- BlackBerry Enterprise Server
- BlackBerry Enterprise Service 10
To establish a connection when the BlackBerry Enterprise Server, BlackBerry Device Service, and Universal Device Service are behind a firewall, verify the following information:
On the firewall, verify that port 3101 is open for outbound initiated, bi-directional Transmission Control Protocol (TCP) traffic.
BlackBerry Enterprise Service 10 has additional firewall configuration requirements (see KB34193).
Use one of the following configurations to specify the ports or host names allowed by the firewall. The configurations are listed from least restrictive to most restrictive:
- If the firewall has the ability to specify acceptable external host names, add blackberry.net and blackberry.com as acceptable sub-domains.
- If the firewall has the ability to specify acceptable external Internet Protocol (IP) addresses, add the following range of IP addresses to the allowed list:
|126.96.36.199 / 24||Netmask = 255.255.255.0|
|188.8.131.52 / 24||Netmask = 255.255.255.0|
|184.108.40.206 / 24||Netmask = 255.255.255.0|
|220.127.116.11 / 20||Netmask = 255.255.240.0|
|18.104.22.168 / 20||Netmask = 255.255.240.0|
|22.214.171.124 / 19||Netmask = 255.255.224.0|
|126.96.36.199 / 20||Netmask = 255.255.240.0|
|188.8.131.52/19||Netmask = 255.255.224.0|
|184.108.40.206 / 19||Netmask = 255.255.224.0|
|220.127.116.11 / 19||Netmask = 255.255.224.0|
|18.104.22.168 / 20||Netmask = 255.255.240.0|
|22.214.171.124 / 23||Netmask = 255.255.254.0|
|126.96.36.199 / 24||Netmask = 255.255.255.0|
|188.8.131.52 / 22||Netmask = 255.255.252.0|
|184.108.40.206 / 21||Netmask = 255.255.248.0|
|220.127.116.11 / 21||Netmask = 255.255.248.0|
- Ideally, complete IP address ranges should be allowed through the firewall.
- If the BlackBerry Enterprise Server is configured in a way that will not allow the use of address ranges, individual IP addresses may be allowed.
The following tables list individual IP addresses for each region.
- If BlackBerry smartphone users connect to BlackBerry Enterprise Servers that are located in multiple regions, then the IP addresses for each region will need to be allowed through the firewall.
- Configure the firewall to allow the IP addresses that are associated with the regional location of the BlackBerry Enterprise Server:
|Asia Pacific Region (APAC) excluding People's Republic of China, but including Hong Kong, Macau and Taiwan|
|Europe, the Middle East, and Africa Region (EMEA)|
|Latin America and the Caribbean|
People's Republic of China only (CN) not including Hong Kong, Macau or Taiwan
|Saudi Arabia and United Arab Emirates|
|United States only (US)|
To verify the connection settings, use the following steps:
- Open the BlackBerry Server Configuration tool.
- Select the BlackBerry Router tab.
Note: Do not specify an IP address in the SRP Address field, because the BlackBerry Enterprise Server may lose the connection if the Server Routing Protocol (SRP) address is updated. The SRP address should appear as xx.srp.blackberry.com, where xx is the region.
To determine the SRP address that the BlackBerry Enterprise Server is using, use the SRP Address Look Up Tool.
By downloading, accessing or otherwise using the Knowledge Base documents you agree:
(b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.