Cache Server Working with Devices at Global Protect VPN

tahir
New Contributor III

Can anyone clarify what happens if our server is not connected to the VPN, but all other devices are connected to the GlobalProtect VPN? Currently, I have content caching enabled, and it works for devices on the local network that are not using GlobalProtect.

My settings:

  • Content Cache for: Devices using a custom local network (with all IP ranges added)
  • My local network: Using a custom public IP address and added TXT record in local DNS.
3 REPLIES 3

AJPinto
Honored Contributor III

Its subnet based. If you have a Content Server with an IP of 10.5.100.15 then all devices on 10.5.x.x can see it for content distribution. You would need to move your Content Server or set up another one on the subnet your VPN uses, which personally would be dumb as your VPN will have a tighter bottleneck then letting the devices get the content from Apple directly. 


https://support.apple.com/guide/mac-help/set-up-content-caching-on-mac-mchl3b6c3720/mac

https://it-training.apple.com/tutorials/deployment/dm070/ 

tahir
New Contributor III

i know the situation will be tough. But the devices are already at VPN for restriction policies. But we have to run it accordingly and we dont want to move server at VPN subnet. Is it possible if we add VPN subnet ranges in content cache for and add VPN gateway IPs in txt record does it will work? As all the device either are on GP devices go to local DNS for resolution.

AJPinto
Honored Contributor III

You are playing with fire on Apples philosophy for device management. I'm not sure if you can customize the behavior of content caching, but I would wager Apple does not allow this.