Product Documentation

Opening Ports for the XenMobile Solution

Oct 25, 2013

To allow devices and apps to communicate with each XenMobile component, you need to open ports in your firewall. The following tables define the ports you need to open.

Opening Ports for NetScaler Gateway and App Controller

You need to open the following ports to allow user connections from Worx Home, Receiver, or the NetScaler Gateway Plug-in through NetScaler Gateway to App Controller, StoreFront, XenDesktop, the XenMobile NetScaler Connector (XNC) and to other internal network resources, such as intranet web pages.

TCP port Description Source Destination
21 Open this port to send support bundles to an FTP server. App Controller FTP server
22 Transfer logs from App Controller and a network server. App Controller Network server
53 DNS. NetScaler Gateway DNS server
80 NetScaler Gateway passes the VPN connection to the internal network resource through the second firewall. Typically occurs if users log on with the NetScaler Gateway Plug-in. NetScaler Gateway

Intranet web sites

80 or 8080 The XML and STA port that does enumeration, ticketing, and authentication.

Citrix recommends using port 443.

XML network traffic - StoreFront or Web Interface

STA - NetScaler Gateway

XenDesktop or XenApp
443
443 Communication required for Callback URL. App Controller NetScaler Gateway
123 Network Time Protocol (NTP) services. NetScaler Gateway NTP server
389 Unsecure LDAP connections. NetScaler Gateway LDAP authentication server or Active Directory
443 Connections to StoreFront from Receiver or Receiver for Web that provides access to Windows-based applications and virtual desktops hosted in XenApp and XenDesktop. Internet NetScaler Gateway
Connections to App Controller for web, mobile, and SaaS application delivery. Internet NetScaler Gateway
514 Connection between App Controller and a syslog server. App Controller Syslog server
636 Secure LDAP connections. NetScaler Gateway LDAP authentication server or Active Directory
1494 Connections to Windows-based applications in the internal network by using the ICA protocol. Citrix recommends keeping this port open. NetScaler Gateway XenApp or XenDesktop
1812 RADIUS connection. NetScaler Gateway RADIUS authentication server
2598 Connections to Windows-based applications in the internal network by using session reliability. Citrix recommends keeping this port open. NetScaler Gateway XenApp or XenDesktop
3268 Microsoft Global Catalog unsecure LDAP connections. NetScaler Gateway LDAP authentication server or Active Directory
3269 Microsoft Global Catalog secure LDAP connections. NetScaler Gateway LDAP authentication server or Active Directory
9080 NetScaler communicates with the XNC. This port is for HTTP traffic. NetScaler XNC
9443 NetScaler communicates with the XNC. This port is for HTTPS traffic. NetScaler XNC
9736 Communication between two App Controller VMs deployed as a high availability pair. App Controller App Controller

Opening XenMobile MDM Ports

You need to open the following ports to allow XenMobile MDM to communicate in your network.

TCP port Description Source Destination
25 By default, the Device Manager SMTP configuration of the notification service uses this port. If your SMTP server uses a different port, make sure your firewall does not block that port. XenMobile MDM SMTP server
80 or 443 MDM server Enterprise App Store connection to Apple iTunes App Store (ax.itunes.apple.com) or to Google Play. Used for publishing iTunes App Store or Google Play apps from the available app store from within the Device Manager web console and Citrix Mobile Self-Serve on the iOS device or Worx Home for Android. Citrix Mobile Self-Serve is available when iOS devices enroll in Device Manager. XenMobile MDM Apple iTunes

App Store

(ax.itunes.apple.com)

80 or 443 XenMobile Device Manager Nexmo SMS Notification Relay outbound connection. XenMobile MDM Nexmo SMS Relay Server
389 Unsecure LDAP connections. XenMobile MDM LDAP authentication server or Active Directory
443 Enrollment and agent setup for Android and Windows Mobile. Internet XenMobile Device Manager Server
Enrollment and agent setup for Android and Windows Mobile, the Device Manager web console, and MDM Remote Support Client. Internal local area network (LAN) and Wi-Fi
1433 Remote database server connection to a separate SQL server (optional). XenMobile MDM SQL Server
2195 Apple Push Notification Service (APNS) outbound connection to gateway.push.apple.com that is used for iOS device notifications and device policy push. XenMobile MDM Internet (Apple APNS Service Hosts using the public IP address 17.0.0.0/8)
2196 APNS outbound connection to feedback.push.apple.com that is used for iOS device notification and device policy push.
5223 APNS outbound connection from iOS devices that connect through Wi-Fi networks to *.push.apple.com. iOS device on Wi-Fi network service Internet (Apple APNS Service Hosts using the public IP address 17.0.0.0/8)
8443 Enrollment for iOS devices only. Internet XenMobile MDM
LAN and Wi-Fi