KB03735 - Firewall and connection requirements for the BlackBerry Enterprise Server

hdawg · #1 (**permalink**) 04-01-2009, 03:38 PM

Environment

BlackBerry® Enterprise Server

Overview

To establish a connection when the BlackBerry Enterprise Server is behind a firewall, complete the following:

On the firewall, verify that port 3101 is open for outbound initiated, bi-directional, Transmission Control Protocol (TCP) traffic.

Depending on the firewall interface, complete one of the following:

If the firewall has the ability to specify acceptable external host names, add blackberry.net as an acceptable sub domain.
If the firewall has the ability to specify acceptable external Internet Protocol (IP) addresses, add the following range of IP addresses to the allowed list:

IP Address Netmask

206.51.26.0 / 24 Netmask = 255.255.255.0

193.109.81.0 / 24 Netmask = 255.255.255.0

204.187.87.0 / 24 Netmask = 255.255.255.0

216.9.240.0 / 20 Netmask = 255.255.240.0

206.53.144.0 / 20 Netmask = 255.255.240.0

67.223.64.0 / 19 Netmask = 255.255.224.0

93.186.16.0 / 20 Netmask = 255.255.240.0

68.171.224.0 / 19 Netmask = 255.255.224.0

Ideally, complete IP address ranges should be allowed through your corporate firewall. If your BlackBerry Enterprise Server is configured to connect through the Europe, Middle East, and Africa (EMEA) region and you are unable to allow ranges through due to configuration restrictions, you may allow individual IP addresses for EMEA. The EMEA ranges 193.109.81.0 / 24 and 93.186.16.0 / 20 only may be replaced by the following list of IP addresses.

Note: all are strongly encouraged to use the ranges above in order to stay connected if the addresses change in the future.
The individual IP addresses that must be allowed through the firewall for customers who connect a BlackBerry Enterprise Server through the EMEA region are:
93.186.25.32 93.186.25.36 93.186.17.32 93.186.17.36
93.186.25.33 93.186.25.37 93.186.17.33 93.186.17.37
93.186.25.34 93.186.25.38 93.186.17.34 93.186.17.38
93.186.25.35 93.186.25.39 93.186.17.35 93.186.17.39

3. Verify the connection settings by completing the following steps:

1. Open the BlackBerry Server Configuration tool.
2. Select the BlackBerry Router tab.

Do not specify an IP address in the SRP Address field because the BlackBerry Enterprise Server may lose the connection if the Server Routing Protocol (SRP) address is updated. The SRP address will appear as srp.xx.blackberry.net, where xx is the region.
Please see article KB04359 to determine which SRP address the BlackBerry Enterprise Server should use to connect to the wireless network.

Additional Information

The IP addresses listed in the previous table are current as of the date of publication and are subject to change. Please contact BlackBerry® Technical Support Services for more information.

smoothrunnings · #2 (**permalink**) 08-01-2009, 01:08 PM

Someone named Hdawg who's on this forum and on Blackberryforums.com told me these IPs in this thread are the BIS SMTP servers, is this correct because when I read what you have here it seems the IPs are related to the SRP IPs that RIM has!?

A.