCPIncoming

FileWave Client to Server: Profiles

Booster to Server: Inventory/Discovery

20445HTTPSTCPIncoming

FileWave Client to Server: Inventory

Booster to Server: Inventory/Discovery

20446HTTPSTCPIncomingFileWave Admin and Web Admin to Dashboard

* ZeroMQ includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications

** Only encrypted when compatibility mode is disabled

Client PortsServiceProtocolServer In/OutDescription
20010ProprietaryTCP
FileWave Admin to Client: Client Monitor: macOS, Windows & Android APK
20020Local OnlyN/A
FileWave Client local loopback for fwgui process to fwcld process (Kiosk)
20031Local OnlyN/A
FileWave Client local loopback for Remote Control
◊ Listening only, unreachable from network
Apple MDM PortsServiceProtocolServer In/OutDescription
443HTTPSTCPOutgoingAPNs to Apple's servers (17.0.0.0/8): starting from Version 13.0+
TCP
FileWave Admin to iTunes, DEP & VPP (17.0.0.0/8)
TCP
Device to iTunes, DEP & VPP (17.0.0.0/8)
2195APNSTCPOutgoingAPNs to Apple's server (17.0.0.0/8) - Deprecated March 2021, replaced with 2197
2197APNSTCPOutgoingNOT USED BY FILEWAVE.  Alternate APNs to Apple's server (17.0.0.0/8) - See port 443
5223APNSTCPOutgoingAPNs to Apple's servers (17.0.0.0/8)
20443HTTPSTCPIncomingDevice to Server: Profiles & MDM
20445HTTPSTCPIncoming

FileWave Admin to Server


Android EMM PortsServiceProtocolServer In/OutDescription
443HTTPSTCPOutgoing

Server to EMM commands (androidmanagement.googleapis.com)



Device to Activation servers (*.clients.google.com), Play Store (play.google.com), EMM commands (androidmanagement.googleapis.com)

FileWave Admin to Play Store (play.google.com)

20016SSLTCPIncomingFileWave Admin to Server
20445HTTPSTCPIncoming

FileWave Admin to Server: Inventory

Companion App to Server: Location Tracking


ChromebookServiceProtocolServer In/OutDescription
443HTTPSTCPOutgoingServer to Chrome API
TCP
Chromebook to Chrome API (www.googleapis.com)
20016SSLTCPIncomingFileWave Admin to Server
20445HTTPSTCPIncomingFileWave Admin to Server
TCP
Chromebook Inventory Extension to Server (optional)

Android APK PortsServiceProtocolServer In/OutDescription
20015ProprietaryTCPIncomingDevice to Server (Will be deprecated in a future release)
20016SSLTCPIncomingFileWave Admin to Server
20017SSLTCPIncomingDevice to Server: Secure (replaces 20015)
20010ProprietaryTCP
FileWave Admin to Device: Client Monitoring
20443HTTPSTCPIncomingDevice to Server
20445HTTPSTCPIncomingFileWave Admin to Server: Inventory
5228-5230GCMTCPOutgoing

Server to Google Cloud Messaging

TCP
Device to Google Cloud Messaging

Windows MDM PortsServiceProtocolServer In/OutDescription
443HTTPSTCPIncomingDevice to Server (Windows MDM Enrollment URL)
443HTTPSTCPOutgoingServer to Windows MDM
443HTTPSTCP
Device to Windows MDM

NOTE: The FileWave client will also install and all previously listed client ports are also used.


Booster PortsServiceProtocolServer In/OutDescription
20018SSLTCP

Booster to Booster: Priority Traffic

20013ProprietaryTCPIncoming

FileWave Client to Booster (Will be deprecated in a future release) (Booster Priority fallback) 

20014SSLTCPIncomingFileWave Client to Booster: Secure (replaces 20013) (Booster Priority fallback)
20003SSL††TCPIncomingFileWave Client to Booster: ZeroMQ
TCP
Booster to Booster: ZeroMQ
20004SSL††TCPIncomingFileWave Client to Booster: ZeroMQ
TCP
Booster to Booster: ZeroMQ

† ZeroMQ includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications

† Only encrypted when compatibility mode is disabled

IVS (Imaging) PortsServiceProtocolServer In/OutDescription
67DHCPUDP
Client to IVS‡‡
69TFTPUDP
Client to IVS‡‡
80HTTPTCP
Client to IVS
111NFSTCP/UDP
Client to IVS
4011DHCPTCP/UDP
Client to IVS: UEFI PXE
2049NFSTCP/UDP
Client to IVS
20005SSLTCPIncomingIVS to Server: ZeroMQ
20006SSLTCPIncomingIVS to Server: ZeroMQ
20015ProprietaryTCPIncomingIVS to Server (Will be deprecated in a future release)
20016SSLTCPIncomingIVS to Server
20017SSLTCPIncomingIVS to Server: Secure (replaces 20015)
20443HTTPSTCPIncomingIVS to Server: Inventory
20444HTTPSTCPOutgoingServer to IVS
TCP

Web Admin interface (Appliance only)

Client to IVS

20445HTTPSTCPIncomingIVS to Server: Inventory

TCP/IP & UDP

‡‡ UDP only


Boosters

Booster ports 20018 and 20019 introduced in 13.3.1

Configuring port 20015 automatically configures port 20017(SSL). 20017 takes priority if available. Do not configure the Client/Booster to use 20017.

