JFrog Connect is based on client-server architecture. This page provides a high-level overview of the network specifications for JFrog Connect operating in cloud SaaS mode.
As one method of enhancing network security, there are no open ports or running servers on the edge devices. Communication with Connect Agent works via outbound requests to ensure zero attack surfaces for attackers.
- The edge device uses UDP and port 53 to resolve hostnames and connect with the JFrog Connect servers.
- The Connect Agent and servers communicate on TCP as follows:
- Remote control uses SSH protocol on port 443
- Remote access uses SSH protocol on port 22
- All other client-server communication uses HTTPS TLS encryption on port 443
To use JFrog Connect, ensure that the following Outbound domains and IP addresses are on your allowed list:
JFrog Connect Domains
To pull from JFrog Artifactory, ensure the following Outbound domains and IP addresses are on your Allowed List.
Remote access features enable you to easily connect to the edge device. All requests are outbound from the device to JFrog Connect servers. If there are strict network policies, allow outbound requests as described below.
- Domain: remote.connect.jfrog.io
- Static IP: 220.127.116.11
- Ports: 443
- Domain: forwarding.connect.jfrog.io
- Static IP: 18.104.22.168
- Ports: Will try 22 first, then 443, then 80