Posted on 01-23-2018 11:59 AM
JAMF Nation,
We have been on a very long and arduous journey with 3rd Party Patching and would like to share our findings with anyone who might care to read this.
We had been tasked with getting 3PP up and running in our enterprise environment. As with any company we sit behind a proxied firewall. In starting this journey we found this article on JAMF Nation on how to setup 3PP and make it proxy aware.
After carefully reading the full post and we began to execute the steps appropriate for our environment. After much troubleshooting with JAMF and the internal network team it was discovered that the JSS could not be made proxy aware with 3PP in our environment. While the JAMF Nation article has several posts with success stories, we would not have the same result.
On a very high level, here is where we are:
What we didn't know was this... we were trying to get 3PP working with proxy authentication this whole time. On this note, we requested proxy bypasses and still couldn't hit the 3PP URL.
What we needed to do was this... Instead of addressing the URL and working with the proxy, all we needed was direct outbound access through the firewall via the IP.
To sum up, the proxy access is different from firewall access. Our team doesn't speak "Networking" so we were having a hard time figuring this one out. It may seem obvious to some, but it wasn't for us. Maybe someone out there can find this helpful and it will save you 6 months.
Posted on 01-30-2020 06:16 PM
API driven requests should be proxy aware. This is a failing of application design. The only "direct" connectivity should be APNs.