If XMS accesses external address via a proxy server there is a list of addresses that may need to be whitelisted
Below is the list of addresses for both XMS and Sharefile
XMS Whitelist Requirements:
- *.push.apple.com (TCP 2195 & 2196)
- ax.itunes.apple.com (443)
- *.mzstatic.com (80 & 443)
- vpp.itunes.apple.com (443)
- *.notify.windows.com (80)
- play.google.com (443)
- Android.apis.google.com (443)
- Google.com (443)
- attest-api.secb2b.com (443)
- *.googleusercontent.com (443)
- *.ggpht.com (443)
- Windows.microsoft.com (80)
- windowsphone.com (80)
- Login.live.com (443)
- www.microsoft.com (80)
- gslb.secb2b.com (80, 443)
- umc-cdn.secb2b.com (443)
- bulkenrollment.s3.amazonaws.com (80)
- eula.secb2b.com (443)
- us-be-api-mssl.samsungknox.com (443)
- us-segd-api.secb2b.com (443, USA)
- eu-segd-api.secb2b.com (443, EU)
- china-segd-api.secb2b.com (443, China)
Sharefile Whitelist requirements: (all are port 443)
- *.sharefile.com
- *.sf-api.com
- *.sharefile.eu
- *.sf-api.eu
- *.citrixdata.com
- *.securevdr.com
- *.sf-event.com
- sf-cv.sharefile.com
- sf-rendering.sharefile.com
References:
- https://www.samsungknox.com/en/qa/which-servers-do-mdms-need-communicate-order-conduct-device-attestation
- Port requirements | XenMobile Server Current Release
- Firebase Cloud Messaging | XenMobile Server Current Release
- ShareFile Firewall Configuration - Domains and FTP Information for the inclusion list
- About iTunes for Windows background processes - Apple Support (NZ)
- Applications and Device Policies are failing on Samsung Knox Devices -XenMobile
Edit: Appended Samsung Knox addresses