Overview
Below is a collection of the outbound network requirements when self-hosting your JSS & not utilising the datajar.mobi cloud service.
Whilst Apple own the 17.0.0.0/8 range, Akamai's CDN is also used for many of Apple's services, & so these are included below.
NOTE: The below may change at any time and as such the below may not be complete. Also, the below traffic needs to be direct. This means not proxied, nor inspected or SSL decrypted.
Service | Destination | Port |
Jamf | *.jamfcloud.com | 443 (tcp) |
Jamf | *.jamfnebula.com | 443 (tcp) |
Apple | *.apple.com | 80 (tcp) |
Apple | *.apple.com | 443 (tcp) |
Apple | *.apple.com | 2195 (tcp) |
Apple | *.apple.com | 2196 (tcp) |
Apple | *.cdn-apple.com | 80 (tcp) |
Apple | *.cdn-apple.com | 443 (tcp) |
Apple | *.mzstatic.com | 80 (tcp) |
Apple | *.mzstatic.com | 443 (tcp) |
CDN | *.akadns.net | 80 (tcp) |
CDN | *.akadns.net | 443 (tcp) |
CDN | *.akamai.net | 80 (tcp) |
CDN | *.akamai.net | 443 (tcp) |
CDN | *.akamaiedge.net | 80 (tcp) |
CDN | *.akamaiedge.net | 443 (tcp) |
CDN | *.akamaitechnologies.com | 80 (tcp) |
CDN | *.akamaitechnologies.com | 443 (tcp) |
CDN | *.edgekey.net | 80 (tcp) |
CDN | *.edgekey.net | 443 (tcp) |
CDN | *.edgesuite.net | 80 (tcp) |
CDN | *.edgesuite.net | 443 (tcp) |
CDN | *.verisign.com | 80 (tcp) |
CDN | *.verisign.com | 443 (tcp) |
CDN | *.amazonaws.com | 80 (tcp) |
CDN | *.amazonaws.com | 443 (tcp) |
CDN | *.digicert.com | 80 (tcp) |
CDN | *.digicert.com | 443 (tcp) |
CDN | *.symcb.com | 80 (tcp) |
CDN | *.symcb.com | 443 (tcp) |
CDN | *.symcd.com | 80 (tcp) |
CDN | *.symcd.com | 443 (tcp) |
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.