Help

What are the IP addresses that Jamf Pro uses (for packet filter rules)?

user-kLQvMDaHBi
New Contributor

Posted on ‎04-06-2021 05:50 AM

Hello,

Our system currently uses pf (packet filter) to allow only certain IP addresses on certain ports to pass through. As we are enrolling this units with Jamf, we would like to know what are the IP addresses that Jamf Pro uses that we will need to whitelist?

Thank you so much!

0 Kudos
3 REPLIES 3

sdagley
Esteemed Contributor II

Posted on ‎04-06-2021 07:34 AM

@user-kLQvMDaHBi Are you using a Jamf Cloud hosted instance? If so, refer to Permitting Inbound/Outbound Traffic with Jamf Cloud. You will also need to allow access to Apple servers as documented in Use Apple products on enterprise networks.

0 Kudos

user-kLQvMDaHBi
New Contributor

Posted on ‎04-06-2021 12:32 PM

Hi @sdagley ,

Thank you for your reply! I have two follow-up questions.

  1. In the link you referred to for Jamf Cloud, under header "Outbound Traffic from the Jamf Cloud Distribution Point", I only see DNS names listed such as use1-jcdsdownloads.services.jamfcloud.com. Are there IP addresses for these (asking since I think pf rules only uses IP addresses)?

  2. When it says "Outbound Traffic from the Jamf Cloud", are these the addresses that I need to pass in to my firewall? (Sorry, I'm really new to these pf firewall settings)

0 Kudos

sdagley
Esteemed Contributor II

Posted on ‎04-06-2021 12:46 PM

@user-kLQvMDaHBi Jamf does not publish IPs for the JCDPs, just the 2 FQDNs, so if you're requiring pf then you're going to have to try and determine all of the IPs that those FQDNs resolve to. All of the connections with the JCDPs, and your Jamf Cloud JSSinstance, are going to be initiated from your endpoints, not from Jamf Cloud. That means you shouldn't need to specifically allow the traffic as incoming since pf should allow it as a response to the endpoint initiated request.

0 Kudos