I'm an engineer at an MDM vendor.
MDM push to devices via Apple Push Notification Service (APNs).
According to the document below, port 5223 needs to be opened in order for the device to communicate with APNs.
<https://support.apple.com/ja-jp/guide/deployment/dep2de55389a/web>
<https://support.apple.com/ja-jp/102266>
<https://support.apple.com/ja-jp/HT210060>
Does this port need to be open for both in and out?
Or should I only open out?
in : APNs → iOS Device
out: iOS Device → APNs