Hi
I am setting up a MacMini server to administer 30 iPhones using Apple Profile manager.
Apple say for APNs traffic to get past your firewall, you'll need to open these ports:
TCP port 5223 (used by devices to communicate to the APNs servers)
TCP port 2195 (used to send notifications to the APNs)
TCP port 2196 (used by the APNs feedback service)
TCP Port 443 (used as a fallback on Wi-fi only, when devices are unable to communicate to APNs on port 5223)

I have done this but I am struggling on the next requirement which states

The APNs servers use load balancing. Your devices will not always connect to the same public IP address for notifications. The entire 17.0.0.0/8 address block is assigned to Apple, so it's best to allow this range in your firewall settings.

How do I do this, I don't understand what it means.

We have a 2820n.

Any help would be appreciated.
Thnaks
Mark

It means you have to pass the ports listed and the 17.0.0.0/8 will be the source address (about 16million addresses)

hey, 16 million addresses, surely not.
I've opened the ports, they are just telling me to allow this additional range through the firewall, surely this can be done simply.
Could it be a Data Filter I need to add, if so any help doing this would be appreciated.

We also have a Draytek 3900, would it be simpler to achieve this on that device?

create all the services objects for the ports above and then add them into a services group...
Go to Data filter and create a new filter with the source as the /16 subnet and the services as the group you have created and the action to pass.

thanks for your help, I was away yesterday but will give it a go now, cheers