Sonicwall Mac App Store

1Install SonicWall Mobile Connect from the Mac App Store. 2Ensure that the Firewall or SMA 100 Series / SRA appliance being used by Mobile Connect is connected to the network. 3Configure network information (server name, username, password, and so on). 4Initiate a connection to the network. ‎Download apps by SonicWall Inc., including SonicWall Mobile Connect, MySonicWALL, SonicWiFi, and many more.

Network administrators can use this information to make sure that Mac computers and other Apple devices can connect to services such as the App Store and Apple's software-update servers.

App

Ports used by Apple products

This is a quick-reference guide showing common examples, not a comprehensive list of ports. This guide is updated periodically with information available at the time of publication.

Some software might use different ports and services, so it can be helpful to use port-watching software when deciding how to set up firewalls or similar access-control schemes.

Some services might use more than one of these ports. For example, a VPN service can use up to four different ports. When you find a product in this list, search (Command-F) in your browser for that name, then repeat your search (Command-G) to locate all occurrences of that product.

Sonicwall

Some firewalls allow selective configuration of UDP or TCP ports with the same number, so it's important to know the type of port you're configuring. For example, NFS can use TCP 2049, UDP 2049, or both. If your firewall doesn't allow you to specify the type of port, configuring one type of port probably configures the other.

PortTCP or
UDP
Service or
protocol name
1
RFC2Service name3Used by
7TCP/UDPecho792echo
20TCPFile Transport Protocol (FTP)959ftp-data
21TCPFTP control959ftp
22TCPSecure Shell (SSH), SSH File Transfer Protocol (SFTP), and Secure copy (scp)4253sshXcode Server (hosted and remote Git+SSH; remote SVN+SSH)
23TCPTelnet854telnet
25TCPSimple Mail Transfer Protocol (SMTP)5321smtp

Mail (sending email); iCloud Mail (sending email)

