Default TCP and UDP Port Usage

As of March 2021, Apple are deprecating APNs ports 2195/2196. To continue to use Apple MDM services afterwards, FileWave server must be a minimum of FileWave 13, which uses port 443 for APNs communication.

https://support.apple.com/en-gb/HT203609

FileWave software uses the below listed TCP/IP ports. These are defaults settings and may be configured to listen on different ports if required.

FileWave 14.0 changes are highlighted in green

Port Testing

Please consider downloading the FileWave Port Testing macOS/Windows utility to confirm communication of Google Cloud Messaging, Apple Push Notifications and between the device network(s) and Server/Boosters.

The following may be run from the server to confirm Apple, Microsoft and FileWave services:

Server Command Line

sudo /usr/local/filewave/python/bin/python /usr/local/filewave/django/manage.pyc check_connections

Default Port 20445

MDM default port is 20445 as shown throughout this KB. On older versions of FileWave this was 20443. To confirm the defined port, check the Port setting in FileWave Admin > Preferences > Mobile > MDM Server > Port

Topology Diagrams

Server Ports	Protocol/Service	Server In/Out	Description
80	HTTP	Outgoing	FileWave Software Updates (apple.com & microsoft.com)
443	HTTPS	Outgoing	FileWave License Server (fwks.filewave.com & logstash.filewave.com) FileWave Software Updates (apple.com)
20015	Proprietary	Incoming	FileWave Client to Server (Will be deprecated in a future release)
20016	SSL	Incoming	FileWave Admin to Server
20017	SSL	Incoming	FileWave Client to Server: Secure (replaces 20015)
20019	SSL	Incoming	Booster to Server: Priority Traffic
20030	VNC	Incoming	FileWave Client to Server: Remote Control Data
20005	SSL**	Incoming	FileWave Client to Server: ZeroMQ* FileWave Admin to Server: ZeroMQ* (Optional before v14 for Mobile Client only installs; mandatory since v14+) Booster to Server: ZeroMQ*
20006	SSL**	Incoming	FileWave Client to Server: ZeroMQ* FileWave Admin to Server: ZeroMQ* (Optional before v14 for Mobile Client only installs; mandatory since v14+) Booster to Server: ZeroMQ*
19995	Local Only	Incoming	Server local loop: Internal Messaging Publishing
20441	Proprietary	Incoming	FileWave Client to Server: Remote Client Monitor
20443	HTTPS	Incoming	FileWave Client to Server: Profiles Booster to Server: Inventory/Discovery
20445	HTTPS	Incoming	FileWave Client to Server: Inventory Booster to Server: Inventory/Discovery
20446	HTTPS	Incoming	FileWave Admin and Web Admin to Dashboard
* ZeroMQ includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications ** Only encrypted when compatibility mode is disabled
Client Ports	Protocol/Service	Server In/Out	Description
20010	Proprietary		FileWave Admin to Client: Client Monitor: macOS, Windows & Android APK
20020	Local Only		FileWave Client local loopback for fwgui process to fwcld process (Kiosk)^◊
20031	Local Only		FileWave Client local loopback for Remote Control^◊
◊ Listening only, unreachable from network
Apple MDM Ports	Protocol/Service	Server In/Out	Description
443	HTTPS	Outgoing	APNs to Apple's servers (17.0.0.0/8): starting from Version 13.0+
			FileWave Admin to iTunes, DEP & VPP (17.0.0.0/8)
			Device to iTunes, DEP & VPP (17.0.0.0/8)
2195	APNS	Outgoing	APNs to Apple's server (17.0.0.0/8) - Deprecated March 2021, replaced with 2197
2197	APNS	Outgoing	NOT USED BY FILEWAVE. Alternate APNs to Apple's server (17.0.0.0/8) - See port 443
5223	APNS	Outgoing	APNs to Apple's servers (17.0.0.0/8)
20443	HTTPS	Incoming	Device to Server: Profiles & MDM
20445	HTTPS	Incoming	FileWave Admin to Server

Android EMM Ports	Protocol/Service	Server In/Out	Description
443	HTTPS	Outgoing	Server to EMM commands (androidmanagement.googleapis.com)
443	HTTPS		Device to Activation servers (*.clients.google.com), Play Store (play.google.com), EMM commands (androidmanagement.googleapis.com) FileWave Admin to Play Store (play.google.com)
20016	SSL	Incoming	FileWave Admin to Server
20445	HTTPS	Incoming	FileWave Admin to Server: Inventory Companion App to Server: Location Tracking

Chromebook	Protocol/Service	Server In/Out	Description
443	HTTPS	Outgoing	Server to Chrome API
443	HTTPS		Chromebook to Chrome API (www.googleapis.com)
20016	SSL	Incoming	FileWave Admin to Server
20445	HTTPS	Incoming	FileWave Admin to Server
20445	HTTPS		Chromebook Inventory Extension to Server (optional)

