- 15 Oct 2025
- 2 Minutes to read
- Print
- PDF
Firewall Settings for Scalefusion
- Updated on 15 Oct 2025
- 2 Minutes to read
- Print
- PDF
Scalefusion is a cloud-hosted solution with servers across the continents. This means devices enrolled and managed by Scalefusion need to have continuous access to Scalefusion's servers so that they can be managed in real-time. The devices also need to have a connection with Google Push services, Apple Push services and Windows Push services, along with other components that are required for the management of devices. Also, to access Scalefusion's Dashboard, the PC/Laptop needs to have access to certain IPs and URLs.
However, an organization might be restricting internet access on their corporate-managed devices and/or PCs/Laptops by using a firewall or a proxy. In such cases, it becomes important to allow the URLs, IPs and ports required for Scalefusion to work smoothly in your organization.
This guide outlines the Firewall settings that need to be done for Scalefusion and OneIdP.
Scalefusion Instances
To comply with data residency regulations, Scalefusion operates multiple regional instances:
Instance Name | URL | Location |
---|---|---|
Global (EU) | EU | |
US | USA | |
India | India | |
MEA | UAE |
Ensure firewall rules are applied according to the instance your organization uses.
General Firewall Requirements
URL/Domain/FQDN | Ports | Protocol | Direction | Description |
---|---|---|---|---|
80, 443 | HTTP/S | Outbound | Main domain for API and dashboard access. | |
80, 443 | HTTP/S | Outbound | Core Scalefusion services. | |
5228-5230 | TCP | Outbound | Google GCM/FCM push notification connectivity. |
Device Platform Specific Firewall Settings
Android
URL/Domain/FQDN | Ports | Protocol | Direction | Description |
---|---|---|---|---|
Android Enterprise Docs | - | - | Outbound | |
Samsung Knox | - | - | Outbound | |
443 | HTTPS | Outbound | Lenovo device activation URL. | |
443 | HTTPS | Outbound | OS device enrollment. |
Google GCM/FCM IPs: Allow all IPs from Google's ASN 15169 (Google ASN IP list) due to frequent IP changes.
iOS and macOS
Follow Apple’s official firewall guidelines for Push Notifications:
Apple Push Notifications Firewall Configuration
Windows
URL/Domain/FQDN | Port | Protocol | Direction | Description |
---|---|---|---|---|
443 | HTTPS | Outbound | Windows Access to School or Work app services. | |
443 | HTTPS | Outbound | Windows notification services. | |
443 | HTTPS | Outbound | Windows notification services. | |
443 | HTTPS | Outbound | Windows service connectivity. | |
443 | HTTPS | Outbound | SignalR service for Windows push notifications. | |
443 | HTTPS | Outbound | Device management portal. | |
443 | HTTPS | Outbound | Microsoft login services. | |
443 | HTTPS | Outbound | Enrollment service endpoints. | |
443 | HTTPS | Outbound | IP address info service. | |
443 | HTTPS | Outbound | Windows management service. | |
443 | HTTPS | Outbound | Push notifications via SignalR. |
Windows Update Delivery Optimization:
See Microsoft’s documentation for URLs and ports required for update optimization and delivery:Ports: 7680 (TCP), 3544 (UDP), 443 (HTTPS)
Domains: .prod.do.dsp.mp.microsoft.com, .dl.delivery.mp.microsoft.com, *.windowsupdate.com, etc.
Scalefusion Features Requiring Firewall Access
Remote Cast & Control
URL/Domain/FQDN | Ports | Protocol | Direction | Description |
---|---|---|---|---|
80, 443 | HTTP/S, TCP, UDP | Outbound | WebRTC device discovery and P2P connections. |
Pushy (For devices without Google Play Services)
URL/Domain/FQDN | Port | Protocol | Direction | Description |
---|---|---|---|---|
*.pushy.me | 443 | HTTPS | Outbound | Pushy messaging domains |
*.pushy.io | 443 | HTTPS | Outbound | Pushy messaging domains |
OneIdP Firewall Settings
Global Instance (https://app.scalefusion.com)
URL/Domain/FQDN | Port | Protocol | Direction | Description |
---|---|---|---|---|
443 | HTTPS | Outbound | OneIdP main service | |
443 | HTTPS | Outbound | OneIdP SSO authentication | |
443 | HTTPS | Outbound | iOS app launcher |
US Instance (https://endpointlockdown.com)
URL/Domain/FQDN | Port | Protocol | Direction | Description |
---|---|---|---|---|
443 | HTTPS | Outbound | OneIdP main service | |
443 | HTTPS | Outbound | OneIdP SSO authentication | |
443 | HTTPS | Outbound | iOS app launcher |
India Instance (https://in.scalefusion.com)
URL/Domain/FQDN | Port | Protocol | Direction | Description |
---|---|---|---|---|
443 | HTTPS | Outbound | OneIdP main service | |
443 | HTTPS | Outbound | OneIdP SSO authentication | |
443 | HTTPS | Outbound | iOS app launcher |
MEA Instance (https://mea.scalefusion.com)
URL/Domain/FQDN | Port | Protocol | Direction | Description |
---|---|---|---|---|
443 | HTTPS | Outbound | OneIdP main service | |
443 | HTTPS | Outbound | OneIdP SSO authentication | |
443 | HTTPS | Outbound | iOS app launcher |
Content Delivery and CDN URLs by Region
Region | URL/Domain/FQDN (Scalefusion) | URL/Domain/FQDN (OneIdP) | Port | Protocol | Description |
---|---|---|---|---|---|
Global (EU) | 443 | HTTPS | Content Management, App Management, Branding | ||
443 | HTTPS | CDN Edge server for APK distribution | |||
US | 443 | HTTPS | Content Management, App Management, Branding | ||
443 | HTTPS | CDN Edge server for APK distribution | |||
India | 443 | HTTPS | Content Management, App Management, Branding | ||
443 | HTTPS | CDN Edge server for APK distribution | |||
MEA | https://scalefusion-mea-assets-oneidp.s3.me-central-1.amazonaws.com | 443 | HTTPS | Content Management, App Management, Branding | |
443 | HTTPS | CDN Edge server for APK distribution |
Additional Notes
TLS Support: Scalefusion supports TLSv1.2 and TLSv1.3 only; ensure your firewall permits traffic over these protocols.
Webhooks IP: 165.22.203.134 (subject to change without prior notice).
Allow wildcard subdomains (e.g., *.mobilock.in) where applicable for smoother updates.
Regular updates to firewall rules may be necessary, especially for Microsoft IP ranges and Google ASN blocks.