支援 WNS 流量的企業防火牆和 Proxy 設定Enterprise Firewall and Proxy Configurations to Support WNS Traffic

背景Background

許多企業都使用防火牆來封鎖不必要的網路流量和埠;可惜的是,這也會封鎖像是 Windows 通知服務通訊的重要事項。Many enterprises use firewalls to block unwanted network traffic and ports; unfortunately, this can also block important things like Windows Notification Service communications. 這表示透過 WNS 傳送的所有通知都會在特定的網路設定下卸載。This means all notifications sent through WNS will be dropped under certain network configurations. 為了避免這種情況,網路系統管理員可以將已核准的 WNS Fqdn 或 Vip 清單新增至其豁免清單,以允許 WNS 流量通過防火牆。To avoid this, network admins can add the list of approved WNS FQDNs or VIPs to their exemption list to allow the WNS traffic to pass through the firewall. 以下是有關如何以及要新增的內容,以及支援不同 proxy 類型的詳細資料。Below are more details on how and what to add, as well as support for different proxy types.

Proxy 支援Proxy Support

注意

Windows 上的 WNS 推播通知目前不支援所有 proxy。WNS Push Notifications on Windows doesn't support all proxies currently. 為了獲得最佳結果,WNS 的連接必須是直接連線。For best results, the connection to WNS must be a direct connection.

我們正在積極調查不同的網路設定、proxy 和防火牆。We are actively investigating different network configurations, proxies, and firewalls. 我們很快就會更新此頁面,其中包含常見企業案例和 WNS 支援的更多詳細資料。We will update this page with more details on common enterprise scenarios and WNS support soon.

應新增至允許清單的資訊What information should be added to the allowlist

以下是一份清單,其中包含 Windows 通知服務所使用的 Fqdn、Vip 和 IP 位址範圍。Below is a list that contains the FQDNs, VIPs, and IP address ranges used by the Windows Notification Service.

重要

我們強烈建議您允許依 FQDN 列出,因為這些不會變更。We strongly suggest that you allow list by FQDN, because these will not change. 如果您允許依 FQDN 列出清單,則不需要也允許 IP 位址範圍。If you allow list by FQDN, you do not need to also allow the IP address ranges.

重要

IP 位址範圍會定期變更;基於這個原因,這些資訊不會包含在此頁面上。The IP address ranges will change periodically; because of this, they are not included on this page. 如果您想要查看 IP 範圍的清單,您可以從下載中心下載檔案: Windows 通知服務 (WNS) VIP 和 IP 範圍If you want to see the list of IP ranges, you can download the file from Download Center: Windows Notification Service (WNS) VIP and IP Ranges. 請定期回來查看,確定您有最新的資訊。Please check back regularly to make sure you have the most up-to-date information.

Fqdn、Vip、Ip 和埠FQDNs, VIPs, IPs, and Ports

無論您選擇的方法為何,您都必須允許透過 埠 443對列出的目的地進行網路流量。Regardless of the method you choose from below, you'll need to allow network traffic to the listed destinations through port 443. 下列 XML 檔中的每個元素都將在下表中說明 (詞彙和標記法) 。Each of the elements in the following XML document is explained in the table that follows it (in Terms and Notations). 這份檔刻意省略 IP 範圍,建議您只使用 Fqdn,因為 Fqdn 會維持不變。The IP ranges were intentionally left out of this document to encourage you to use only the FQDNs as the FQDNs will remain constant. 不過,您可以從下載中心下載包含完整清單的 XML 檔案: Windows Notification Service (WNS) VIP 和 IP 範圍However, you can download the XML file containing the complete list from Download Center: Windows Notification Service (WNS) VIP and IP Ranges. 新的 Vip 或 IP 範圍將在 上傳後的一周內生效New VIPs or IP ranges will be effective one week after they are uploaded.