Android APK Ports	Protocol/Service	Server In/Out	Description
20015	Proprietary	Incoming	Device to Server (Will be deprecated in a future release)
20016	SSL	Incoming	FileWave Admin to Server
20017	SSL	Incoming	Device to Server: Secure (replaces 20015)
20010	Proprietary		FileWave Admin to Device: Client Monitoring
20443	HTTPS	Incoming	Device to Server
20445	HTTPS	Incoming	FileWave Admin to Server: Inventory
5228-5230	GCM	Outgoing	Server to Google Cloud Messaging
5228-5230	GCM		Device to Google Cloud Messaging

Booster Ports	Protocol/Service	Server In/Out	Description
20018	SSL		Booster to Booster: Priority Traffic
20013	Proprietary	Incoming	FileWave Client to Booster (Will be deprecated in a future release) (Booster Priority fallback)
20014	SSL	Incoming	FileWave Client to Booster: Secure (replaces 20013) (Booster Priority fallback)
20003	SSL^††	Incoming	FileWave Client to Booster: ZeroMQ^†
20003	SSL^††		Booster to Booster: ZeroMQ^†
20004	SSL^††	Incoming	FileWave Client to Booster: ZeroMQ^†
20004	SSL^††		Booster to Booster: ZeroMQ^†
† ZeroMQ includes: Remote Control Publishing, Remote Control Routing, device renaming, revoking device certificates, push notifications †† Only encrypted when compatibility mode is disabled
IVS (Imaging) Ports	Protocol/Service	Server In/Out	Description
67	DHCP		Client to IVS^‡‡
69	TFTP		Client to IVS^‡‡
80	HTTP		Client to IVS
111	NFS		Client to IVS^‡
4011	DHCP		Client to IVS: UEFI PXE^‡
2049	NFS		Client to IVS^‡
20005	SSL	Incoming	IVS to Server: ZeroMQ
20006	SSL	Incoming	IVS to Server: ZeroMQ
20015	Proprietary	Incoming	IVS to Server (Will be deprecated in a future release)
20016	SSL	Incoming	IVS to Server
20017	SSL	Incoming	IVS to Server: Secure (replaces 20015)
20443	HTTPS	Incoming	IVS to Server: Inventory
20444	HTTPS	Outgoing	Server to IVS
20444	HTTPS		Web Admin interface (Appliance only) Client to IVS
20445	HTTPS	Incoming	IVS to Server: Inventory
‡ TCP/IP & UDP ‡‡ UDP only
Engage Ports	Protocol/Service	Server In/Out	Description (Additional communication beyond other standard communication)
443	HTTPS	Outgoing	Server to Engage
443	HTTPS		Client to Engage: (iOS .ipa, macOS .app and Browser)
20445	HTTPS		Engage to server

Boosters

Booster ports 20018 and 20019 introduced in 13.3.1

Configuring port 20015 automatically configures port 20017(SSL). 20017 takes priority if available. Do not configure the Client/Booster to use 20017.

Configuring port 20013 automatically configures port 20014(SSL). 20014 takes priority if available. Do not configure the Client/Booster to use 20014.

Apple and macOS Client Devices

Communication between these components only

Port	Server	Client	Booster	Admin	Kiosk	IVS
67
69
80
111
443
2049
4011
20003
20004
20005
20006
20010
20013
20014
20015
20016
20017
20018
20019
20020
20030
20031
20441
20443
20444
20445
20446

Boosters

Booster ports 20018 and 20019 introduced in 13.3.1. Booster routing relays some client communication through the Booster.

Configuring port 20015 automatically configures port 20017(SSL). 20017 takes priority if available. Do not configure the Client/Booster to use 20017.

Configuring port 20013 automatically configures port 20014(SSL). 20014 takes priority if available. Do not configure the Client/Booster to use 20014.

Apple and macOS Client Devices

Communication between these components only

Port	Server	Client	Booster	Admin	Kiosk	IVS
67
69
80
111
443
2049
4011
20003
20004
20005
20006
20010
20013
20014
20015
20016
20017
20018
20019
20020
20030
20031
20441
20443
20444
20445
20446

macOS

macOS requires FileWave Client

Apple MDM Enrolled Devices

Communication between these components only

Port	Server	Devices	iTunes, DEP & VPP	Admin	APNS
80
443
2197
5223
20016
20443
20445

Boosters

Companion App only required for additional services, e.g Location Tracking.

Android EMM Enrolled Devices

Communication between these components only

Port	Server	Devices	Play	Companion App	EMM	Admin
80
443
20016
20445
5228
5229
5230

Chromebook

Inventory Extensions only required for additional inventory

Chromebook

Communication between these components only

Port	Server	Devices	Play	Companion App	EMM	Admin
443
20016
20445

Android APK

Requires Android APK (Legacy Devices)

Android APK Devices

Communication between these components only

Port	Server	Devices	Google Cloud	Admin
80
443
20016
20443
20445
5228
5229
5230

Devices

Requires devices are configured based upon other topologies necessary

FileWave Engage

Communication between these components only

Port	Server	Devices	Engage Server	Admin	Engage App
443
20005
20016
20443
20445
5228
5229
5230

Space shortcuts

Page tree

Apple and macOS Client Devices

Apple and macOS Client Devices

Apple MDM Enrolled Devices

Android EMM Enrolled Devices

Chromebook

Android APK Devices

FileWave Engage