Juniper Mist Firewall Ports and IP Addresses for Firewall Configuration
SUMMARY To ensure connectivity and proper operations of Juniper Mist™, configure your firewall to open the required firewall ports and allow traffic to/from the Juniper Mist IP addresses for your region.
Juniper Mist ports and IP addresses vary by region. To know which Juniper Mist region is applicable for your scenario, see Juniper Mist Cloud Instances.
Mist Cloud IP Addresses and Ports
| Service Type | Global 01 | Global 02 | Global 03 | Global 04 | EMEA 01 | EMEA 02 | APAC 01 |
|---|---|---|---|---|---|---|---|
| Admin Portal |
manage.mist.com/signin.html (TCP 443) api-ws.mist.com (TCP 443) api.mist.com(TCP 443) |
manage.gc1.mist.com (TCP 443) api-ws.gc1.mist.com (TCP 443) api.gc1.mist.com(TCP 443) |
manage.ac2.mist.com (TCP 443) api-ws.ac2.mist.com (TCP 443) api.ac2.mist.com(TCP 443) |
manage.gc2.mist.com (TCP 443) api-ws.gc2.mist.com (TCP 443) api.gc2.mist.com (TCP 443) |
manage.eu.mist.com (TCP 443) api-ws.eu.mist.com (TCP 443) |
manage.gc3.mist.com (TCP 443) api-ws.gc3.mist.com (TCP 443) |
manage.ac5.mist.com (TCP 443) api-ws.ac5.mist.com (TCP 443) api.ac5.mist.com (TCP 443) |
| API | api.mist.com(TCP 443) | api.gc1.mist.com (TCP 443) | api.ac2.mist.com (TCP 443) | api.gc2.mist.com (TCP 443) | api.eu.mist.com (TCP 443) |
api.gc3.mist.com (TCP 443) |
api.ac5.mist.com (TCP 443) |
| Guest Wi-Fi Portal | portal.mist.com (TCP 443) | portal.gc1.mist.com (TCP 443) | portal.ac2.mist.com (TCP 443) | portal.gc2.mist.com (TCP 443) | portal.eu.mist.com (TCP 443) |
portal.gc3.mist.com (TCP 443) |
portal.ac5.mist.com(TCP 443) |
| Webhooks Source IP Addresses (static IP addresses) |
54.193.71.17 54.215.237.20 |
34.94.226.48/28 (34.94.226.48-34.94.226.63) |
34.231.34.177 54.235.187.11 18.233.33.230 |
34.152.4.85 35.203.21.42 34.152.7.156 |
3.122.172.223 3.121.19.146 3.120.167.1 |
35.234.156.66 |
54.206.226.168 13.238.77.6 54.79.134.226 |
| Juniper Mist Support | support-portal.mist.com | support-portal.mist.com | support-portal.mist.com | support-portal.mist.com | support-portal.mist.com | support-portal.mist.com | support-portal.mist.com |
Device-to-Cloud Addresses and Ports
IP addresses for the terminators will change. Use FQDN based firewall rules.
| Device Type | Global 01 | Global 02 | Global 03 | Global 04 | EMEA 01 | EMEA 02 |
APAC 01 |
|---|---|---|---|---|---|---|---|
| Juniper Mist Access Points and Juniper Mist Edge |
ep-terminator.mistsys.net (TCP 443) portal.mist.com (TCP 443) redirect.mist.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc1.mist.com (TCP 443) portal.gc1.mist.com (TCP 443) redirect.mist.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac2.mist.com (TCP 443) portal.ac2.mist.com (TCP 443) redirect.mist.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc2.mist.com (TCP 443) portal.gc2.mist.com (TCP443) redirect.mist.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.eu.mist.com (TCP 443) portal.eu.mist.com (TCP 443) redirect.mist.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc3.mist.com (TCP 443) portal.gc3.mist.com (TCP 443) redirect.mist.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac5.mist.com (TCP 443) portal.ac5.mist.com (TCP 443) redirect.mist.com (TCP 443) |
| EX Series Switches |
redirect.juniper.net (TCP 443) jma-terminator.mistsys.net (TCP 443) ztp.mist.com (TCP 443) oc-term.mistsys.net (TCP 2200) |
redirect.juniper.net (TCP 443) jma-terminator.gc1.mistsys.net ztp.gc1.mist.com (TCP 443) oc-term.gc1.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
redirect.juniper.net (TCP 443) jma-terminator.ac2.mistsys.net ztp.ac2.mist.com (TCP 443) oc-term.ac2.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
