Skip to main content
Question

Internal and external self service

  • November 26, 2015
  • 3 replies
  • 11 views
E
Forum|alt.badge.img+2

We're currently running jss in a dmz on an internal address and use NAT/port forward in our firewall to make it available externally. We have some functionality available from any public IP and limiting application distribution based on source network.
Now we're facing some users that will have dynamic puplic IP, and so we can not white list them. We can give them access to internal network via VPN but want to maintain some functionality via the external distribution point. So we need to enable both an internal and external hostname
jss.external.domain
jss.internal.domain

Is it possible to do this in the self service client?

    3 replies

    C
    Forum|alt.badge.img+10
    • calumhunter
    • New Contributor
    • November 27, 2015

    can't you just add a network segment 0.0.0.0? that should catch all internet WAN IP's

    E
    Forum|alt.badge.img+2
    • ED-209
    • Author
    • New Contributor
    • November 30, 2015

    Well some functionality is already allowed from 0.0.0.0 while others are limited to specific addresses. We want to keep this limit so that even if an account would be compromised internal material is only available from a whitelisted destination.

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • December 2, 2015

    @ED-209 Are clients logging into Self Service? Might be a way to lock it down some & then you can offer to all IP's.

    Getting compromised would then require a enrolled Mac, & username & password details of a person that can login to Self Service.

    Terms & ConditionsCookie settingsAccessibility statement