Firewall Ports, IP Addresses, and URLs Used by Jamf School

This article describes the firewall ports, IP addresses, and URLs used for connections with Jamf School, the Jamf School server, and Jamf School apps.

Ports

To ensure that Jamf School can communicate properly with managed devices and Apple, safelist the following ports:

Port

Protocol

Description

Connections Initiated

5223/443

TCP

Ensures Jamf School can communicate properly with managed devices. Be sure to allow outbound connections to and redirects from Apple’s 17.0.0.0/8 block over these ports from all client networks. This ensures that Apple Push Notification service (APNs) will function correctly on your network.

To Jamf School and to APNs.

389/636

LDAP or LDAPS

Directory service integration via LDAP (389) or LDAP over SSL (LDAPS/636) can be used for user authentication, device assignment, and user information and group membership lookups.

 

Jamf School server to LDAP/Domain controller

Note: All Jamf School server LDAP connections will originate from the Jamf School server.

In addition to the ports in the table, see the following articles from Apple's support website for additional ports that must be safelisted:

IP Addresses

Ensure that the following IP addresses are safelisted:

IP Address

Description

17.0.0.0/8

Load balancing requests to APNs servers come from these IP addresses.

18.211.254.129
35.172.167.222
52.7.228.194
34.227.122.7

(U.S. regions, LDAP only) Authentication requests to your LDAP server may come from these IP addresses.

94.130.139.182
94.130.139.190
94.130.139.187
94.130.243.182
94.130.139.188
212.178.82.42
94.130.10.180 (beta)
18.194.106.10
18.194.230.93
3.124.51.124

(EU Frankfurt region, LDAP only) Authentication requests to your LDAP server may come from these IP addresses.

URLs

Apple software, including iOS, macOS, and iTunes, uses different ports and servers to connect to various services. iTunes for Windows also installs some processes that run in the background when the software is open. To avoid app installation issues, make sure to safelist the URLs in the following article from Apple's support website: https://support.apple.com/HT201999

In addition to safelisting the URLs used by Apple, ensure the following URLs are also safelisted:

URL

Description

schoolname.jamfcloud.com/api

Ensures scripting works properly.

*.jamfcloud.com

The *.jamfcloud.com address must be safelisted with a " * " wildcard because several different addresses are used for different services.

schoolname.jamfcloud.com/enroll/oauth

schoolname.jamfcloud.com/onboarding/oauth

(Microsoft Azure only) Allows users to authenticate with Microsoft Azure during enrollment.

schoolname.jamfcloud.com/link

(Microsoft Azure only) Used to automatically deploy the web clip when a user is not assigned to a device or enrollment authentication is configured after a device completes Setup Assistant.

schoolname.jamfcloud.com/enroll/oauth

schoolname.jamfcloud.com/onboarding/oauth

(Google Secure LDAP only) Allows users to authenticate with Google Secure LDAP during enrollment.

Email Addresses

Jamf and Jamf School use specific email addresses to send notifications and announcements. It is recommended that you safelist the email addresses in the table below to continue to receive notifications from Jamf and Jamf School.

Email Address

Description

*@jamfschool.com

Notifications from your Jamf School server come from this email address.

*@jamf.com

Notifications from Jamf come from this email address.

Related Information

For related information, see the following articles from Apple's support website:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.