04-01-2009, 02:38 PM
Join Date: Nov 2008
KB03735 - Firewall and connection requirements for the BlackBerry Enterprise Server
- BlackBerry® Enterprise Server
To establish a connection when the BlackBerry Enterprise Server is behind a firewall, complete the following:
- On the firewall, verify that port 3101 is open for outbound initiated, bi-directional, Transmission Control Protocol (TCP) traffic.
- Depending on the firewall interface, complete one of the following:
- If the firewall has the ability to specify acceptable external host names, add blackberry.net as an acceptable sub domain.
- If the firewall has the ability to specify acceptable external Internet Protocol (IP) addresses, add the following range of IP addresses to the allowed list:
|188.8.131.52 / 24 ||Netmask = 255.255.255.0|
|184.108.40.206 / 24 ||Netmask = 255.255.255.0|
|220.127.116.11 / 24 ||Netmask = 255.255.255.0|
|18.104.22.168 / 20 ||Netmask = 255.255.240.0|
|22.214.171.124 / 20 ||Netmask = 255.255.240.0|
|126.96.36.199 / 19 ||Netmask = 255.255.224.0|
|188.8.131.52 / 20 ||Netmask = 255.255.240.0|
|184.108.40.206 / 19 ||Netmask = 255.255.224.0|
- Ideally, complete IP address ranges should be allowed through your corporate firewall. If your BlackBerry Enterprise Server is configured to connect through the Europe, Middle East, and Africa (EMEA) region and you are unable to allow ranges through due to configuration restrictions, you may allow individual IP addresses for EMEA. The EMEA ranges 220.127.116.11 / 24 and 18.104.22.168 / 20 only may be replaced by the following list of IP addresses.
Note: all are strongly encouraged to use the ranges above in order to stay connected if the addresses change in the future. 3. Verify the connection settings by completing the following steps:
The individual IP addresses that must be allowed through the firewall for customers who connect a BlackBerry Enterprise Server through the EMEA region are:
22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206
220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199
188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168
22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206
- Open the BlackBerry Server Configuration tool.
- Select the BlackBerry Router tab.
Do not specify an IP address in the SRP Address field because the BlackBerry Enterprise Server may lose the connection if the Server Routing Protocol (SRP) address is updated. The SRP address will appear as srp.xx.blackberry.net, where xx is the region.
Please see article KB04359 to determine which SRP address the BlackBerry Enterprise Server should use to connect to the wireless network.
The IP addresses listed in the previous table are current as of the date of publication and are subject to change. Please contact BlackBerry® Technical Support Services for more information.
The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.