PurposeWhen the organization has restricted Internet access to MDM Clients and there is a requirement to allow specific IPs/Domains for MDM Communication, this article can be followed to configure necessary exclusions on Gateway or Firewall devices to allow MDM Communications between MDM Clients and Server. 

This article lists all domains used by MDM Clients to communicate with MDM Server.


Domains to be White Listed for MDM Client – Server Communication:

  1. mdm.api.seqrite.com
  2. s3-ap-southeast-1.amazonaws.com
  3. ELB-API-PUB-Seqrite-1650242996.ap-southeast-1.elb.amazonaws.com
  4. ec2-54-169-179-98.ap-southeast-1.compute.amazonaws.com

 

Domains to be white Listed for MDM Client Definitions Update :

  1. dlupdate.quickheal.com
  2. download.quickheal.com
  3. update-origin2.quickheal.com
  4. pc-b.bitgravity.com
  5. quickheal.pc.cdn.bitgravity.com


Domains to be whitelisted for MDM URL Categorization:

  1. http://prourl.itsecure.co.in:8080
  2. http://encurl.itsecure.co.in:8080
  3. http://klassify.itsecure.co.in:8080
  4. http://prourl.itonlinesecure.in:8080
  5. http://encurl.itonlinesecure.in:8080


Domains to be whitelisted for FCM Communication :

MDM Server uses Google FCM protocol, to talk to MDM Clients to manage MDM Server – Client communication.

Below diagram explains MDM Sever to Client communication :



As this protocol is designed and maintained by Google, it is necessary that MDM Clients has required communication to Google Servers as explained in below documents by Google.

https://firebase.google.com/docs/cloud-messaging/concept-options#ports_and_your_firewall


Note: Being Google managed protocol, Quick Heal does not have direct control on domains, IPs and services/Ports used for Google FCM. Customer needs to ensure that MDM Clients has desired connectivity with Google FCM Servers as recommended by Google.


Domains and Services to be whitelisted for Apple Push Notifications :

MDM Server uses Apple Push Notifications protocol to talk to MDM Clients installed on iOS platforms.  

Following required services to be allowed,

  1. TCP port 5223 to communicate with APNs.
  2. TCP port 443 or 2197 to send notifications to APNs.*
  3. TCP port 443 is required during device activation, and afterwards for fallback (on Wi-Fi only) if devices can't reach APNs on port 5223.


For more information visit, https://support.apple.com/en-us/HT203609


Note: Being Apple managed protocol, Quick Heal does not have direct control on domains, IPs and services/Ports used for Apple Push Notification. Customer needs to ensure that MDM Clients has desired connectivity with Apple Servers as recommended by Apple.


Please get in touch with Seqrite Technical Support Team for more information or any assistance.