BBM Enterprise Desktop and Phone

Configuring Corporate Firewalls to support BBM Enterprise

Last updated:

In most public and corporate networks, one or more firewalls are configured to add an additional level of security. These firewalls permit and deny network traffic between devices on the internal network and the Internet.

If the BBM Enterprise app is being used while on a network with such firewalls configured, they might be restricting necessary network traffic and interfering with the use of the BBM Enterprise app.

If any issues are observed, customers should ensure that their firewalls are configured using the information below.

Important Notes

  • The wildcard (*) must allow arbitrarily subdomain levels (i.e. *.example.com must match foo.bar.baz.example.com).
  • All communication is initiated from client to server, but once initiated, communication may flow in either direction on the established source and destination ports.
  • Although the client makes every effort to remain connected to the infrastructure, OSes may either terminate the app or induce a deep sleep state. In these cases, the phone’s native push notification service (Google Cloud Messenger for Android or Apple Push Notification Service for iOS) is leveraged to wake the client on receipt of message or voice/video call.
  • The following URLs need to be accessible from the customers’ networks in general (not from the mobile phones). During the process of accepting a BBME activation link via an email from the administrator, these addresses are required to support the BBID account creation.
    • https://enterprise.blackberryid.blackberry.com/ebbidportal/createaccount
    • https://idp.blackberry.com
  • The BBM Enterprise app does not include explicit proxy-awareness (manual or PAC-based, anonymous or authenticated) and relies on the underlying system to handle proxies. While most of the functionality listed below can be routed over an HTTPS proxy, some functions (STUN, TURN, SRTP) cannot be routed over an HTTPS proxy and need to be whitelisted (depending on the network topology).


Required IP addresses, ports and protocols

The following IP addresses, port and protocols should be allowed on corporate firewalls. This enables the BBM Enterprise app to function as expected:

Function FQDN Ports Protocol
Core BBM Enterprise Functions (required for messaging capabilities)
Activation (BlackBerry UEM)
  • discoveryservice.blackberry.com (Android/iOS/Desktop)
  • <country code>.bbsecure.com (Android/iOS/Desktop) for example, ca.bbsecure.com
TCP: 443 HTTPS
Identity
  • enterprise.blackberryid.blackberry.com (Android/iOS/Desktop)
  • idp.blackberry.com (Android/iOS/Desktop)
  • blackberryid.blackberry.com (BB10)
TCP: 443 HTTPS
Messaging
  • sip.bbm.bbmenterprise.com
  • sip.bbmbeta.bbmenterprise.com (for beta testing only)
  • push.bbm.bbmenterprise.com
  • push.bbmbeta.bbmenterprise.com (for beta testing only)
TCP: 443, 5061

(Client will try 5061 first, and fallback to 443 on failure.)

SIP-TLS
Service APIs

File and avatar sharing

  • *.bbmenterprise.com
TCP: 443 HTTPS
Provisioning
  • inet.icrs.blackberry.com
TCP: 443 HTTPS
Stickers API
  • goods.bbm.blackberry.com
TCP: 443 HTTPS
Stickers image downloads
  • download.cdn.oly-na.blackberry.com
  • bbmolyna.akamaized.net
  • bbmolyeu.akamaized.net
  • bbmolyap.akamaized.net
TCP: 80, 443 HTTP, HTTPS
Voice and Video Functions (required to use VVOIP features)
Voice and Video Data
  • stun.shared.bbmenterprise.com
TCP: 3478
UDP: 3478
STUN
  • turn.shared.bbmenterprise.com
  • turn.bbmbeta.bbmenterprise.com (for beta testing only)
TCP: 443,3478
UDP: 3478
TURN
TCP: 10000-60000
UDP: 10000-60000
SRTP/RTCP
Secondary Functions
Problem Reporting
  • quip.webapps.blackberry.com
TCP: 443 HTTPS
MixPanel
  • api.mixpanel.com
TCP: 80, 443 HTTP, HTTPS
Glympse
  • api.glympse.com
TCP: 80, 443 HTTP, HTTPS
BBM Consumer integration functions (required to see avatars for BBM Consumer contacts)
Avatar downloads for BBM Consumer contacts
  • download.cdn.oly-na.blackberry.com
  • download.cdn.oly-eu.blackberry.com
  • download.cdn.oly-ap.blackberry.com
TCP: 80, 443 HTTP, HTTPS

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services