I am setting up my Jamf environment to be accessible from off site. My netadmin wants a list of port numbers used by Jamf so he can only open needed ports. I am trying to figure out what ports are needed on what servers.
My JamfPro environment.
-jamfpro.domain is my connection point. It is my admin access and it is what my clients connect to in my cluster.
-jamf.domain is my database server. This is also my "JamfPro URL" so if I understood the documentation correctly the clients connect to jamfpro and then use jamf only as the database connection.
-jamfrepo.domain is my repo or storage for my environment.
What I am trying to figure of is what system need what ports open. I know the webapp needs 8443 and the DB need 3306 and my repo needs 445/137–139 ports for SMB. But past that I do not know what system needs the APN ports and what needs SMTP port open. I looked at the documentation on but it doesn't say if clustered what system need what ports.
Appreciate any direction on this. Thanks.
@jray10 You really do not want to be opening SMB for external access. You'd be much better off setting up https content delivery which would be over port 443.
I'm also confused by your reference that your database server address is your "Jamf Pro URL". That would normally use the address of your JSS app server, not your MySQL server. Keep in mind that URL needs to resolve for client machines on or off your network, so unless your JSS app server has a public IP address you're going to need to use split DNS to provide a different IP for that URL to external networks.
@jray10 Yes, if you change the JamfPro URL you'll have to re-enroll all of your machines. For Macs (I can't speak for the process with iOS devices) Jamf has a tool called ReEnroller that simplifies things if you're not using DEP. You'll have to ask your Jamf technical contact for information about it.