Firewall Ports, IP Addresses, and URLs Used by Jamf School
This article describes the firewall ports, IP addresses, and URLs used for connections with Jamf School, the Jamf School server, and Jamf School apps.
Ports
To ensure that Jamf School can communicate properly with managed devices and Apple, safelist the following ports:
|
Port |
Protocol |
Description |
Connections Initiated |
|
5223/443 |
TCP |
Ensures Jamf School can communicate properly with managed devices. Be sure to allow outbound connections to and redirects from Apple’s 17.0.0.0/8 block over these ports from all client networks. This ensures that Apple Push Notification service (APNs) will function correctly on your network. |
To Jamf School and to APNs. |
|
389/636 |
LDAP or LDAPS |
Directory service integration via LDAP (389) or LDAP over SSL (LDAPS/636) can be used for user authentication, device assignment, and user information and group membership lookups.
|
Jamf School server to LDAP/Domain controller Note: All Jamf School server LDAP connections will originate from the Jamf School server. |
In addition to the ports in the table, see the following articles from Apple's support website for additional ports that must be safelisted:
-
TCP and UDP ports used by Apple software products
Learn about TCP and UDP ports used by Apple products. -
Use Apple products on enterprise networks
Learn which hosts and ports are required to use your Apple products on enterprise networks.
IP Addresses
Ensure that the following IP addresses are safelisted:
|
IP Address |
Description |
|
17.0.0.0/8 |
Load balancing requests to APNs servers come from these IP addresses. |
|
18.211.254.129 |
(U.S. regions, LDAP only) Authentication requests to your LDAP server may come from these IP addresses. |
|
94.130.139.182 |
(EU Frankfurt region, LDAP only) Authentication requests to your LDAP server may come from these IP addresses. |
URLs
Apple software, including iOS, macOS, and iTunes, uses different ports and servers to connect to various services. iTunes for Windows also installs some processes that run in the background when the software is open. To avoid app installation issues, make sure to safelist the URLs in the following article from Apple's support website: https://support.apple.com/HT201999
In addition to safelisting the URLs used by Apple, ensure the following URLs are also safelisted:
|
URL |
Description |
|
schoolname.jamfcloud.com/api |
Ensures scripting works properly. |
|
*.jamfcloud.com |
The *.jamfcloud.com address must be safelisted with a " * " wildcard because several different addresses are used for different services. |
|
schoolname.jamfcloud.com/enroll/oauth schoolname.jamfcloud.com/onboarding/oauth |
(Microsoft Azure only) Allows users to authenticate with Microsoft Azure during enrollment. |
|
schoolname.jamfcloud.com/link |
(Microsoft Azure only) Used to automatically deploy the web clip when a user is not assigned to a device or enrollment authentication is configured after a device completes Setup Assistant. |
|
schoolname.jamfcloud.com/enroll/oauth schoolname.jamfcloud.com/onboarding/oauth |
(Google Secure LDAP only) Allows users to authenticate with Google Secure LDAP during enrollment. |
Email Addresses
Jamf and Jamf School use specific email addresses to send notifications and announcements. It is recommended that you safelist the email addresses in the table below to continue to receive notifications from Jamf and Jamf School.
|
Email Address |
Description |
|
*@jamfschool.com |
Notifications from your Jamf School server come from this email address. |
|
*@jamf.com |
Notifications from Jamf come from this email address. |
Related Information
For related information, see the following articles from Apple's support website:
-
If your macOS and iOS clients aren't getting Apple push notifications
Learn what to do if your devices don’t see Apple push notifications when connected to a network. -
Troubleshooting Push Notifications
Describes techniques you can use to resolve issues with sending and receiving push notifications on macOS and iOS devices.