Firewall Settings for Scalefusion

Updated on 11 Nov 2025
2 Minutes to read

Article summary

Did you find this summary helpful?

Thank you for your feedback!

Scalefusion is a cloud-hosted solution with servers across the continents. This means devices enrolled and managed by Scalefusion need to have continuous access to Scalefusion's servers so that they can be managed in real-time. The devices also need to have a connection with Google Push services, Apple Push services and Windows Push services, along with other components that are required for the management of devices. Also, to access Scalefusion's Dashboard, the PC/Laptop needs to have access to certain IPs and URLs.

However, an organization might be restricting internet access on their corporate-managed devices and/or PCs/Laptops by using a firewall or a proxy. In such cases, it becomes important to allow the URLs, IPs and ports required for Scalefusion to work smoothly in your organization.

This guide outlines the Firewall settings that need to be done for Scalefusion and OneIdP.

Scalefusion Instances

To comply with data residency regulations, Scalefusion operates multiple regional instances:

Instance Name	URL	Location
Global (EU)	https://app.scalefusion.com	EU
US	https://endpointlockdown.com	USA
India	https://in.scalefusion.com	India
MEA	https://mea.scalefusion.com	UAE

Ensure firewall rules are applied according to the instance your organization uses.

General Firewall Requirements (All Regions)

URL/Domain/FQDN	Ports	Protocol	Direction	Description
*.mobilock.in	80, 443	HTTP/S	Outbound	Main domain for API and dashboard access.
*.scalefusion.com	80, 443	HTTP/S	Outbound	Core Scalefusion services.
Google FCM/GCM	5228-5230	TCP	Outbound	Google GCM/FCM push notification connectivity.
*.pushy.me	443	HTTPS	Outbound	Pushy messaging domains
*.pushy.io	443	HTTPS	Outbound	Pushy messaging domains

Recommendation: Whitelist wildcard domains to simplify firewall maintenance and include all current and future subdomains.

Device Platform Specific Firewall Settings

Android

URL/Domain/FQDN	Ports	Protocol	Direction	Description
Android Enterprise Docs	-	-	Outbound	Android Enterprise Firewall Exceptions
Samsung Knox	-	-	Outbound	Samsung Knox Firewall Exceptions
activation.lenovo.com	443	HTTPS	Outbound	Lenovo device activation URL.
os-base.googleapis.com	443	HTTPS	Outbound	OS device enrollment.

Google GCM/FCM IPs: Allow all IPs from Google's ASN 15169 (Google ASN IP list) due to frequent IP changes.

iOS and macOS

Follow Apple’s official firewall guidelines for Push Notifications:
Apple Push Notifications Firewall Configuration

Windows

URL/Domain	Port	Protocol	Direction	Description
`enterpriseregistration.windows.net`	443	HTTPS	Outbound	Windows “Access to School or Work” services
`manage.microsoft.com`	443	HTTPS	Outbound	Windows notification services
`wns.windows.com`	443	HTTPS	Outbound	Windows notification services
`device.login.microsoftonline.com`	443	HTTPS	Outbound	Device login services
`portal.manage.microsoft.com`	443	HTTPS	Outbound	Device management portal
`enrollment.manage.microsoft.com`	443	HTTPS	Outbound	Enrollment endpoints
`geoip.iris.microsoft.com`	443	HTTPS	Outbound	IP-based device location
`wip.microsoft.com`	443	HTTPS	Outbound	Windows Information Protection service

Windows Update Delivery Optimization:
See Microsoft’s documentation for URLs and ports required for update optimization and delivery:
- Ports: 7680 (TCP), 3544 (UDP), 443 (HTTPS)
- Domains: .prod.do.dsp.mp.microsoft.com, .dl.delivery.mp.microsoft.com, *.windowsupdate.com, etc.

Certificate Validation Endpoints (All Regions)

Domain	Port	Protocol	Direction	Description
`crl.globalsign.com`	443	HTTPS	Outbound	Certificate revocation checks
`ocsp.globalsign.com`	443	HTTPS	Outbound	OCSP verification (primary)
`ocsp2.globalsign.com`	443	HTTPS	Outbound	OCSP verification (secondary)

Important: Blocking these may cause SSL/TLS trust errors for Scalefusion services.

