Hi everyone,

I have a question. I have a batch of experimental Macs that need to be managed and registered with Jamf.

Question 1: These experimental Macs cannot connect to the internet. Is there a way to deploy policies through Jamf?

Question 2: If internet access is needed for proper deployment, I know Jamf has port information. I would like to ask experienced experts which specific ports need to be opened.

All Macs with normal internet access can receive policies correctly. I want to know how to ensure that the network-isolated Macs can also receive policies from Jamf. Thank you, everyone.

Page 1 / 1

For jamf to function it requires APNS, this requires internet access

https://learn.jamf.com/en-US/bundle/technical-articles/page/Network_Ports_Used_by_Jamf_Pro.html

Ports used by Apple for enterprise

https://support.apple.com/en-gb/101555

Jamf even if on prem requires access to APNS on the device level. Some functions will work without the device having internet access, but not many and certainly not enough to test with.
1. If you have Jamf Cloud, that is SaaS and without access to AWS forget anything working.

Jamf and Apple both have all their ports and hosts well documented, searching the respective vendors documentation should yield all you need to know.
1. I have shoved the table that I used to ensure what we need is allowed. Be warned I have not updated it in a while, and both Apple and Jamf will make updates to these hosts/ports without notice.
2. I also put some relevant network links for source.

Use Apple products on enterprise networks - Apple Support

IP Address and Domain Changelog for Inbound/Outbound Traffic with Jamf Cloud - Technical Articles | Jamf

Network Ports Used by Jamf Pro - Technical Articles | Jamf

External ports needed:

Apple:

*.apple.com – 17.0.0.0/8 block
- Ports: 80, 123, 443, 2197, 5223
- Apple notes that the entire 17.0.0.0/8 block is assigned to them.

MacOS Updates
- ns.itunes.apple.com:443
- gnf-mdn.apple.com:443
- gnf-mr.apple.com:443
- gs.apple.com:443
- skl.apple.com:443
- appldnld.apple.com.edgesuite.net:80
- appldnld.apple.com:80
- configuration.apple.com:443
- gg.apple.com:80
- gg.apple.com:443
- gs.apple.com:80
- ig.apple.com:443
- itunes.com:80
- mesu.apple.com:80
- mesu.apple.com:443
- oscdn.apple.com:80
- oscdn.apple.com:443
- osrecovery.apple.com:80
- osrecovery.apple.com:443
- swcdn.apple.com:80
- swdist.apple.com:44
- swdownload.apple.com:80
- swdownload.apple.com:443
- swscan.apple.com:443
- updates-http.cdn-apple.com:80
- updates.cdn-apple.com:443
- xp.apple.com:443
- time.apple.com:443

Apple traffic
- Ports 443

JAMF Pro:

JAMF Cloud: You Jamf Cloud URL if hosted
- Ports: 80, 443, 8080, 8443

SelfService Icons: https://ics.services.jamfcloud.com/icon/hash_64298c027ff4212de9ef53b218a42864dc375a6db956e0d4fc70b69b257a8ce5
- Ports: 443

JAMF Cloud Distribution Point: use1-jcds.services.jamfcloud.com
- Ports: 443

JAMF Cloud Distribution Point: jcds.services.jamfcloud.com
- Ports: 443

Internal ports needed:

JAMF distribution point: \\\\sharedrive\\JSSDP – (IP address here if static)
- Ports: 445/137-139

Documentation: https://www.jamf.com/jamf-nation/articles/34/network-ports-used-by-jamf-pro

External ports needed:

Apple:

JAMF Pro:

Internal ports needed:

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded