Ports

The following table describes the main ports used to host communication between computers, distribution points, and the JAMF Software Server (JSS):

Port

Used for

Direction

22

The standard port for SSH (known as remote login in
macOS). Default port used by Casper Remote and Recon to connect to computers.

Outbound from Casper Remote and Recon, and inbound to computers

80

The standard port for HTTP. When you use HTTP to distribute files from a file share distribution point, they are downloaded on this port.

Inbound to the distribution point, and outbound from computers

443*

The standard port for HTTPS. When you use HTTPS to distribute files from a file share distribution point, they are downloaded on this port. The cloud distribution point and JDS instance also communicates on this port.

In addition, this port is used for the following:

  • Connect the JSS to the JAMF Push Proxy.

  • Connect the JSS to the patch server.

  • Required for MDM-capable computers to communicate with Apple Push Notification service (APNs).

  • Connect to Apple’s Device Enrollment Program (DEP) and Volume Purchase Program (VPP).

Note: Apple could change this port without JAMF Software knowledge.

Inbound to the distribution point, and outbound from the JSS, computers, and mobile devices

548

The standard port for Apple File Protocol (AFP). If you use an AFP share to distribute files from a file share distribution point, computers mount the AFP share on this port.

Inbound to the share, and outbound from computers

3306

The default port used by the JSS to connect to MySQL.

Outbound from the JSS, and inbound to MySQL

8443

The SSL port for the JSS. Default port used by applications and computers and mobile devices to connect to the JSS.

Inbound to the JSS, and outbound from computers and mobile devices

The following table describes other commonly used ports:

Port

Used for

Direction

25

The standard port for SMTP. The JSS connects to an SMTP server to send email notifications to JSS users.

Outbound from the JSS, and inbound to the SMTP server

 

139

If you use an SMB share to distribute files from a file share distribution point, computers mount the SMB share on this port.

Inbound to the share, and outbound from computers

389

The standard port for LDAP. Any LDAP connections—even those coming from other applications—go through the JSS. This means that only the JSS connects to your LDAP server.

Outbound from the JSS, and inbound to the LDAP server

636

The standard port for LDAPS. Any LDAP connections—even those coming from other applications—go through the JSS. This means that only the JSS connects to your LDAP server.

Outbound from the JSS, and inbound to the LDAP server

445

If you have an SMB client, such as “DAVE”, installed on computers, they may mount the SMB share on this port.

Inbound to the share, and outbound from computers

514

The default port used by the JSS to write to Syslog servers.

Outbound from the JSS, and inbound to Syslog servers

2195*

The port used to send messages from the JSS to APNs.

Outbound from the JSS, and inbound to the APNs server

2196*

The port used by the JSS to connect to APNs for feedback.

Outbound from the JSS, and inbound to the APNs server

5223*

The port used to send messages from APNs to the computers and iOS devices in your network.

Outbound from computers and iOS devices, and inbound to the APNs server

5228

The port used to send messages from Google Cloud Messaging (GCM) to the personally owned Android devices in your network.

Outbound from Android devices, and inbound to the GCM server

8080

The HTTP port for the JSS on Linux and Windows platforms. Although it is available, applications do not connect to this port unless the defaults are overridden.

N/A

9006

The HTTP port for the JSS on the Mac platform. Although it is available, applications do not connect to this port unless the defaults are overridden.

N/A

61617

The port used by the JSS to queue and dequeue messages from the message broker.

Outbound from the JSS, and inbound to the message broker

On the Mac platform, the JSS runs on ports 8443 and 9006 by default. If you decide to change these ports, you must change the port information in Tomcat’s server.xml file and in the Preferences window for each Casper Suite application.

You cannot change the default ports for SSH or SMB with the Casper Suite.

* Ports 443, 2195, 2196, and 5223 must be open outbound and inbound to the 17.0.0.0/8 address block in order for computers and iOS devices to communicate with APNs.

For detailed information on MDM troubleshooting, see the following documentation from Apple:

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2016 Jamf. All rights reserved.