Firewall Settings for Scalefusion
  • 15 Oct 2025
  • 2 Minutes to read
  • PDF

Firewall Settings for Scalefusion

  • PDF

Article summary

Scalefusion is a cloud-hosted solution with servers across the continents. This means devices enrolled and managed by Scalefusion need to have continuous access to Scalefusion's servers so that they can be managed in real-time. The devices also need to have a connection with Google Push services, Apple Push services and Windows Push services, along with other components that are required for the management of devices. Also, to access Scalefusion's Dashboard, the PC/Laptop needs to have access to certain IPs and URLs.

However, an organization might be restricting internet access on their corporate-managed devices and/or PCs/Laptops by using a firewall or a proxy. In such cases, it becomes important to allow the URLs, IPs and ports required for Scalefusion to work smoothly in your organization.

This guide outlines the Firewall settings that need to be done for Scalefusion and OneIdP.

Scalefusion Instances

To comply with data residency regulations, Scalefusion operates multiple regional instances:

Ensure firewall rules are applied according to the instance your organization uses.

General Firewall Requirements

URL/Domain/FQDN

Ports

Protocol

Direction

Description

*.mobilock.in

80, 443

HTTP/S

Outbound

Main domain for API and dashboard access.

*.scalefusion.com

80, 443

HTTP/S

Outbound

Core Scalefusion services.

5228-5230

TCP

Outbound

Google GCM/FCM push notification connectivity.

Device Platform Specific Firewall Settings

Android

URL/Domain/FQDN

Ports

Protocol

Direction

Description

Android Enterprise Docs

-

-

Outbound

Android Enterprise Firewall Exceptions

Samsung Knox

-

-

Outbound

Samsung Knox Firewall Exceptions

onlinerow.lenovocust.com

443

HTTPS

Outbound

Lenovo device activation URL.

android.clients.google.com

443

HTTPS

Outbound

OS device enrollment.

  • Google GCM/FCM IPs: Allow all IPs from Google's ASN 15169 (Google ASN IP list) due to frequent IP changes.

iOS and macOS

Windows

URL/Domain/FQDN

Port

Protocol

Direction

Description

next-services.apps.microsoft.com

443

HTTPS

Outbound

Windows Access to School or Work app services.

*.wns.windows.com

443

HTTPS

Outbound

Windows notification services.

*.notify.windows.com

443

HTTPS

Outbound

Windows notification services.

wscont1.apps.microsoft.com

443

HTTPS

Outbound

Windows service connectivity.

prod-unattended-rc.service.signalr.net

443

HTTPS

Outbound

SignalR service for Windows push notifications.

portal.manage.microsoft.com

443

HTTPS

Outbound

Device management portal.

login.microsoftonline.com

443

HTTPS

Outbound

Microsoft login services.

enrollment.manage.microsoft.com

443

HTTPS

Outbound

Enrollment service endpoints.

ipinfo.io

443

HTTPS

Outbound

IP address info service.

bspmts.mp.microsoft.com

443

HTTPS

Outbound

Windows management service.

sfpush.service.signalr.net

443

HTTPS

Outbound

Push notifications via SignalR.

Scalefusion Features Requiring Firewall Access

Remote Cast & Control

URL/Domain/FQDN

Ports

Protocol

Direction

Description

s1.xirsys.com

80, 443

HTTP/S, TCP, UDP

Outbound

WebRTC device discovery and P2P connections.

Pushy (For devices without Google Play Services)

URL/Domain/FQDN

Port

Protocol

Direction

Description

*.pushy.me

443

HTTPS

Outbound

Pushy messaging domains

*.pushy.io

443

HTTPS

Outbound

Pushy messaging domains

OneIdP Firewall Settings

Global Instance (https://app.scalefusion.com)

URL/Domain/FQDN

Port

Protocol

Direction

Description

app.oneidp.com

443

HTTPS

Outbound

OneIdP main service

accounts.oneidp.com

443

HTTPS

Outbound

OneIdP SSO authentication

launchlocal.oneidp.com

443

HTTPS

Outbound

iOS app launcher

US Instance (https://endpointlockdown.com)

URL/Domain/FQDN

Port

Protocol

Direction

Description

us.oneidp.com

443

HTTPS

Outbound

OneIdP main service

us-accounts.oneidp.com

443

HTTPS

Outbound

OneIdP SSO authentication

us-launchlocal.oneidp.com

443

HTTPS

Outbound

iOS app launcher

India Instance (https://in.scalefusion.com)

URL/Domain/FQDN

Port

Protocol

Direction

Description

in.oneidp.com

443

HTTPS

Outbound

OneIdP main service

in-accounts.oneidp.com

443

HTTPS

Outbound

OneIdP SSO authentication

in-launchlocal.oneidp.com

443

HTTPS

Outbound

iOS app launcher

MEA Instance (https://mea.scalefusion.com)

URL/Domain/FQDN

Port

Protocol

Direction

Description

mea.oneidp.com

443

HTTPS

Outbound

OneIdP main service

mea-accounts.oneidp.com

443

HTTPS

Outbound

OneIdP SSO authentication

mea-launchlocal.oneidp.com

443

HTTPS

Outbound

iOS app launcher

Content Delivery and CDN URLs by Region

Region

URL/Domain/FQDN (Scalefusion)

URL/Domain/FQDN (OneIdP)

Port

Protocol

Description

Global (EU)

mobilock.s3-website-eu-west-1.amazonaws.com

https://prod-oneidp.s3.eu-central-1.amazonaws.com

443

HTTPS

Content Management, App Management, Branding

db5xszokwvv76.cloudfront.net

443

HTTPS

CDN Edge server for APK distribution

US

assets-hp-reap.s3.amazonaws.com

https://epl-prod-oneidp.s3.us-east-1.amazonaws.com

443

HTTPS

Content Management, App Management, Branding

db5xszokwvv76.cloudfront.net

443

HTTPS

CDN Edge server for APK distribution

India

assets-sf-bharat.s3.ap-south-1.amazonaws.com

https://in-prod-oneidp.s3.ap-south-1.amazonaws.com

443

HTTPS

Content Management, App Management, Branding

d2vykazg2augye.cloudfront.net

443

HTTPS

CDN Edge server for APK distribution

MEA

scalefusion-uae-assets.s3.me-central-1.amazonaws.com

https://scalefusion-mea-assets-oneidp.s3.me-central-1.amazonaws.com

443

HTTPS

Content Management, App Management, Branding

d7a4g5ksfhora.cloudfront.net

443

HTTPS

CDN Edge server for APK distribution

Additional Notes

  • TLS Support: Scalefusion supports TLSv1.2 and TLSv1.3 only; ensure your firewall permits traffic over these protocols.

  • Webhooks IP: 165.22.203.134 (subject to change without prior notice).

  • Allow wildcard subdomains (e.g., *.mobilock.in) where applicable for smoother updates.

  • Regular updates to firewall rules may be necessary, especially for Microsoft IP ranges and Google ASN blocks.


Was this article helpful?