53TCP/UDPDomain Name System (DNS)1034domain
67UDPBootstrap Protocol Server (BootP, bootps)951bootpsNetBoot via DHCP
68UDPBootstrap Protocol Client (bootpc)951bootpcNetBoot via DHCP
69UDPTrivial File Transfer Protocol (TFTP)1350tftp
79TCPFinger1288finger
80TCPHypertext Transfer Protocol (HTTP)2616httpWorld Wide Web, FaceTime, iMessage, iCloud, QuickTime Installer, Maps, iTunes U, Apple Music, iTunes Store, Podcasts, Internet Radio, Software Update (OS X Lion or earlier), Mac App Store, RAID Admin, Backup, Calendar, WebDAV, Final Cut Server, AirPlay, macOS Internet Recovery, Profile Manager, Xcode Server (Xcode app, hosted and remote Git HTTP, remote SVN HTTP)
88TCPKerberos4120kerberosKerberos, including Screen Sharing authentication
106TCPPassword Server
(unregistered use)
3com-tsmuxmacOS Server Password Server
110TCPPost Office Protocol (POP3),
Authenticated Post Office Protocol (APOP)
1939pop3Mail (receiving email)
111TCP/UDPRemote Procedure Call (RPC)1057, 1831sunrpcPortmap (sunrpc)
113TCPIdentification Protocol1413ident
119TCPNetwork News Transfer Protocol (NNTP)3977nntpApps that read newsgroups.
123UDPNetwork Time Protocol (NTP)1305ntpDate & Time preferences, network time server synchronization, Apple TV network time server sync
137UDPWindows Internet Naming Service (WINS)netbios-ns
138UDPNETBIOS Datagram Servicenetbios-dgmWindows Datagram Service, Windows Network Neighborhood
139TCPServer Message Block (SMB)netbios-ssnMicrosoft Windows file and print services, such as Windows Sharing in macOS
143TCPInternet Message Access Protocol (IMAP)3501imapMail (receiving email)
161UDPSimple Network Management Protocol (SNMP)1157snmp
192UDPOSU Network Monitoring Systemosu-nmsAirPort Base Station PPP status or discovery (certain configurations), AirPort Admin Utility, AirPort Express Assistant
311TCPSecure server administrationasip-webadminServer app, Server Admin, Workgroup Manager, Server Monitor, Xsan Admin
312TCPXsan administrationvslmpXsan Admin (OS X Mountain Lion v10.8 and later)
389TCPLightweight Directory Access Protocol (LDAP)4511ldapApps that look up addresses, such as Mail and Address Book
427TCP/UDPService Location Protocol (SLP)2608svrlocNetwork Browser
443TCPSecure Sockets Layer (SSL or HTTPS)2818httpsTLS websites, iTunes Store, Software Update (OS X Mountain Lion and later), Spotlight Suggestions, Mac App Store, Maps, FaceTime, Game Center, iCloud authentication and DAV Services (Contacts, Calendars, Bookmarks), iCloud backup and apps (Calendars, Contacts, Find My iPhone, Find My Friends, Mail, iMessage, Documents & Photo Stream), iCloud Key Value Store (KVS), iPhoto Journals, AirPlay, macOS Internet Recovery, Profile Manager, Dictation, Siri, Xcode Server (hosted and remote Git HTTPS, remote SVN HTTPS, Apple Developer registration), Push notifications (if necessary)
445TCPMicrosoft SMB Domain Servermicrosoft-ds
464TCP/UDPkpasswd3244kpasswd
465TCPMessage Submission for Mail (Authenticated SMTP)smtp (legacy)Mail (sending mail)
500UDPISAKMP/IKE2408isakmpmacOS Server VPN service
500UDPWi-Fi Calling5996IKEv2Wi-Fi Calling
514TCPshellshell
514UDPSyslogsyslog
515TCPLine Printer (LPR), Line Printer Daemon (LPD)printerPrinting to a network printer, Printer Sharing in macOS
532TCPnetnewsnetnews
548TCPApple Filing Protocol (AFP) over TCPafpovertcpAppleShare, Personal File Sharing, Apple File Service
554TCP/UDPReal Time Streaming Protocol (RTSP)2326rtspAirPlay, QuickTime Streaming Server (QTSS), streaming media players
587TCPMessage Submission for Mail (Authenticated SMTP)4409submissionMail (sending mail), iCloud Mail (SMTP authentication)
600–1023TCP/UDPMac OS X RPC-based servicesipcserverNetInfo
623UDPLights-Out-Monitoringasf-rmcpLights Out Monitoring (LOM) feature of Intel-based Xserve computers, Server Monitor
625TCPOpen Directory Proxy (ODProxy) (unregistered use)dec_dlmOpen Directory, Server app, Workgroup Manager; Directory Services in OS X Lion or earlier
This port is registered to DEC DLM
626TCPAppleShare Imap Admin (ASIA)asiaIMAP administration (Mac OS X Server v10.2.8 or earlier)
