+7Hey all. Can I confirm that Jamf Protect traffic (i.e from client to the Jamf Protect instance) needs to be excluded from SSL inspection? I don't see mention of this anywhere, but I can see errors when running the Jamf Environment Test tool in my customer's environment (see attached).
Thanks!
+7I ask, because all Macs within my client's network are stuck at enrolment stage, with the protectctl binary reporting as follows:
superuser@XXXXXX user % sudo protectctl info
Password:
Uptime: 22m 47s
Version: 1.3.4.294
Status: Enrolling
Tenant: $client.protect
Plan ID: 2
Plan Hash: 00000000000000000000000000000000
Last Check-in: 01.01.0001 12:00:00 AM GMT
Last Insights: 01.01.0001 12:00:00 AM GMTThe documentation (https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html) doesn't mention that SSL inspection being disabled is a requirement, but the above report from JET makes it seem like it is?
+13I ask, because all Macs within my client's network are stuck at enrolment stage, with the protectctl binary reporting as follows:
superuser@XXXXXX user % sudo protectctl info
Password:
Uptime: 22m 47s
Version: 1.3.4.294
Status: Enrolling
Tenant: $client.protect
Plan ID: 2
Plan Hash: 00000000000000000000000000000000
Last Check-in: 01.01.0001 12:00:00 AM GMT
Last Insights: 01.01.0001 12:00:00 AM GMTThe documentation (https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html) doesn't mention that SSL inspection being disabled is a requirement, but the above report from JET makes it seem like it is?
Hey @stephenb. You're correct, if connections from the Jamf Protect agent to Jamf Protect Cloud traverse a web proxy then HTTPS (SSL) inspection must be disabled for that traffic. We're working to update the Jamf Protect Documentation with this information.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.