Good Secure WiFi: Prerequisites and System Requirements

If you are deploying Good on WiFi-enabled handhelds in your corporate environment, ensure that your access points conform to the following guidelines.

Good uses UDP packets to transmit data to Good-enabled handsets.

Some enterprises block UDP packets at the firewall, even if TCP/IP connections are allowed. In order to use Good over WiFi, the following destination ports are required to be open:

• UDP Ports 12000, 15000 - Used to pass outbound-initiated traffic to Good once the Good client is installed on the handheld
• TCP Port 80 - Used to redirect to secure port 443
• TCP Port 443 - Used for secure access to Good webstore for OTA distribution and download
• TCP Port 21 - Used to FTP logs to Good Technical Support (optional, but highly recommended)
• TCP Port 15000 - Used for attachment downloading and S/MIME

UDP security

All connections to Good's NOC are device-initiated only (but require bidirectional flow). From a security perspective, there are no significant differences between using TCP and UDP for Good's traffic. Good uses a sequenced and encrypted protocol over UDP similar to TCP.

IP addressing

Good requires customers open a range of IP addresses (Class C 216.136.156.64/27).

NAT time-outs

To ensure that Good can remain up-to-date at all times, Good requires that the NAT time-out be set to 9 minutes or longer. This will keep users connected to the network while maximizing the battery life performance on the device.

Server requirements

Good Messaging Server 4.0 or higher is required for provisioning WiFi-only handhelds. All provisioning and upgrading of Good on WiFi-only handhelds will be performed via Good's Secure OTA process.