If you are writing an iOS application that needs to communication with the Apple APN (Apple Push Notification) servers, or if you are are an end user behind a strict firewall, the information below can be used to correctly configure the firewall rules to allow access.
Apple own the 220.127.116.11/8 address block, so you should be safe to allow access to just that destination network.
This applies if you are writing a app that needs to send push notifications to Apple’s push notification servers.
|2195||TCP||Push notification services|
|2196||TCP||Push notification feedback services|
The following ports will need to be allowed on your firewall to allow you to receive push notifications from Apple.
|5223||TCP||Push notification data|
|443||TCP||Fallback push notification data when port 5223 is blocked|
According to the Apple documentation, iOS devices will try to use the cellular network first, and will only use wi-fi as a fallback.