The article below will guide you on how to set up your network in the best way for Android EMM devices.
In general, Android devices do not require inbound ports opened on the network to function.
IT Admins, however, will need to be aware of several outbound connections when setting up their network environments for Android Enterprise.
There are several endpoints for enterprise management API’s both current and past versions. Also, take note that you can safely block port 80 for these URLs as most of these endpoints are not browsable.
Take note that traffic to these endpoints needs to also bypass SSL inspection as intercepted traffic to Google services can be interpreted to be a person in the middle attacks are blocked.
It is advisable to contact your device manufacturer for any extra ports that may be required.
For the devices to function properly, OEM’s often have their own hosts that need to be reached.
Depending on if an EMM console is located on-premise, to create a Managed Google Play Enterprise and to access the Managed Google Play iFrame, the destinations below need to be reachable from the network. Managed Play iFrame is available from Google to EMM developers for approval of apps and to simplify the search.
You should allow your firewall to accept outgoing connections to all addresses contained in the IP blocks listed in Google’s ASN. Unfortunately, Google does not provide specific IP addresses for its endpoints. Please find the list for Google’s ASN of 15169 here.
Please let us know if you found this helpful!
Thanks for reading :)