Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Local distribution point behind a firewall

I'd like to make my local distribution point available to users on the BYOD wifi. As far as I can tell from the documentation, clients use 443 to communicate with the local distribution point. I created a firewall rule to allow port 80 and 443 from the BYOD to the LAN, but the policies to install packages are failing. If I allow any/any on that same firewall rule to packages install fine.

What ports am I missing to make this happen?

Like Comment
Order by:
SOLVED Posted: by garybidwell

Are you’re DP’s all set to use http? If not you have to allow smb/afp through your firewall to present to your network .
Far simpler from a security risk is to implement a cloud DP that sits outside

SOLVED Posted: by talkingmoose

I suspect while you may have both SMB and HTTP enabled for your Distribution Points, that you're probably using SMB when your tests are successful.

With your firewall set to any/any, use a web browser to download a package. You'll need the full URL to the package along with the correct HTTP or HTTPS protocol. If that works, then Jamf should work.

Alternatively, you could also open port 139 (or 445, depending on what you used) for your Distribution Point and see if that works when the more restrictive rules are in place. If it does, then you're not utilizing the web service for download.

SOLVED Posted: by ralvarezOES

Thanks. I allowed SMB and it's working.

SOLVED Posted: by sdagley

@ralvarezOES It'd be worth your while to figure out why HTTP/HTTPS from your Distribution Point didn't work as those protocols generally provide a much more performant experience than SMB. In addition to adding support for resumable downloads, they eliminates the need to mount and unmount the SMB volume to download whatever you're installing.