This article is intended for network administrators.
How Apple Push Notification Service connects
To use Apple Push Notification Service (APNs), your macOS, iOS, tvOS and watchOS devices need an uninterrupted connection to Apple's servers via Ethernet, mobile data (if capable) or Wi-Fi.
Check required ports and hosts
If you're using a firewall or private Access Point Name for mobile data, your Apple devices must be able to connect to specific ports on specific hosts:
- TCP port 5223 to communicate with APNs.
- TCP port 443 or 2197 to send notifications to APNs.
TCP port 443 is used during device activation, and afterwards as fallback if devices can't reach APNs on port 5223. The connection on port 443 uses a proxy as long as the proxy allows the communication to pass through without decrypting.
The APNs servers use load balancing, so your devices don't always connect to the same public IP address for notifications. It's best to let your device access these ports on the entire 184.108.40.206/8 address block, which is assigned to Apple.
If you can't allow access to the entire 220.127.116.11/8 address block, open access via the same ports to these network ranges on IPv4 or IPv6: