Firewall Ports, IP Addresses, and URLs Used by Jamf School

This article describes the firewall ports, IP addresses, and URLs used for connections with Jamf School, the Jamf School server, and Jamf School apps.

Network Ports to Safelist

Port

Protocol

Description

Connections Initiated

5223/443

TCP

Ensures Jamf School can communicate properly with managed devices. Be sure to allow outbound connections to and redirects from Apple’s 17.0.0.0/8 block over these ports from all client networks. This ensures that Apple Push Notification service (APNs) will function correctly on your network.

To Jamf School and to APNs.

389/636

LDAP or LDAPS

Directory service integration via LDAP (389) or LDAP over SSL (LDAPS/636) can be used for user authentication, device assignment, and user information and group membership lookups.

 

Jamf School server to LDAP/Domain controller

Note: All Jamf School server LDAP connections will originate from the Jamf School server.

In addition to the ports in the table, see the following articles from Apple's support website for additional ports that must be safelisted:

IP Addresses to Safelist

IP Address

Description

17.0.0.0/8

Load balancing requests to APNs servers come from these IP addresses.

143.55.224.122

Emails from Jamf School come from this IP address.

18.211.254.129
35.172.167.222
52.7.228.194
34.227.122.7

(U.S. regions, LDAP only) Authentication requests to your LDAP server may come from these IP addresses.

94.130.139.182
94.130.139.190
94.130.139.187
94.130.243.182
94.130.139.188
212.178.82.42
94.130.10.180 (beta)
18.194.106.10
18.194.230.93
3.124.51.124

(EU Frankfurt region, LDAP only) Authentication requests to your LDAP server may come from these IP addresses.

URLs to Safelist

URL

Description

schoolname.jamfcloud.com/api

Ensures scripting works properly.

*.jamfcloud.com

The *.jamfcloud.com address must be safelisted with a " * " wildcard because several different addresses are used for different services.

schoolname.jamfcloud.com/enroll/oauth

schoolname.jamfcloud.com/onboarding/oauth

(Microsoft Azure only) Allows users to authenticate with Microsoft Azure during enrollment.

schoolname.jamfcloud.com/link

(Microsoft Azure only) Used to automatically deploy the web clip when a user is not assigned to a device or enrollment authentication is configured after a device completes Setup Assistant.

schoolname.jamfcloud.com/enroll/oauth

schoolname.jamfcloud.com/onboarding/oauth

(Google Secure LDAP only) Allows users to authenticate with Google Secure LDAP during enrollment.

In addition to the URLs in the table, see About macOS, iOS, and iTunes server host connections and iTunes background processes from Apple's support website for additional URLs that must be safelisted.

Email Addresses to Safelist

Email Address

Description

*@jamfschool.com

Notifications from your Jamf School server come from this email address.

*@jamf.com

Notifications from Jamf come from this email address.

Related Information

For related information, see the following articles from Apple's support website:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.