Below is a collection of the outbound network requirements for Apple devices. Whilst Apple own the 17.0.0.0/8 range, Akamai's CDN is also used for many of Apple's services, and so these are included below.
NOTE: The below may change at any time and as such the below may not be complete. Also, the below traffic needs to be direct. This means not proxied, nor inspected or SSL decrypted.
Entries pointing to *.jamfcloud.com and *.datajar.mobi are required for services Jamf and dataJAR provide and subsequently might not apply to your configuration.
Service |
Destination | Port |
Apple |
*.apple.com |
80 (tcp) |
Apple |
*.apple.com |
443 (tcp) |
Apple |
*.apple.com |
5223 (tcp) |
Apple |
*.cdn-apple.com |
80 (tcp) |
Apple |
*.cdn-apple.com |
443 (tcp) |
Apple |
*.apple-cloudkit.com |
80 (tcp) |
Apple |
*.apple-cloudkit.com |
443 (tcp) |
Apple |
*.mzstatic.com |
80 (tcp) |
Apple |
*.mzstatic.com |
443 (tcp) |
CDN |
*.2o7.net |
80 (tcp) |
CDN |
*.2o7.net |
443 (tcp) |
CDN |
*.akadns.net |
80 (tcp) |
CDN |
*.akadns.net |
443 (tcp) |
CDN |
*.akamai.net |
80 (tcp) |
CDN |
*.akamai.net |
443 (tcp) |
CDN |
*.akamaiedge.net |
80 (tcp) |
CDN |
*.akamaiedge.net |
443 (tcp) |
CDN |
*.akamaitechnologies.com |
80 (tcp) |
CDN |
*.akamaitechnologies.com |
443 (tcp) |
CDN |
*.edgekey.net |
80 (tcp) |
CDN |
*.edgekey.net |
443 (tcp) |
CDN |
*.edgesuite.net |
80 (tcp) |
CDN |
*.edgesuite.net |
443 (tcp) |
CDN |
*.footprint.net |
80 (tcp) |
CDN |
*.footprint.net |
443 (tcp) |
CDN |
*.amazonaws.com |
80 (tcp) |
CDN |
*.amazonaws.com |
443 (tcp) |
CDN |
*.symcb.com |
80 (tcp) |
CDN |
*.symcb.com |
443 (tcp) |
CDN |
*.symcd.com |
80 (tcp) |
CDN |
*.symcd.com |
443 (tcp) |
Certificate Validation |
crl.entrust.net |
80 (tcp) |
Certificate Validation |
crl3.digicert.com |
80 (tcp) |
Certificate Validation |
crl4.digicert.com |
80 (tcp) |
Certificate Validation |
ocsp.digicert.com |
80 (tcp) |
Certificate Validation |
ocsp.entrust.net |
80 (tcp) |
Certificate Validation |
ocsp.verisign.net |
80 (tcp) |
Time Services |
time.apple.com |
123 (udp) |
dataJAR |
*.datajar.mobi |
443 (tcp) |
Jamf |
*.jamfcloud.com |
443 (tcp) |
Software deployment |
Local Accelerator Appliance address/es |
80 (tcp) |
If you have any questions or queries regarding the above article, please contact support@datajar.co.uk