Firewall Ports, IP Addresses, and URLs Used by Jamf School
This article describes the firewall ports, IP addresses, and URLs used for connections with Jamf School, the Jamf School server, and Jamf School apps.
Network Ports to Safelist
Port |
Protocol |
Description |
Connections Initiated |
5223/443 |
TCP |
Ensures Jamf School can communicate properly with managed devices. Be sure to allow outbound connections to and redirects from Apple’s 17.0.0.0/8 block over these ports from all client networks. This ensures that Apple Push Notification service (APNs) will function correctly on your network. |
To Jamf School and to APNs. |
389/636 |
LDAP or LDAPS |
Directory service integration via LDAP (389) or LDAP over SSL (LDAPS/636) can be used for user authentication, device assignment, and user information and group membership lookups.
|
Jamf School server to LDAP/Domain controller Note: All Jamf School server LDAP connections will originate from the Jamf School server. |
In addition to the ports in the table, see the following articles from Apple's support website for additional ports that must be safelisted:
-
TCP and UDP ports used by Apple software products
Learn about TCP and UDP ports used by Apple products. -
Use Apple products on enterprise networks
Learn which hosts and ports are required to use your Apple products on enterprise networks.
IP Addresses to Safelist
IP Address |
Description |
17.0.0.0/8 |
Load balancing requests to APNs servers come from these IP addresses. |
18.211.254.129 |
(U.S. regions, LDAP only) Authentication requests to your LDAP server may come from these IP addresses. |
94.130.139.182 |
(EU Frankfurt region, LDAP only) Authentication requests to your LDAP server may come from these IP addresses. |
URLs to Safelist
URL |
Description |
schoolname.jamfcloud.com/api |
Ensures scripting works properly. |
*.jamfcloud.com |
The *.jamfcloud.com address must be safelisted with a " * " wildcard because several different addresses are used for different services. |
schoolname.jamfcloud.com/enroll/oauth schoolname.jamfcloud.com/onboarding/oauth |
(Microsoft Azure only) Allows users to authenticate with Microsoft Azure during enrollment. |
schoolname.jamfcloud.com/link |
(Microsoft Azure only) Used to automatically deploy the web clip when a user is not assigned to a device or enrollment authentication is configured after a device completes Setup Assistant. |
schoolname.jamfcloud.com/enroll/oauth schoolname.jamfcloud.com/onboarding/oauth |
(Google Secure LDAP only) Allows users to authenticate with Google Secure LDAP during enrollment. |
In addition to the URLs in the table, see About macOS, iOS, and iTunes server host connections and iTunes background processes from Apple's support website for additional URLs that must be safelisted.
Email Addresses to Safelist
Email Address |
Description |
*@jamfschool.com |
Notifications from your Jamf School server come from this email address. |
*@jamf.com |
Notifications from Jamf come from this email address. |
Related Information
For related information, see the following articles from Apple's support website:
-
If your macOS and iOS clients aren't getting Apple push notifications
Learn what to do if your devices don’t see Apple push notifications when connected to a network. -
Troubleshooting Push Notifications
Describes techniques you can use to resolve issues with sending and receiving push notifications on macOS and iOS devices.