626UDPserialnumberd (unregistered use)asiaServer serial number registration (Xsan, Mac OS X Server v10.3 – v10.6)
631TCPInternet Printing Protocol (IPP)2910ippmacOS Printer Sharing, printing to many common printers
636TCPSecure LDAPldaps
660TCPServer administrationmac-srvr-adminServer administration tools for Mac OS X Server v10.4 or earlier, including AppleShare IP
687TCPServer administrationasipregistryServer administration tools for Mac OS X Server v10.6 or earlier, including AppleShare IP
749TCP/UDPKerberos 5 admin/changepwkerberos-adm
985TCPNetInfo Static Port
993TCPMail IMAP SSLimapsiCloud Mail (SSL IMAP)
995TCP/UDPMail POP SSLpop3s
1085TCP/UDPWebObjectswebobjects
1099, 8043TCPRemote RMI and IIOP Access to JBOSSrmiregistry
1220TCPQT Server Adminqt-serveradminAdministration of QuickTime Streaming Server
1640TCPCertificate Enrollment Servercert-responderProfile Manager in macOS Server 5.2 and earlier
1649TCPIP Failoverkermit
1701UDPL2TPl2fmacOS Server VPN service
1723TCPPPTPpptpmacOS Server VPN service
1900UDPSSDPssdpBonjour
2049TCP/UDPNetwork File System (NFS) (version 3 and 4)3530nfsd
2195TCPApple Push Notification Service (APNS)Push notifications
2196TCPApple Push Notification Service (APNS)Feedback service
2197TCPApple Push Notification Service (APNS)Push notifications
2336TCPMobile account syncappleugcontrolHome directory synchronization
3004TCPiSynccsoftragent
3031TCP/UDPRemote AppleEventseppcProgram Linking, Remote Apple Events
3283TCP/UDPNet Assistantnet-assistantApple Remote Desktop 2.0 or later (Reporting feature), Classroom app (command channel)
3284TCP/UDPNet Assistantnet-assistantClassroom app (document sharing)
3306TCPMySQLmysql
3478–3497UDPnat-stun-port - ipether232portFaceTime, Game Center
3632TCPDistributed compilerdistcc
3659TCP/UDPSimple Authentication and Security Layer (SASL)apple-saslmacOS Server Password Server
3689TCPDigital Audio Access Protocol (DAAP)daapiTunes Music Sharing, AirPlay
3690TCP/UDPSubversionsvnXcode Server (anonymous remote SVN)
4111TCPXGridxgrid
4398UDPGame Center
4488TCPApple Wide Area Connectivity Serviceawacs-ice
4500UDPIPsec NAT Traversal4306ipsec-msftmacOS Server VPN service
4500UDPWi-Fi Calling5996IKEv2Wi-Fi Calling
5003TCPFileMaker - name binding and transportfmpro-internal
5009TCP(unregistered use)winfsAirPort Utility, AirPort Express Assistant
5100TCPsocaliamacOS camera and scanner sharing
5222TCPXMPP (Jabber)3920jabber-clientJabber messages
5223TCPApple Push Notification Service (APNS)iCloud DAV Services (Contacts, Calendars, Bookmarks), Push Notifications, FaceTime, iMessage, Game Center, Photo Stream
5228TCPSpotlight Suggestions, Siri
5297TCPMessages (local traffic)
5350UDPNAT Port Mapping Protocol AnnouncementsBonjour
5351UDPNAT Port Mapping Protocolnat-pmpBonjour
5353UDPMulticast DNS (MDNS)3927mdnsBonjour, AirPlay, Home Sharing, Printer Discovery
5432TCPPostgreSQLpostgresqlCan be enabled manually in OS X Lion Server (previously enabled by default for ARD 2.0 Database)
5897–5898UDP(unregistered use)xrdiags
5900TCPVirtual Network Computing (VNC)
(unregistered use)
vnc-serverApple Remote Desktop 2.0 or later (Observe/Control feature)
Screen Sharing (Mac OS X 10.5 or later)
5988TCPWBEM HTTPwbem-httpApple Remote Desktop 2.x
See also dmtf.org/standards/wbem.
6970–9999UDPQuickTime Streaming Server
7070TCPRTSP (unregistered use), Automatic Router Configuration Protocol (ARCP)arcpQuickTime Streaming Server (RTSP)
7070UDPRTSP alternatearcpQuickTime Streaming Server
8000–8999TCPirdmiWeb service, iTunes Radio streams
8005TCPTomcat remote shutdown
8008TCPiCal servicehttp-altMac OS X Server v10.5 or later
8080TCPAlternate port for Apache web servicehttp-altAlso JBOSS HTTP in Mac OS X Server 10.4 or earlier
8085–8087TCPWiki serviceMac OS X Server v10.5 or later
8088TCPSoftware Update serviceradan-httpMac OS X Server v10.4 or later
8089TCPWeb email rulesMac OS X Server v10.6 or later
8096TCPWeb Password ResetMac OS X Server v10.6.3 or later
8170TCPHTTPS (web service/site)

