Skip to main content
Answer

Recon's Network Scanner Failing Because of Websense Proxy

  • April 12, 2013
  • 4 replies
  • 5 views
C
Forum|alt.badge.img+5
  • CDZ
  • New Contributor

Hi,

We're having a few problems running inventory through Recon's Network Scanner (the error message is "Recon Failed" after installing the JAMF binary). So, it actually installs, but it can't send any information to the JSS.
We (myself and JAMF's support) have troubleshooted the problem for a while and know that the issue is being created due to the proxy (Websense) the machines have configured.

I see all traffic being passed and permitted through our proxy from the machines who are being inventoried.

Has anybody encountered this sort of situation before?
Is there a specific URL or IP that needs to be allowed on the proxy?

Best answer by CDZ

The solution was a mix of:

Installing the appliance certificate on the client
Adding the JSS URL to the Websense SSL Decryption Bypass configuration

I'm figuring that when Recon is being processed on the client side, some components need to bypass the SSL Decryption and others require the appliance certificate to be installed in order to reach JSS in HTTPS.

    4 replies

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • April 12, 2013

    We use web sense, but our proxy is kerberized & we're not seeing issues like this.

    C
    Forum|alt.badge.img+5
    • CDZ
    • Author
    • New Contributor
    • April 12, 2013

    Have you also got MACs trying to communicate with a management platform on the cloud (Casper Suite)?

    T
    Forum|alt.badge.img+21
    • tkimpton
    • Honored Contributor
    • April 12, 2013

    we use websense and kerberised no problems

    C
    Forum|alt.badge.img+5
    • CDZ
    • Author
    • New Contributor
    • Answer
    • April 19, 2013

    The solution was a mix of:

    Installing the appliance certificate on the client
    Adding the JSS URL to the Websense SSL Decryption Bypass configuration

    I'm figuring that when Recon is being processed on the client side, some components need to bypass the SSL Decryption and others require the appliance certificate to be installed in order to reach JSS in HTTPS.

    Terms & ConditionsCookie settingsAccessibility statement