Support Center

JumpCloud Agent Networking and Port Requirements

The agent does not listen on any port for traffic initiated external to the localhost, thus does not increase potential attack vectors. However, as outbound connections are made, any egress filtering performed by Antivirus software, firewalls, routers, etc.. would need to be opened.  No inbound TCP connections need to be explicitly defined.

The JumpCloud agent accesses the following servers and ports:
 
  • agent.jumpcloud.com:443
  • kickstart.jumpcloud.com:443
  • private-kickstart.jumpcloud.com:443
  • s3.amazonaws.com:443
  • pool.ntp.org:123 (UDP)*

*Time synchronization is necessary for the installation and proper function of the agent; as this can be accomplished on an internal network, access to an external host on port 123 is not necessarily required.


Proxy Support:

Currently, Linux and Mac supports installation of the agent when port 443 (https) traffic routes through a proxy before leaving the network. Use the following commands to set a proxy server for the installer, then run the installer normally.  

Note: The agent only supports an https proxy during installation for Linux and Mac.  Normal operation requires that port 443 is open directly per the above list.

Linux:
 
echo "http://PROXY_SERVER_IP:PROXY_SERVER_PORT" > /etc/jcagent-proxy.conf
export https_proxy="`cat /etc/jcagent-proxy.conf`"
 

Mac:
 
echo "http://PROXY_SERVER_IP:PROXY_SERVER_PORT" > /etc/jcagent-proxy.conf


Other networking considerations:

MTU mismatch: 408 Request Time out errors for Amazon Linux instances
JumpCloud Agent fails to register due to ICMP packet filtering
 

Last Updated: Apr 07, 2017 12:24PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete