To use Apple Push Notification service (APNs), your Mac and iOS clients need a direct and persistent connection to Apple's servers.
iOS devices try to connect to APNs using cellular data first. If the device can't connect to Apple's servers over the cellular connection, it then tries to connect using Wi-Fi.
If you use Wi-Fi behind a firewall or a private Access Point Name (APN) for cellular data, you'll need a direct, unproxied connection to the APNs servers on these ports:
- TCP port 5223: For communicating with Apple Push Notification services (APNs)
- TCP port 2195: For sending notifications to APNs
- TCP port 2196: For the APNs feedback service
- TCP port 443: For a fallback on Wi-Fi only, when devices can't reach APNs on port 5223
The APNs servers use load balancing, so your devices won't always connect to the same public IP address for notifications. It's best to allow access to these ports on the entire 18.104.22.168/8 address block, which is assigned to Apple.
APNs stands for the Apple Push Notification service. APN stands for Access Point Name, the gateway between a cellular data network and the Internet.