Help

Port numbers for external network use

iVoidWarrantiez
New Contributor III

Posted on ‎11-05-2019 06:50 PM

I am setting up my Jamf environment to be accessible from off site. My netadmin wants a list of port numbers used by Jamf so he can only open needed ports. I am trying to figure out what ports are needed on what servers.

My JamfPro environment.
-jamfpro.domain is my connection point. It is my admin access and it is what my clients connect to in my cluster.
-jamf.domain is my database server. This is also my "JamfPro URL" so if I understood the documentation correctly the clients connect to jamfpro and then use jamf only as the database connection.
-jamfrepo.domain is my repo or storage for my environment.

What I am trying to figure of is what system need what ports open. I know the webapp needs 8443 and the DB need 3306 and my repo needs 445/137–139 ports for SMB. But past that I do not know what system needs the APN ports and what needs SMTP port open. I looked at the documentation on but it doesn't say if clustered what system need what ports.

Appreciate any direction on this. Thanks.

Labels:
0 Kudos
Reply
4 REPLIES 4

mm2270
Legendary Contributor III

Posted on ‎11-06-2019 05:55 AM

In case you haven't seen it yet, this KB may help a bit:
https://www.jamf.com/jamf-nation/articles/34/network-ports-used-by-jamf-pro

0 Kudos
Reply

sdagley
Esteemed Contributor II

Posted on ‎11-06-2019 06:37 AM

@jray10 You really do not want to be opening SMB for external access. You'd be much better off setting up https content delivery which would be over port 443.

I'm also confused by your reference that your database server address is your "Jamf Pro URL". That would normally use the address of your JSS app server, not your MySQL server. Keep in mind that URL needs to resolve for client machines on or off your network, so unless your JSS app server has a public IP address you're going to need to use split DNS to provide a different IP for that URL to external networks.

0 Kudos
Reply

iVoidWarrantiez
New Contributor III

Posted on ‎11-08-2019 07:20 PM

@sdagley You are correct and I feel silly. I read that completely wrong. I am points all my clients to my DB system. If I change my JamfPro URL in production to my other Jamf Server will I have to re enroll all my machines?

0 Kudos
Reply

sdagley
Esteemed Contributor II

Posted on ‎11-08-2019 08:53 PM

@jray10 Yes, if you change the JamfPro URL you'll have to re-enroll all of your machines. For Macs (I can't speak for the process with iOS devices) Jamf has a tool called ReEnroller that simplifies things if you're not using DEP. You'll have to ask your Jamf technical contact for information about it.

0 Kudos
Reply