Updates to Inbound/Outbound Traffic with Jamf Cloud

JustinV
Contributor
Contributor

As a follow-up to a recent post regarding some additional IP address that have been included in the Outbound traffic from Jamf Cloud, below is a list of the Outbound IP Address that have been added.  For a complete list, please see the “Permitting Inbound/Outbound Traffic with Jamf Cloud” document located here: 

Permitting Inbound/Outbound Traffic with Jamf Cloud - Technical Articles | Jamf

 

Regions

IP Addresses

U.S. (All Regions)

  • 3.20.128.255

  • 13.59.243.28

  • 3.136.211.17

  • 34.210.123.67

  • 52.34.235.199

  • 44.233.235.210

  • 3.143.53.82

  • 3.143.197.217

  • 3.138.59.62

  • 44.241.188.201

  • 35.80.208.227

  • 44.242.64.192

  • 3.23.255.131

  • 3.143.15.105

  • 3.130.63.29

  • 52.89.86.60

  • 44.234.217.245

  • 52.34.212.159

eu-central-1

  • 18.195.58.189

  • 3.120.154.185

  • 3.66.207.103

  • 3.65.178.125

  • 3.65.51.99

  • 35.156.181.161

  • 18.196.78.65

  • 52.28.3.192

  • 3.72.173.10

eu-west-2

  • 13.41.154.59

  • 3.11.42.21

  • 18.135.155.218

  • 18.168.143.142

  • 18.135.241.236

  • 18.168.141.199

  • 3.11.44.253

  • 3.10.137.75

  • 3.9.2.225

ap-southeast-2

  • 54.206.173.175

  • 3.104.44.73

  • 13.238.243.110

  • 54.66.206.125

  • 3.105.58.84

  • 54.66.50.46

  • 13.54.246.87

  • 3.104.26.210

  • 3.104.192.79

ap-northeast-1

  • 35.73.182.167

  • 52.193.183.171

  • 52.68.37.126

  • 54.249.138.76

  • 52.199.158.122

  • 18.179.66.33

  • 52.194.126.113

  • 54.238.65.71

  • 54.65.212.193

 

7 REPLIES 7

Fitzwater
New Contributor II

Why were the specific US regions removed from https://docs.jamf.com/technical-articles/Permitting_InboundOutbound_Traffic_with_Jamf_Cloud.html?  Now only U.S. (All Regions) is available.  The page used to have IP's for each US region (e.g.: us-west-2).

TomCr
New Contributor II
New Contributor II

Thanks for your inquiry.  The IP addresses have been consolidated in one U.S. region to ensure all our clients are covered should their instance ever get moved to another region.  While this is rare, we’ve had some situations where clients have requested their instance be moved to another region but subsequently didn’t update their IP addresses which resulted in some issues.  Additionally, in some rare situations we’ve had to fail over client instances to another region, again causing some IP challenges.  In light of this, we have consolidated the IP addresses to U.S. (All Regions) to help mitigate some edge cases that occasionally arise.

tmagdziasz
New Contributor III

so you consolidated to a single list to accommodate a minority when the majority just need a smaller list for there instance....

SPJamf
New Contributor

Would this cause issues with Jamf Cloud distribution point? All of our packages are missing as of last week. When we run a test for the Distribution Point, get an error "Error sending message: Cannot contact CCM Server"

TomCr
New Contributor II
New Contributor II

Apologies for the delay in response.  This should be unrelated however can you please submit a support ticket here and a support technician should be able to help research further.  Thank you

Aziz
Valued Contributor

Hey @JustinV & @TomCr,

 

Could Jamf explore the option of creating a publicly available External Dynamic List (EDL) of Jamf Cloud Outbound IP addresses. This way, NGFWs can automatically ingest this list and maintain an up to date allow list without interaction. This reduces downtime if Jamf were to add/remove IP addresses.

This also helps customers not have to create 50+ Jamf Cloud IP objects on our firewall.

Jamf Cloud EDL Examples (not real):

Real hosted EDL for Amazon (US ALL): https://saasedl.paloaltonetworks.com/feeds/aws/us/any/ipv4

 

Creating your own EDL:


https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol...

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol...

 

Signing up for Palo Alto Hosted EDL

https://docs.paloaltonetworks.com/resources/edl-hosting-service

 

Thank you.

YES this is exactly what I need, or please publish the IPs in JSON format so I can write automation to pull IPs and create my own EDL. similar to what github does here https://api.github.com/meta