redirect.juniper.net (TCP 443) jma-terminator.gc2.mistsys.net ztp.gc2.mist.com (TCP 443) oc-term.gc2.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
redirect.juniper.net (TCP 443) jma-terminator.eu.mistsys.net ztp.eu.mist.com (TCP 443) oc-term.eu.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
redirect.juniper.net (TCP 443) ztp.gc3.mist.com (TCP 443) oc-term.gc3.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
redirect.juniper.net (TCP 443) jma-terminator.ac5.mistsys.net ztp.ac5.mist.com (TCP 443) oc-term.ac5.mist.com (TCP 2200) cdn.juniper.net (TCP 443) |
| SRX Series Firewalls |
redirect.juniper.net (TCP 443) ztp.mist.com (TCP 443) oc-term.mistsys.net (TCP 2200) srx-log-terminator.mist.com (TCP 6514) |
redirect.juniper.net (TCP 443) ztp.gc1.mist.com (TCP 443) oc-term.gc1.mist.com (TCP 2200) srx-log-terminator.gc1.mist.com (TCP 6514) |
redirect.juniper.net (TCP 443) ztp.ac2.mist.com (TCP 443) oc-term.ac2.mist.com (TCP 2200) srx-log-terminator.ac2.mist.com (TCP 6514) |
redirect.juniper.net (TCP 443) ztp.gc2.mist.com (TCP 443) oc-term.gc2.mist.com (TCP 2200) srx-log-terminator.gc2.mist.com (TCP 6514) |
redirect.juniper.net (TCP 443) ztp.eu.mist.com (TCP 443) oc-term.eu.mist.com (TCP 2200) srx-log-terminator.eu.mist.com (TCP 6514) |
redirect.juniper.net (TCP 443) ztp.gc3.mist.com (TCP 443) oc-term.gc3.mist.com (TCP 2200) srx-log-terminator.gc3.mist.com (TCP 6514) |
redirect.juniper.net (TCP 443) ztp.ac5.mist.com (TCP 443) oc-term.ac5.mist.com (TCP 2200) srx-log-terminator.ac5.mist.com (TCP 6514) |
| SSR Series Routers |
ep-terminator.mistsys.net (TCP 443) portal.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc1.mist.com (TCP 443) portal.gc1.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac2.mist.com (TCP 443) portal.ac2.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc2.mist.com (TCP 443) portal.gc2.mist.com (TCP443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.eu.mist.com (TCP 443) portal.eu.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.gc3.mist.com (TCP 443) portal.gc3.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
ep-terminator.mistsys.net (TCP 443) ep-terminator.ac5.mist.com (TCP 443) portal.ac5.mist.com (TCP 443) redirect.mist.com (TCP 443) software.128technology.com (TCP 443) rp.cloud.threatseeker.com (TCP 443) |
Additional Information for Access Points
- APs require TCP port 443 to connect to the Juniper Mist cloud. Optionally, you can tunnel this traffic by using Layer 2 Tunneling Protocol (L2TP).
- The Domain Name System (DNS) requires UDP port 53 to look up the cloud hostnames. However, the DNS does not need a public DNS server.
- The Dynamic Host Control Protocol (DHCP) initially requires UDP ports 67 and 68. After initial device onboarding, you can configure static IP on the device if you prefer.
- The Network Time Protocol (NTP) may require UDP port 123 in some environments. The AP will by default attempt to receive the time from pool.ntp.org. The AP can also receive time through DHCP option 42.
-
We also recommend opening UDP port 443 and TCP port 80.
-
The IP addresses change periodically and may resolve to something like this: ep-terminator-production-839577302.us-west-1.elb.amazonaws.com.
-
Proxy settings are supported and the proxy setting is used if available, but if not the AP will still try to connect.
Additional Hosts to Allow
- portal.mist.com for WiFi captive portal
- manage.mist.com/signin.html for Admin UI access
- api.mist.com for Admin API access
- api-ws.mist.com for Admin websocket API access
- support-portal.mist.com for Admin Support Portal access
Additional Information for Wired/WAN Assurance
This is the terminator needed for Wired/WAN Assurance: radsec.nac.mist.com (TCP 2083).
IP addresses for the terminators will change. Use FQDN-based firewall rules.