<?xml version="1.0" encoding="UTF-8"?>
<WNSPublicIpAddresses xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <!-- This file contains the FQDNs, VIPs, and IP address ranges used by the Windows Notification Service. A new text file will be uploaded every time a new VIP or IP range is released in production.  Please copy the below information and perform the necessary changes on your site. Endpoints in CloudService nodes are used for cloud services to send notifications to WNS. Endpoints in Client nodes are used by devices to receive notifications from WNS. --> 
    <CloudServiceDNS>
    <DNS FQDN="*.notify.windows.com"/>
    </CloudServiceDNS>
    <ClientDNS>
        <DNS FQDN="*.wns.windows.com"/>
        <DNS FQDN="*.notify.live.net"/>
    </ClientDNS>
    <CloudServiceIPs>
        <IpRange Subnet=""/>
        <!-- See the file in Download Center for the complete list of IP ranges -->
    </CloudServiceIPs>
    <ClientIPsIPv4>
        <IpRange Subnet=""/>
        <!-- See the file in Download Center for the complete list of IP ranges -->
    </ClientIPsIPv4>
    <IdentityServiceDNS>
        <DNS FQDN="login.microsoftonline.com"/>
        <DNS FQDN="login.live.com"/>
    </IdentityServiceDNS>
</WNSPublicIpAddresses>

詞彙和標記法Terms and notations

以下是上述 XML 程式碼片段中使用的標記法和元素的說明。Below are explanations on the notations and elements used in the above XML snippet.

詞彙Term 說明Explanation
**小數點-十進位標記法 (亦即 64.4.28.0/26) **Dot-decimal notation (i.e. 64.4.28.0/26) 點-十進位標記法是描述 IP 位址範圍的方式。Dot-decimal notation is a way to describe the range of IP addresses. 例如,64.4.28.0/26 表示64.4.28.0 的前26個位是常數,而最後6個位是變數。For example, 64.4.28.0/26 means the first 26 bits of 64.4.28.0 are constant, while the last 6 bits are variable. 在此情況下,IPv4 範圍為 64.4.28.0-64.4.28.63。In this case, the IPv4 range is 64.4.28.0 - 64.4.28.63.
ClientDNSClientDNS 這些是用戶端裝置的完整功能變數名稱 (FQDN) 篩選 (Windows 電腦、桌面) 從 WNS 接收通知。These are the Fully-Qualified Domain Name (FQDN) filters for the client devices (Windows PCs, desktops) receiving notifications from WNS. 這些必須透過防火牆允許,WNS 用戶端才能使用 WNS 功能。These must be allowed through the firewall in order for WNS clients to use the WNS Functionality. 建議您允許-依 Fqdn (而非 IP/VIP 範圍)列出,因為它們永遠不會變更。It is recommended to allow-list by the FQDNs instead of the IP/VIP ranges, since these will never change.
ClientIPsIPv4ClientIPsIPv4 這些是用戶端裝置所存取之伺服器的 IPv4 位址, (Windows 電腦、桌面) 接收來自 WNS 的通知。These are the IPv4 addresses of the servers accessed by client devices (Windows PCs, desktops) receiving notifications from WNS.
CloudServiceDNSCloudServiceDNS 這些是您的雲端服務將用來傳送 notificatios 至 WNS 的 WNS 伺服器的完整功能變數名稱 (FQDN) 篩選。These are the Fully-Qualified Domain Name (FQDN) filters for the WNS servers your cloud service will talk to to send notificatios to WNS. 這些必須透過防火牆允許,才能讓服務傳送 WNS 通知。These must be allowed through the firewall in order for services to send WNS notifications. 建議您允許-依 Fqdn (而非 IP/VIP 範圍)列出,因為它們永遠不會變更。It is recommended to allow-list by the FQDNs instead of the IP/VIP ranges, since these will never change.
CloudServiceIPsCloudServiceIPs CloudServiceIPs 是用於雲端服務的伺服器 IPv4 位址,可將通知傳送至 WNSCloudServiceIPs are the IPv4 addresses of the servers used for cloud services to send notifications to WNS

Microsoft 推播通知服務 (MPNS) 公用 IP 範圍Microsoft Push Notifications Service (MPNS) public IP ranges

如果您使用的是舊版通知服務,您將需要新增至允許清單的 IP 位址範圍可從下載中心取得: Microsoft 推播通知服務 (MPNS) 公用 IP 範圍If you are using the legacy notification service, MPNS, the IP address ranges that you will need to add to the allow list are available from Download Center: Microsoft Push Notifications Service (MPNS) Public IP ranges.