Podcast Capture/podcast CLI

8171TCPHTTP (web service/site)

Podcast Capture/podcast CLI

8175TCPPcast Tunnelpcastagentd (such as for control operations and camera)
8443TCPiCal service (SSL)pcsync-httpsMac OS X Server v10.5 or later (JBOSS HTTPS in Mac OS X Server 10.4 or earlier)
8800TCPAddress Book servicesunwebadminMac OS X Server v10.6 or later
8843TCPAddress Book service (SSL)Mac OS X Server v10.6 or later
8821, 8826
TCPStoredFinal Cut Server
8891TCPldsdFinal Cut Server (data transfers)
9006TCPTomcat standaloneMac OS X Server v10.6 or earlier
9100TCPPrintingPrinting to certain network printers
9418TCP/UDPgit pack transfergitXcode Server (remote git)
10548TCPApple Document Sharing ServiceserverdocsmacOS Server iOS file sharing
11211memcached (unregistered use)Calendar Server
16080TCPWeb service with performance cache
16384–16403UDPReal-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP)connected, —Messages (Audio RTP, RTCP; Video RTP, RTCP)
16384–16387UDPReal-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP)connected, —FaceTime, Game Center
16393–16402UDPReal-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP)FaceTime, Game Center
16403–16472UDPReal-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP)Game Center
24000–24999TCPmed-ltpWeb service with performance cache
42000–42999TCPiTunes Radio streams
49152–65535TCPXsanXsan Filesystem Access
49152– 65535UDP
50003FileMaker server service
50006FileMaker helper service

1. The service registered with the Internet Assigned Numbers Authority, except where noted as “unregistered use.”

2. The number of a Request for Comment (RFC) document that defines the service or protocol. RFC documents are maintained by RFC Editor.

3. In the output of Terminal commands, the port number might be replaced by this Service Name, which is the label listed in /etc/services.

FaceTime is not available in all countries or regions.

Learn more

The application firewall in macOS is not a port-based firewall. It controls access by app, instead of by port.

Overview:

Simple, policy-enforced secure access to mission-critical applications and data for iOS, OS X, Android, Kindle Fire and Windows 8.1 mobile devices

Give your employees safe, easy access to the data and resources they need to be productive from a range of devices, including iOS, OS X, Android, Chrome OS, Kindle Fire and Windows. At the same time, ensure that the corporate network is protected from mobile security threats.

The SonicWall Mobile Connect application works in combination with SonicWall Secure Mobile Access (SMA) or next-generation firewall appliances. Mobile workers simply install and launch the Mobile Connect application on their iOS, OS X, Android, Chrome OS or Windows mobile device to establish a secure connection to an SMA or next-generation firewall appliance. The encrypted SSL VPN connection will protect traffic from being intercepted and keep in-flight data secure. Contextaware authentication ensures only authorized users and trusted devices are granted access.

Behind the scenes, IT can easily provision and manage access policies via SonicWall appliances through a single management interface, including restricting VPN access to a set of trusted mobile apps allowed by the administrator. Plus, the SonicWall solution integrates easily with most back-end authentication systems, including two-factor authentication, so you can efficiently extend your preferred authentication practices to your mobile workers.

Benefits

  • Ease of use
  • Centralized policy management
  • Verification of both user and device
  • Easy access to appropriate resources
  • Malware protection
  • Mobile device registration and authorization management
  • Per-application VPN
  • One-click secure intranet file browsing and on-device data protection
  • Auto-launch VPN
  • Easy integration
  • Application intelligence and control

Features & Benefits:

Ease of use:

iOS, OS X, Windows 10, Android, Chrome OS and Kindle users can easily download and install the Mobile Connect app via the App Store, Google Play, Chrome Web Store, Amazon App Store, or Windows Store. For Windows 8.1 mobile device users, Mobile Connect is embedded in the Windows 8.1 operating system so there is no need to download and install another VPN client app.

Centralized policy management:

IT can provision and manage mobile device access via SonicWall appliances — including control of all web resources, file shares and client-server resources — through a single management interface. Unlike other VPN solutions, the SonicWall solution allows you to quickly set role-based policy for mobile and laptop devices and users with a single rule across all objects; as a result, policy management can take only minutes instead of hours.

Verification of both user and device:

A Mobile Connect user is granted access to the corporate network only after the user has been authenticated and mobile device integrity has been verified. End Point Control can determine whether an iOS device has been jailbroken or an Android device has been rooted, as well as whether a certificate is present or the OS version is current, and then reject or quarantine the connection as appropriate.

Easy access to appropriate resources:

iOS, Android, Chrome OS, Kindle and Windows mobile devices can connect to all allowed network resources, including web-based, client/server, serverbased, host-based and back-connect applications. Once a user and device are verified, Mobile Connect offers pre-configured bookmarks for oneclick access to corporate applications and resources for which the user and device has privileges.

Malware protection:

When deployed with a SonicWall next-generation firewall, Mobile Connect establishes a Clean VPN, an extra layer of protection that decrypts and scans all SSL VPN traffic for malware before it enters the network.

Mobile device registration and authorization policy management:

With Mobile Connect and Secure Mobile Access OS (versions 11.0 and above) for Secure Mobile Access 1000 Series appliances, prior to granting network access, if a mobile device has not previously registered with the SMA appliance, the user is presented with a device authorization policy for acceptance. The user must accept the terms of the policy to register the device and gain access to allowed corporate resources and data. The terms of the policy are customizable by the administrator.

Per-application VPN:

Mobile Connect in combination with Secure Mobile Access OS (versions 11.0 and above) for Secure Mobile Access 1000 Series appliances, enables administrators to establish and enforce policies to designate which apps on a mobile device can be granted VPN access to the network. This ensures that only authorized mobile business apps utilize VPN access. Mobile Connect is the only solution that requires no modification of mobile apps for per app VPN access. Any mobile app or secure container can be supported with no modifications, app wrapping or SDK development.

One-click Secure Intranet File Browse and On-Device Data Protection:

Protect company data at rest on mobile devices. Authenticated users can securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy for the Mobile Connect app to control whether files viewed can be opened in other apps, copied to the clipboard, printed or cached securely within the Mobile Connect app. For iOS devices, this allows administrators to isolate business data from personal data stored on the device and reduces the risk of data loss. In addition, if the user’s credentials are revoked, content stored in the Mobile Connect app is locked and can no longer be accessed or viewed.

Auto-launch VPN:

URL control allows apps that require a VPN connection for business (including Safari) to create a VPN profile and automatically initiate or disconnect Mobile Connect on launch (requires compatible server firmware). In addition, for iOS or OS X devices, to simplify use when a secure connection is required, VPN on Demand automatically initiates a secure SSL VPN session when a user requests internal data, applications, websites or hosts.

Integration with existing authentication solutions:

Find Sonicwall Mac Address

The SonicWall solution supports easy integration with most back-end authentication systems, such as LDAP, Active Directory and Radius, so you can efficiently extend your preferred authentication practices to your mobile workers. For increased security, you can enable one-time password generation and easily integrate with two-factor authentication technologies.

Application intelligence and control:

When deployed with a next-generation firewall, IT can easily define and enforce how application and bandwidth assets are used.

Specifications:

Specifications Compatibility

SonicWall SMA and Next Generation Firewall

  • TZ, NSA, E-Class NSA or Super Massive 9000 Series appliances running SonicOS 5.9, 6.2 or higher
  • SMA 100 Series/SRA appliances running 7.5 or higher
  • SMA 1000 Series/E-Class SRA appliances running 10.7 or higher