Scalefusion Core and Service Endpoints

Common Service Endpoints (Global)

URL/Domain	Ports	Protocol	Direction	Description
`api.scalefusion.com`	80, 443	HTTP/S	Outbound	Core Scalefusion API
`enroll.scalefusion.com`	80, 443	HTTP/S	Outbound	Device enrollment and provisioning
`eva.scalefusion.com`, `api-eva.scalefusion.com`	80, 443	HTTP/S	Outbound	EVA Assistant services
`signal.scalefusion.com`	80, 443	HTTP/S, UDP	Outbound	Remote Cast/Control signaling
`iot-connector.scalefusion.com`	80, 443	HTTP/S	Outbound	IoT device connector
`mqtt.scalefusion.com`	8883	MQTT/TLS	Outbound	IoT communication
`sftermprox.scalefusion.com`, `sftermws.scalefusion.com`	80, 443	HTTP/S, WSS	Outbound	Remote Terminal access
`swg-api.scalefusion.com`	80, 443	HTTP/S	Outbound	Secure Web Gateway (Veltar/WCF) services

Use corresponding regional prefixes for India (*-in), MEA (*-mea), and US (endpointlockdown.com) instances.

OneIdP Firewall Settings

Instance	URL/Domain	Port	Protocol	Direction	Description
Global	`app.oneidp.com`, `accounts.oneidp.com`, `launchlocal.oneidp.com`	443	HTTPS	Outbound	Core authentication & SSO services
US	`us.oneidp.com`, `us-accounts.oneidp.com`, `us-launchlocal.oneidp.com`	443	HTTPS	Outbound	US regional OneIdP services
India	`in.oneidp.com`, `in-accounts.oneidp.com`, `in-launchlocal.oneidp.com`	443	HTTPS	Outbound	India regional OneIdP services
MEA	`mea.oneidp.com`, `mea-accounts.oneidp.com`, `mea-launchlocal.oneidp.com`	443	HTTPS	Outbound	MEA regional OneIdP services

Content Delivery and CDN URLs by Region

Region	URL/Domain/FQDN (Scalefusion)	URL/Domain/FQDN (OneIdP)	Port	Protocol	Description
Global (EU)	mobilock.s3-website-eu-west-1.amazonaws.com	https://prod-oneidp.s3.eu-central-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	db5xszokwvv76.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution
US	assets-hp-reap.s3.amazonaws.com	https://epl-prod-oneidp.s3.us-east-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	db5xszokwvv76.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution
India	assets-sf-bharat.s3.ap-south-1.amazonaws.com	https://in-prod-oneidp.s3.ap-south-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	d2vykazg2augye.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution
MEA	scalefusion-uae-assets.s3.me-central-1.amazonaws.com	https://scalefusion-mea-assets-oneidp.s3.me-central-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	d7a4g5ksfhora.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution

Webhook & Integration IPs (Outbound Server Connections)

Region	Instance	IP Address	Purpose
Global (EU)	`app.scalefusion.com`	`165.22.203.134`	Webhooks & integrations
India	`in.scalefusion.com`	`3.108.153.5`	Webhooks & integrations
MEA	`mea.scalefusion.com`	`51.112.212.140`	Webhooks & integrations
US	`endpointlockdown.com`	`157.230.176.102`	Webhooks & integrations

Note: IPs may change without prior notice. Ensure both inbound and outbound rules allow these addresses.

Additional Notes

TLS Support: Scalefusion supports TLSv1.2 and TLSv1.3 only; ensure your firewall permits traffic over these protocols.
Allow wildcard subdomains (e.g., *.mobilock.in) where applicable for smoother updates.
Regular updates to firewall rules may be necessary, especially for Microsoft IP ranges and Google ASN blocks.

Was this article helpful?

What's Next

Role Based Access to Scalefusion Dashboard

Table of contents

Scalefusion Instances
General Firewall Requirements (All Regions)
Device Platform Specific Firewall Settings
Certificate Validation Endpoints (All Regions)
Scalefusion Core and Service Endpoints
OneIdP Firewall Settings
Content Delivery and CDN URLs by Region
Webhook & Integration IPs (Outbound Server Connections)
Additional Notes