Firewall Rules and Whitelisting
Zabiualla avatar
Written by Zabiualla
Updated over a week ago

The following need to be allowed through any corporate firewall for the operation of Sine Pro.

  • api.sine.co

  • em.sine.co

  • dashboard.sine.co

  • sinecloud-prod-uploads.s3.ap-southeast-2.amazonaws.com

@sine.co is our business email address, and our service emails come from @em.sine.co. The fixed IP address for our third-party SMTP service is 167.89.68.46.

You need to whitelist both @sine.co and @em.sine.co to allow the operation of Sine.

As Sine uses CloudFlare, the IP addresses of these services are not fixed and may change at any time. Please visit our security page for more information.

We use Apple push notifications for updating the iPad settings, broadcasting messages sent from the dashboard, alerting iPhone users of geofence events and more. If you are having trouble receiving push notifications from Sine, please see this guide.

Additional information

Whitelisting the below ports and services may also be required to ensure the Sine provided iPad can be managed and updated whilst connected to your network

Firewall setup

Ports that may need opening on the firewall to the 17 Class A range (17.0.0.0/8)

  • TCP port 5223 for communication with the APNsM

  • TCP port 443 as a failover access to the APNs if 5223 can’t be accessed

Ports that need opening for MDM access

  • TCP port 2195: sending messages to the APNs

  • TCP port 2196: connection to the APNs for feedbacks

Proxy setup

For Activation

  • albert.apple.com

Validations

  • ppq.apple.com – for corporate apps

  • ocsp.apple.com and ocsp.verisign.net – for certificates

  • evintl-ocsp.verisign.com and evsecure-ocsp.verisign.com – certificates and authentications during device restore and activation

Content download

  • *.phobos.apple.com – iTunes content

  • deimos * .apple.com – iTunes U content

  • *.aaplimg.com – Apple Content Delivery Network

  • *.akamaiedge.net and * .akamaitechnologies.com – content delivery network

  • *.edgesuite.net and * .llnwd.net – content delivery network (cache)

  • *.mzstatic.com – illustrations of the blinds (covers, extracts, icons …)

Updates

  • appldnld.apple.com – firmware iOS

  • ax.itunes.apple.com – searches

  • gs.apple.com – iOS Signature Validation

  • mesu.apple.com – iOS updates

  • su.itunes.apple.com – app updates

iCloud:

  • *.icloud.com

iTunes:

  • itunes.apple.com – iTunes Services

  • buy.itunes.com – validation of credit cards and accounts – metrics.apple.com: statistics

Push:

  • gateway.push.apple.com – sending notification to the APNs

  • feedback.push.apple.com – send feedback to the APNs

  • *-courier.push.apple.com – APNs for all iOS push notifications

Webhooks

The following Sine IPs should be whitelisted when working with webhooks and some Access Control integrations:

"13.55.216.196" 
"52.63.2.142"
"3.105.152.200"
"13.55.196.118"
"13.55.33.1"
"3.105.192.233"
"13.237.31.4"
"13.236.199.231"


Did this answer your question?