Juniper Mist Firewall Ports and IP Addresses for Firewall Configuration
SUMMARY To ensure connectivity and proper operations of Juniper Mist™, configure your firewall to open the required firewall ports and allow traffic to/from the Juniper Mist IP addresses for your region.
How To Use This Information
-
Within this document, refer to the appropriate table for your regional cloud instance (such as Global 01, Global 02, and so on). For help identifying your cloud instance, see Juniper Mist Clouds.
-
Cloud Services—The tables identify the IP addresses and ports to allow for various cloud services, as listed.
-
Admin Portal
-
API
Guest Wi-Fi Portal
-
Webhooks Source IP Addresses
-
-
Device Types—The tables identify the IP addresses and ports to allow for various Juniper devices. You can ignore any device types that you don't have in your organization.
-
Juniper Mist Access Points and Juniper Mist Edge
-
EX Series Switches
-
SRX Series Firewalls
-
SSR Series Routers
Note:For terminators in the tables, use FQDN-based firewall rules. Their IP addresses will change.
-
-
Additional Information—Also allow the ports and IP addresses in the Additional Information section.
-
You need to provide unrestricted access to debian and mistsys repo in the environments where you create the Mist Edge VM for initial bring up. Also, ensure that the Firewall has Port-80 and Port-443 open.
Global 01
| Cloud Service or Device Type | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.mist.com/signin.html (TCP 443) api-ws.mist.com (TCP 443) api.mist.com (TCP 443) |
| API | api.mist.com (TCP 443) |
| Guest Wi-Fi Portal | portal.mist.com (TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
54.193.71.17 54.215.237.20 |
| Juniper Mist Support | support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) portal.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.mistsys.net (TCP 443) ztp.mist.com (TCP 443) oc-term.mistsys.net (TCP 2200) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.mist.com (TCP 443) oc-term.mistsys.net (TCP 2200) srx-log-terminator.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) portal.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
Global 02
| Cloud Service or Device | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.gc1.mist.com (TCP 443) api-ws.gc1.mist.com (TCP 443) api.gc1.mist.com(TCP 443) |
| API | api.gc1.mist.com (TCP 443) |
| Guest Wi-Fi Portal | portal.gc1.mist.com (TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
34.94.226.48/28 (34.94.226.48-34.94.226.63) |
| Juniper Mist Support | support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc1.mist.com (TCP 443) portal.gc1.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.gc1.mist.com (TCP 443) ztp.gc1.mist.com (TCP 443) oc-term.gc1.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.gc1.mist.com (TCP 443) oc-term.gc1.mist.com (TCP 2200) srx-log-terminator.gc1.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc1.mist.com (TCP 443) portal.gc1.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
Global 03
| Cloud Service or Device | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.ac2.mist.com (TCP 443) api-ws.ac2.mist.com (TCP 443) api.ac2.mist.com(TCP 443) |
| API | api.ac2.mist.com (TCP 443) |
| Guest Wi-Fi Portal | portal.ac2.mist.com (TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
34.231.34.177 54.235.187.11 18.233.33.230 |
| Juniper Mist Support | support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac2.mist.com (TCP 443) portal.ac2.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.ac2.mist.com (TCP 443) ztp.ac2.mist.com (TCP 443) oc-term.ac2.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.ac2.mist.com (TCP 443) oc-term.ac2.mist.com (TCP 2200) srx-log-terminator.ac2.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac2.mist.com (TCP 443) portal.ac2.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
Global 04
| Cloud Service or Device | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.gc2.mist.com (TCP 443) api-ws.gc2.mist.com (TCP 443) api.gc2.mist.com (TCP 443) |
| API | api.gc2.mist.com (TCP 443) |
| Guest Wi-Fi Portal | portal.gc2.mist.com (TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
34.152.4.85 35.203.21.42 34.152.7.156 |
| Juniper Mist Support | support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc2.mist.com (TCP 443) portal.gc2.mist.com (TCP443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.gc2.mist.com (TCP 443) ztp.gc2.mist.com (TCP 443) oc-term.gc2.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.gc2.mist.com (TCP 443) oc-term.gc2.mist.com (TCP 2200) srx-log-terminator.gc2.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc2.mist.com (TCP 443) portal.gc2.mist.com (TCP443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
EMEA 01
| Cloud Service or Device | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.eu.mist.com (TCP 443) api-ws.eu.mist.com (TCP 443) |
