To use Apple Push Notification service (APNs), you need a direct, unproxied connection to the APNs servers on these ports:

  • TCP port 5223 used by the iOS devices server to communicate with APNs.
  • TCP port 2195 used  by the DualShield server to send notifications to APNs.
  • TCP port 2196 for the APNs feedback service.
  • TCP port 443 is required during device activation, and afterwards for fallback (on Wi-Fi only) if devices can't reach APNs on port 5223.

The APNs servers use load balancing, so your devices don't always connect to the same public IP address for notifications. It's best to let your device access these ports on the entire 17.0.0.0/8 address block, which is assigned to Apple.

Learn more about the ports Apple services use. The Apple Developer website has more information about Apple Push Notification service.