Firewall Settings for Scalefusion

Updated on 15 Oct 2025
2 Minutes to read

Article summary

Did you find this summary helpful?

Thank you for your feedback!

Scalefusion is a cloud-hosted solution with servers across the continents. This means devices enrolled and managed by Scalefusion need to have continuous access to Scalefusion's servers so that they can be managed in real-time. The devices also need to have a connection with Google Push services, Apple Push services and Windows Push services, along with other components that are required for the management of devices. Also, to access Scalefusion's Dashboard, the PC/Laptop needs to have access to certain IPs and URLs.

However, an organization might be restricting internet access on their corporate-managed devices and/or PCs/Laptops by using a firewall or a proxy. In such cases, it becomes important to allow the URLs, IPs and ports required for Scalefusion to work smoothly in your organization.

This guide outlines the Firewall settings that need to be done for Scalefusion and OneIdP.

Scalefusion Instances

To comply with data residency regulations, Scalefusion operates multiple regional instances:

Instance Name	URL	Location
Global (EU)	https://app.scalefusion.com	EU
US	https://endpointlockdown.com	USA
India	https://in.scalefusion.com	India
MEA	https://mea.scalefusion.com	UAE

Ensure firewall rules are applied according to the instance your organization uses.

General Firewall Requirements

URL/Domain/FQDN	Ports	Protocol	Direction	Description
*.mobilock.in	80, 443	HTTP/S	Outbound	Main domain for API and dashboard access.
*.scalefusion.com	80, 443	HTTP/S	Outbound	Core Scalefusion services.
	5228-5230	TCP	Outbound	Google GCM/FCM push notification connectivity.

Device Platform Specific Firewall Settings

Android

URL/Domain/FQDN	Ports	Protocol	Direction	Description
Android Enterprise Docs	-	-	Outbound	Android Enterprise Firewall Exceptions
Samsung Knox	-	-	Outbound	Samsung Knox Firewall Exceptions
onlinerow.lenovocust.com	443	HTTPS	Outbound	Lenovo device activation URL.
android.clients.google.com	443	HTTPS	Outbound	OS device enrollment.

Google GCM/FCM IPs: Allow all IPs from Google's ASN 15169 (Google ASN IP list) due to frequent IP changes.

iOS and macOS

Follow Apple’s official firewall guidelines for Push Notifications:
Apple Push Notifications Firewall Configuration

Windows

URL/Domain/FQDN	Port	Protocol	Direction	Description
next-services.apps.microsoft.com	443	HTTPS	Outbound	Windows Access to School or Work app services.
*.wns.windows.com	443	HTTPS	Outbound	Windows notification services.
*.notify.windows.com	443	HTTPS	Outbound	Windows notification services.
wscont1.apps.microsoft.com	443	HTTPS	Outbound	Windows service connectivity.
prod-unattended-rc.service.signalr.net	443	HTTPS	Outbound	SignalR service for Windows push notifications.
portal.manage.microsoft.com	443	HTTPS	Outbound	Device management portal.
login.microsoftonline.com	443	HTTPS	Outbound	Microsoft login services.
enrollment.manage.microsoft.com	443	HTTPS	Outbound	Enrollment service endpoints.
ipinfo.io	443	HTTPS	Outbound	IP address info service.
bspmts.mp.microsoft.com	443	HTTPS	Outbound	Windows management service.
sfpush.service.signalr.net	443	HTTPS	Outbound	Push notifications via SignalR.

Windows Update Delivery Optimization:
See Microsoft’s documentation for URLs and ports required for update optimization and delivery:
- Ports: 7680 (TCP), 3544 (UDP), 443 (HTTPS)
- Domains: .prod.do.dsp.mp.microsoft.com, .dl.delivery.mp.microsoft.com, *.windowsupdate.com, etc.

Scalefusion Features Requiring Firewall Access

Remote Cast & Control

URL/Domain/FQDN	Ports	Protocol	Direction	Description
s1.xirsys.com	80, 443	HTTP/S, TCP, UDP	Outbound	WebRTC device discovery and P2P connections.

Pushy (For devices without Google Play Services)

URL/Domain/FQDN	Port	Protocol	Direction	Description
*.pushy.me	443	HTTPS	Outbound	Pushy messaging domains
*.pushy.io	443	HTTPS	Outbound	Pushy messaging domains

OneIdP Firewall Settings

Global Instance (https://app.scalefusion.com)

URL/Domain/FQDN	Port	Protocol	Direction	Description
app.oneidp.com	443	HTTPS	Outbound	OneIdP main service
accounts.oneidp.com	443	HTTPS	Outbound	OneIdP SSO authentication
launchlocal.oneidp.com	443	HTTPS	Outbound	iOS app launcher

US Instance (https://endpointlockdown.com)

URL/Domain/FQDN	Port	Protocol	Direction	Description
us.oneidp.com	443	HTTPS	Outbound	OneIdP main service
us-accounts.oneidp.com	443	HTTPS	Outbound	OneIdP SSO authentication
us-launchlocal.oneidp.com	443	HTTPS	Outbound	iOS app launcher

India Instance (https://in.scalefusion.com)

URL/Domain/FQDN	Port	Protocol	Direction	Description
in.oneidp.com	443	HTTPS	Outbound	OneIdP main service
in-accounts.oneidp.com	443	HTTPS	Outbound	OneIdP SSO authentication
in-launchlocal.oneidp.com	443	HTTPS	Outbound	iOS app launcher

MEA Instance (https://mea.scalefusion.com)

URL/Domain/FQDN	Port	Protocol	Direction	Description
mea.oneidp.com	443	HTTPS	Outbound	OneIdP main service
mea-accounts.oneidp.com	443	HTTPS	Outbound	OneIdP SSO authentication
mea-launchlocal.oneidp.com	443	HTTPS	Outbound	iOS app launcher

Content Delivery and CDN URLs by Region

Region	URL/Domain/FQDN (Scalefusion)	URL/Domain/FQDN (OneIdP)	Port	Protocol	Description
Global (EU)	mobilock.s3-website-eu-west-1.amazonaws.com	https://prod-oneidp.s3.eu-central-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	db5xszokwvv76.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution
US	assets-hp-reap.s3.amazonaws.com	https://epl-prod-oneidp.s3.us-east-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	db5xszokwvv76.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution
India	assets-sf-bharat.s3.ap-south-1.amazonaws.com	https://in-prod-oneidp.s3.ap-south-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	d2vykazg2augye.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution
MEA	scalefusion-uae-assets.s3.me-central-1.amazonaws.com	https://scalefusion-mea-assets-oneidp.s3.me-central-1.amazonaws.com	443	HTTPS	Content Management, App Management, Branding
	d7a4g5ksfhora.cloudfront.net		443	HTTPS	CDN Edge server for APK distribution

Additional Notes

TLS Support: Scalefusion supports TLSv1.2 and TLSv1.3 only; ensure your firewall permits traffic over these protocols.
Webhooks IP: 165.22.203.134 (subject to change without prior notice).
Allow wildcard subdomains (e.g., *.mobilock.in) where applicable for smoother updates.
Regular updates to firewall rules may be necessary, especially for Microsoft IP ranges and Google ASN blocks.

Was this article helpful?

What's Next

Role Based Access to Scalefusion Dashboard

Table of contents

Scalefusion Instances
General Firewall Requirements
Device Platform Specific Firewall Settings
Scalefusion Features Requiring Firewall Access
OneIdP Firewall Settings
Content Delivery and CDN URLs by Region
Additional Notes