Apple Store Sonicwall Mobile Connect

SonicWall Mobile Connect

  • Devices running iOS version 7.0 or higher
  • Devices running OS X 10.9 or higher
  • Devices running Android 4.1 or higher
  • Kindle Fire devices based on Android 4.1 or higher
  • Devices running ChromeOS 45 or higher
  • Devices running Windows 8.1
  • Devices running Windows Phone 8.1
  • Devices running Windows 10
Features based on Operating System
iOSOS X / MacAndroidKindle FireWindows 8.1Windows Phone 8.1Windows 10 Chrome OS
App DistributionApp StoreMac App StoreGoogle PlayAmazon Appstorein boxWindows Phone StoreWindows StoreChrome Web Store
Layer-3 VPN connectivity (SSL VPN)YesYesYesYesYesYesYesYes
Connect on demandYes3Yes3--YesMDM OnlyMDM/ PowerShellYes
Configurable trusted networksYes1Yes1--YesYesYes-
Network awarenessYes1Yes1Yes1Yes1----
Credential cachingYesYesYesYesYesYesYesYes
URL controlYesYesYesYesNo---
Basic authentication (username/password)YesYesYesYesYes---
End-user device registration and authorization policy acceptance, management and reporting 1YesYesYesYesYesYesYesYes
Two-Factor Authentication (OTPRADIUS)YesYesYesYesYesYesYesYes
Client certificate authenticationYes3Yes3Yes3Yes3YesYesYes
Password changeYesYesYesYesYesYesYesYes
Windows domain SSO for VPN----YesYesYes-
Mobile application VPN access control 1YesYesYesYesNoYesYesYes
Split-tunnelTunnel-all routingYesYesYesYesYesYesYes-
IPv6 SupportYesYesYesYesYesYesYesYes
SSLv3.0TLS 1.0, 1.1, 1.2Yes3Yes3Yes3Yes3Yes3Yes4Yes4-
Compression of data over VPNYes3Yes3Yes3Yes3Yes1Yes1Yes1Yes3
ESP Model (UDP transport)Yes1Yes1Yes1Yes1----
Network conflict resolutionYes1Yes1Yes1Yes1Yes1Yes1Yes1Yes1
End Point Control 3Jailbreak, Certificate, OS version, DeviceIDYesRoot, Certificate, OS version, DeviceID, Anti-Virus softwareRoot, Certificate, OS version, DeviceID, Anti-Virus softwareDeviceID, OS version1DeviceID, OS version1DeviceID, OS version1DeviceID, Chrome OS version1
File Reader / BookmarksYes2-Yes2Yes2----
RDP Bookmarks2X RDP, Microsoft Remote Desktop for RDP-2X RDP, Remote RDP Lite/ Enterprise, Microsoft Remote Desktop for RDP 2X RDP, Microsoft Remote Desktop for RDP----
Citrix Receiver BookmarksYes2-Yes2Yes2----
VNC BookmarksRemoter VNC-Dell Wyse Pocket Cloud Pro, 2X RDP, Remote RDP Lite/ Enterprise-----
Web BookmarksSafari, Chrome-Any browser— configured in Android system settingsSilk Browser----
Terminal BookmarksiSSH, Server Auditor for SSH -ConnectBot, JuideSSH JuideSSH ----
Native HTML5 BookmarksRDP, VNC, SSH, Telnet2-RDP, VNC, SSH, Telnet2-----
MDM Management of VPN Connection ProfilesYes---YesYes Yes Google Mgmt Console

Notes:
1 This feature is supported on the E-Class SRA/SMA 1000 series appliances only. Please refer to the product release notes for the specific software version required to support this feature.
2 This feature is supported on the SRA/SMA 100 series appliances only.
3 This feature is supported on the SRA/SMA 100 series and E-Class SRA/SMA 1000 series appliances only. Please refer to the product release notes for the specific software version required to support this feature.
4 This feature is supported on the SRA/SMA 100 series, E-Class SRA/SMA 1000 series and Next-Generation Firewall appliances. Please refer to the product release notes for the software specific version required to support this feature.

Documentation:

Sonicwall Remote App

Download the SonicWall Mobile Connect Datasheet (.PDF)