Required Network Configurations for Open Mobile Access

For maximum connectivity, customer firewalls, proxies and other network systems must allow access from the various services that comprise the iPass Open Mobile Service. We have two options for our customers to follow, based on the stringency of their security policies. The Simple option keeps the number of rules to a minimum by opening up only the required ports, but allows all hosts from the iPass production networks. The Advanced option utilizes the same ports, but allows the customer to lock down the firewall to just the hosts that are currently in service. While this works just as well, it requires more rules in your firewalls, and if iPass adds services in the future, you may need to revisit these rules and open more hosts to our service.

If you are experiencing issues connecting to an on-campus Wi-Fi network using auth method EAP-TTLS, please visit special note on McAfee 8.7.0.

Simple Option

This option opens up only the necessary TCP ports to two /20 blocks of IP space that are owned and maintained by iPass. TCP ports 80, 443 and 577 must be opened from the following IP blocks in order for the iPass Open Mobile service to function. If you are configuring a device that uses a white-listing format (such as an Access Gateway), you should allow the domains of as well as

IP Addresses Location ( - All iPass Data Centers

Advanced Option

If you use the Advanced Option, you will need to return to this page occasionally to make sure that your configuration is up-to-date.

The following advanced configuration allows the customer to allow only the specific hosts that are currently in use.

Users' devices as well as your servers must communicate with iPass servers. Below, you will find different iPass servers, along with the IP addresses and ports that must be able to communicate with them.


The iPass RoamServer links the customer network to the iPass Network. It serves as a secure relay between the enterprise authentication database and the iPass Transaction centers. It is installed on the customer network, or can be hosted by iPass or an iPass partner.

The following IP addresses must be able to communicate with the iPass RoamServer through TCP on port 577:

These IP addresses are strictly for configuration of firewalls and similar devices, and should not be used for other purposes. In general, these IP addresses cannot be directly contacted, such as through a PING utility.

RoamServer Remote Manager

The iPass RoamServer Remote Manager (RSRM) is installed on the customer network and securely links the customer's authentication database with the iPass Open Mobile Portal. It allows the administrator to assign profiles to common name (cn) groups of users.

The following IP addresses must be able to communicate with the iPass RoamServer Remote Manger (RSRM) through TCP on ports 8443:


Open Mobile Administration

Open Mobile Portal

The Open Mobile Portal URL is, and the ports required to reach the management system are TCP ports 80 and 443. The IP addresses for the Portal include:


Open Mobile Client

The Open Mobile client must have access to the servers, URLs, and processes listed here.

Open Mobile Data Collector

The Open Mobile Data Collector receives connection and system information reported by the client and ties it to the reports available in Open Mobile Insight.

The Data Collector requires TCP ports 80 and 443, and the URL is The following IP addresses must be accessible:


Open Mobile Update Server

The Open Mobile Update Server informs clients if updates are available for Open Mobile software, configurations or directories.

The Update Server requires TCP port 80, and the URL's are and The following IP addresses must be accessible:


Open Mobile Download Server

The Open Mobile Download Server retrieves update files for Open Mobile software, configurations, and directories.

The Download Server requires TCP port 443, and the URL is The following IP addresses must be accessible:


iPass Client ID Servers

iPass Client ID servers are contacted the first time an iPass client makes a network connection, to obtain a unique client identifier. The identifier is used in all transactions to ensure security of client connections. ClientID servers communicate through TCP port 80, and the URL is Access is required to the following IP addresses in order to obtain the ID:



OpenAccess service needs to register with the server through ports 80 and 443 at the following URL:

The following URLs should also be available for OpenAccess:

Sniff Servers

The iPass Sniff Servers are used by Open Mobile to determine if an Internet connection can be made, or if further action (such as accepting local terms and conditions) is required. The sniff servers communicate through TCP port 80, and the URLs are and Currently all sniff servers are on CDN utilizing dynamic IP addresses. Customers must therefore add DNS based ACLs to whitelist both URLs.

Connection Quality Test Servers

These servers are only required for the Connection Quality Indicator and Speed Test features on Open Mobile clients. The Connection Quality Test servers communicate through TCP port 80 over HTTP, and the URLs are:

Currently all Speed Test servers are on CDN utilizing dynamic IP addresses. Customers must therefore add DNS based ACLs to whitelist both URLs.

Push notification Server

Client retrieves any iPass push notification messages from this service:

Wi-Fi Hotspot Server

Client calls this service for the Wi-Fi Hotspot Finder location services:

SmartConnect DNS server

Client uses this for DNS communication to SmartConnect for connection management guidance (but NOT when it senses a “point of interest” on a LAN/WLAN connection made outside of our client… i.e. home or office network)

SmartConnect server

SmartConnect connection management server (instructs client on best available network base on location).

Log server

Client auto-uploads logs on connection attempt failure (vs user manually sending logs to

Local Windows Client Processes

On Windows platforms, these Open Mobile processes must be running in order for the Open Mobile client to have full functionality. Each must be allowed explicit access through the user’s personal firewall.

Process Description
iMobility.exe Main executable for the Open Mobile client.
iMobilityService.exe Controls the user interface and intermediates between iMobility.exe and the Open Mobile platform.
iPlatformService.exe Main service that controls policy enforcement.
iPlatformHost.exe (2 instances) Enables the client to impersonate the user or system account. Two instances must be running: one each in the system and user contexts.
iPassLogonPolicy.exe Enables Windows Logon Processing.


©2015 iPass Inc. All rights reserved. Terms of Use