In most public and corporate networks, one or more firewalls are configured to add an additional level of security. These firewalls permit and deny network traffic between devices on the internal network and the Internet.
If the BBM Enterprise app is being used while on a network with such firewalls configured, they might be restricting necessary network traffic and interfering with the use of the BBM Enterprise app.
If any issues are observed, customers should ensure that their firewalls are configured using the information below.
Important Notes
The wildcard (*) must allow arbitrarily subdomain levels (i.e. *.example.com must match foo.bar.baz.example.com). All communication is initiated from client to server, but once initiated, communication may flow in either direction on the established source and destination ports. Although the client makes every effort to remain connected to the infrastructure, OSes may either terminate the app or induce a deep sleep state. In these cases, the phone’s native push notification service (Google Cloud Messenger for Android or Apple Push Notification Service for iOS) is leveraged to wake the client on receipt of message or voice/video call. The following URLs need to be accessible from the customers’ networks in general (not from the mobile phones). During the process of accepting a BBME activation link via an email from the administrator, these addresses are required to support the BBID account creation. https://enterprise.blackberryid.blackberry.com/ebbidportal/createaccount https://idp.blackberry.com The BBM Enterprise app does not include explicit proxy-awareness (manual or PAC-based, anonymous or authenticated) and relies on the underlying system to handle proxies. While most of the functionality listed below can be routed over an HTTPS proxy, some functions (STUN, TURN, SRTP) cannot be routed over an HTTPS proxy and need to be whitelisted (depending on the network topology). Required IP addresses, ports and protocols
The following IP addresses, port and protocols should be allowed on corporate firewalls. This enables the BBM Enterprise app to function as expected:
Function FQDN Ports Protocol Core BBM Enterprise Functions (required for messaging capabilities) Activation (BlackBerry UEM) discoveryservice.blackberry.com (Android/iOS/Desktop) <country code>.bbsecure.com (Android/iOS/Desktop) for example, ca.bbsecure.com TCP: 443 HTTPS Identity enterprise.blackberryid.blackberry.com (Android/iOS/Desktop) idp.blackberry.com (Android/iOS/Desktop) blackberryid.blackberry.com (BB10) TCP: 443 HTTPS Messaging sip.bbm.bbmenterprise.com sip.bbmbeta.bbmenterprise.com (for beta testing only) push.bbm.bbmenterprise.com push.bbmbeta.bbmenterprise.com (for beta testing only) TCP: 443, 5061(Client will try 5061 first, and fallback to 443 on failure.) SIP-TLS Service APIs
File and avatar sharing *.bbmenterprise.com TCP: 443 HTTPS Provisioning inet.icrs.blackberry.com TCP: 443 HTTPS Stickers API goods.bbm.blackberry.com TCP: 443 HTTPS Stickers image downloads download.cdn.oly-na.blackberry.com bbmolyna.akamaized.net bbmolyeu.akamaized.net bbmolyap.akamaized.net TCP: 80, 443 HTTP, HTTPS Voice and Video Functions (required to use VVOIP features) Voice and Video Data stun.shared.bbmenterprise.com TCP: 3478 UDP: 3478 STUN turn.shared.bbmenterprise.com turn.bbmbeta.bbmenterprise.com (for beta testing only) TCP: 443,3478 UDP: 3478 TURN TCP: 10000-60000 UDP: 10000-60000 SRTP/RTCP Secondary Functions Problem Reporting quip.webapps.blackberry.com TCP: 443 HTTPS MixPanel api.mixpanel.com TCP: 80, 443 HTTP, HTTPS Glympse api.glympse.com TCP: 80, 443 HTTP, HTTPS BBM Consumer integration functions (required to see avatars for BBM Consumer contacts) Avatar downloads for BBM Consumer contacts download.cdn.oly-na.blackberry.com download.cdn.oly-eu.blackberry.com download.cdn.oly-ap.blackberry.com TCP: 80, 443 HTTP, HTTPS
