Legacy RADIUS server IPs will be deprecated on Dec 17, 2018. Please see this KB for more info.

Support Center

JumpCloud Agent Networking and Port Requirements

The agent does not listen on any port for traffic initiated external to the localhost, thus does not increase potential attack vectors. However, as outbound connections are made, any egress filtering performed by Antivirus software, firewalls, routers, etc.. would need to be opened.  No inbound TCP connections need to be explicitly defined.
Environments using DNS proxies, or other mechanisms that may cache JumpCloud IP addresses may pin themselves to a single server. For larger environments, this could result in rate limiting which will disrupt installations and functionality. Caching JumpCloud IPs is not recommended.

The JumpCloud agent accesses the following servers and ports:
  • agent.jumpcloud.com:443
  • kickstart.jumpcloud.com:443
  • private-kickstart.jumpcloud.com:443
  • s3.amazonaws.com:443
  • pool.ntp.org:123 (UDP)*

*Time synchronization is necessary for the installation and proper function of the agent; as this can be accomplished on an internal network, access to an external host on port 123 is not necessarily required.

Proxy Support:

For installation, Linux (initd) and Mac support routing through an https proxy. Use the following commands to set a proxy server for the installer, then run the installer normally.  

echo "http://PROXY_SERVER_IP:PROXY_SERVER_PORT" > /etc/jcagent-proxy.conf
export https_proxy="`cat /etc/jcagent-proxy.conf`"

echo "http://PROXY_SERVER_IP:PROXY_SERVER_PORT" > /etc/jcagent-proxy.conf

Proxy usage for pre and post-installation on Linux using systemd is supported using an alternative method:
  1. Create a folder /etc/systemd/system/jcagent.service.d/
  2. Create a file override.conf in the above folder
  3. Add to the file:
  4. In the bash session where the installer will run, set environment variables and run the install command:
    # export http_proxy=http://proxy_ip:port/
    # export https_proxy=$http_proxy
    # curl --silent --show-error --header 'x-connect-key: YOUR_CONNECT_KEY' https://kickstart.jumpcloud.com/Kickstart | sudo bash

At an administrator command prompt, run
echo "http://PROXY_SERVER_IP:PROXY_SERVER_PORT" > c:\windows\system32\drivers\etc\jcagent-proxy.conf

Other networking considerations:

MTU mismatch: 408 Request Timeout errors for Amazon Linux instances
JumpCloud Agent fails to register due to ICMP packet filtering

Last Updated: Sep 19, 2018 04:20PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found