| API | api.eu.mist.com (TCP 443) |
| Guest Wi-Fi Portal | portal.eu.mist.com (TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
3.122.172.223 3.121.19.146 3.120.167.1 |
| Juniper Mist Support | support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) ep-terminator.eu.mist.com (TCP 443) portal.eu.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.eu.mist.com (TCP 443) ztp.eu.mist.com (TCP 443) oc-term.eu.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.eu.mist.com (TCP 443) oc-term.eu.mist.com (TCP 2200) srx-log-terminator.eu.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) ep-terminator.eu.mist.com (TCP 443) portal.eu.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
EMEA 02
| Cloud Service or Device | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.gc3.mist.com (TCP 443) api-ws.gc3.mist.com (TCP 443) |
| API |
api.gc3.mist.com (TCP 443) |
| Guest Wi-Fi Portal |
portal.gc3.mist.com (TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
35.234.156.66 |
| Juniper Mist Support | support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc3.mist.com (TCP 443) portal.gc3.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) ztp.gc3.mist.com (TCP 443) oc-term.gc3.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.gc3.mist.com (TCP 443) oc-term.gc3.mist.com (TCP 2200) srx-log-terminator.gc3.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc3.mist.com (TCP 443) portal.gc3.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
EMEA 03
| Cloud Service or Device | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.ac6.mist.com (TCP 443) api-ws.ac6.mist.com (TCP 443) |
| API |
api.ac6.mist.com (TCP 443) |
| Guest Wi-Fi Portal |
portal.ac6.mist.com (TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
51.112.15.151 51.112.76.109 51.112.86.222 |
| Juniper Mist Support |
support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac6.mist.com (TCP 443) portal.ac6.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.ac6.mist.com (TCP 443) ztp.ac6.mist.com (TCP 443) oc-term.ac6.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.ac6.mist.com (TCP 443) oc-term.ac6.mist.com (TCP 2200) srx-log-terminator.ac6.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac6.mist.com (TCP 443) portal.ac6.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
APAC 01
| Cloud Service or Device | IP Addresses and Ports |
|---|---|
| Admin Portal |
manage.ac5.mist.com (TCP 443) api-ws.ac5.mist.com (TCP 443) api.ac5.mist.com (TCP 443) |
| API | api.ac5.mist.com (TCP 443) |
| Guest Wi-Fi Portal |
portal.ac5.mist.com(TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
54.206.226.168 13.238.77.6 54.79.134.226 |
| Juniper Mist Support | support-portal.mist.com |
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac5.mist.com (TCP 443) portal.ac5.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.ac5.mist.com (TCP 443) ztp.ac5.mist.com (TCP 443) oc-term.ac5.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.ac5.mist.com (TCP 443) oc-term.ac5.mist.com (TCP 2200) srx-log-terminator.ac5.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac5.mist.com (TCP 443) portal.ac5.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
Additional Information
- Additional Hosts to Allow
- Additional Information for Access Points
- Additional Information for Wired and WAN Assurance
Additional Hosts to Allow
- portal.mist.com for WiFi captive portal
- manage.mist.com/signin.html for Admin UI access
- api.mist.com for Admin API access
- api-ws.mist.com for Admin websocket API access
- support-portal.mist.com for Admin Support Portal access
Additional Information for Access Points
- APs require TCP port 443 to connect to the Juniper Mist cloud. Optionally, you can tunnel this traffic by using Layer 2 Tunneling Protocol (L2TP).
- The Domain Name System (DNS) requires UDP port 53 to look up the cloud hostnames. However, the DNS does not need a public DNS server.
- The Dynamic Host Control Protocol (DHCP) initially requires UDP ports 67 and 68. After initial device onboarding, you can configure static IP on the device if you prefer.
- The Network Time Protocol (NTP) may require UDP port 123 in some environments. The AP will by default attempt to receive the time from pool.ntp.org. The AP can also receive time through DHCP option 42.
-
We also recommend opening UDP port 443 and TCP port 80.
-
The IP addresses change periodically and may resolve to something like this: ep-terminator-production-839577302.us-west-1.elb.amazonaws.com.
-
Proxy settings are supported and the proxy setting is used if available, but if not the AP will still try to connect.
Additional Information for Wired and WAN Assurance
For Wired and WAN Assurance, allow radsec.nac.mist.com (TCP 2083).
For Access Assurance for customers in the European Union (EU), allow radsec-eu.nac.mist.com(TCP 2083).
IP addresses for the terminators will change. Use FQDN-based firewall rules.