Configuring port 20013 automatically configures port 20014(SSL). 20014 takes priority if available. Do not configure the Client/Booster to use 20014.

Apple and macOS Client Devices

Communication between these components only

PortServerClientBoosterAdminKioskIVS
67
(tick)


(tick)
69
(tick)


(tick)
80(tick)




111
(tick)


(tick)
443(tick)




2049
(tick)


(tick)
4011
(tick)


(tick)
20003
(tick)(tick)


20004
(tick)(tick)


20005(tick)(tick)(tick)(tick)
(tick)
20006(tick)(tick)(tick)(tick)
(tick)
20010
(tick)
(tick)

20013
(tick)(tick)


20014
(tick)(tick)


20015(tick)(tick)(tick)

(tick)
20016(tick)

(tick)
(tick)
20017(tick)(tick)(tick)

(tick)
20018

(tick)


20019(tick)
(tick)


20020
(tick)

(tick)
20030(tick)(tick)



20031
(tick)

(tick)
20441(tick)(tick)



20443(tick)(tick)(tick)

(tick)
20444(tick)(tick)


(tick)
20445(tick)(tick)(tick)(tick)
(tick)
20446(tick)

(tick)

Boosters

Booster ports 20018 and 20019 introduced in 13.3.1. Booster routing relays some client communication through the Booster.

Configuring port 20015 automatically configures port 20017(SSL). 20017 takes priority if available. Do not configure the Client/Booster to use 20017.

Configuring port 20013 automatically configures port 20014(SSL). 20014 takes priority if available. Do not configure the Client/Booster to use 20014.

Apple and macOS Client Devices

Communication between these components only

PortServerClientBoosterAdminKioskIVS
67
(tick)


(tick)
69
(tick)


(tick)
80(tick)




111
(tick)


(tick)
443(tick)




2049
(tick)


(tick)
4011
(tick)


(tick)
20003
(tick)(tick)


20004
(tick)(tick)


20005(tick)(error)(tick)(tick)
(tick)
20006(tick)(error)(tick)(tick)
(tick)
20010
(tick)
(tick)

20013
(tick)(tick)


20014
(tick)(tick)


20015(tick)(error)(tick)

(tick)
20016(tick)

(tick)
(tick)
20017(tick)(error)(tick)

(tick)
20018

(tick)


20019(tick)
(tick)


20020
(tick)

(tick)
20030(tick)(tick)



20031
(tick)

(tick)
20441(tick)(tick)



20443(tick)(tick)(tick)

(tick)
20444(tick)(tick)


(tick)
20445(tick)(tick)(tick)(tick)
(tick)
20446(tick)

(tick)

macOS

macOS requires FileWave Client

Apple MDM Enrolled Devices

Communication between these components only

Port

Server

Devices

iTunes, DEP & VPP

Admin

APNS

80

(tick)



443(tick)(tick)(tick)(tick)(tick)
2197(error)


(error)
5223
(tick)

(tick)
20016(tick)

(tick)
20443(tick)(tick)


20445(tick)

(tick)

Boosters

Companion App only required for additional services, e.g Location Tracking.

Android EMM Enrolled Devices

Communication between these components only

Port

Server

Devices

Play

Companion App

EMM

Admin

80

(tick)




443

(tick)(tick)(tick)(tick)(tick)(tick)

20016

(tick)



(tick)

20445

(tick)



(tick)
5228(tick)




5229(tick)




5230(tick)




Chromebook

Inventory Extensions only required for additional inventory

Chromebook

Communication between these components only

Port

Server

Devices

Play

Companion App

EMM

Admin

443

(tick)(tick)(tick)(tick)(tick)(tick)

20016

(tick)



(tick)

20445

(tick)



(tick)

Android APK

Requires Android APK (Legacy Devices)

Android APK Devices

Communication between these components only

Port

Server

Devices

Google Cloud

Admin

80

(tick)


443

(tick)


20016

(tick)

(tick)
20443(tick)(tick)

20445(tick)

(tick)
5228(tick)


5229(tick)


5230(tick)


Devices

All Windows management requires FileWave Client

* Additional ports may be documented by Microsoft for Azure communication to bind devices to AD

FileWave Windows MDM

Communication between these components only

Port

Server

Devices

Admin

443

(tick)(tick)
20005(tick)(tick)
20016(tick)
(tick)
20443(tick)
(tick)
20445(tick)
(tick)