Extending the available IP range

battle
New Contributor

We have 160 iPads configured via Configurator and assigned to JSS, supervised and managed. As the devices were being used more frequently we found our network was running out of available IP addresses to allocate so the range needed to be extended. This work is now complete so we are now using xxx.xxx.2.1 through to xxx.xxx.3.254.

All iPads that pick up a .2.xxx address continue to operate as normal, but if they pick up a .3.xxx address the JSS is no longer able to communicate with them, no inventory updates or profile changes get through, although they continue to operate on our network as normal.

We also have an internal proxy server which we thought might be causing the problem since it caused some issues with the .2.xxx devices initially, but these issues were resolved and the entries made on the proxy server to resolve them have been checked and double checked to include the .3.xxx range.

We are using a local DNS entry for jss (ie, not FQDN) and the JSS server is on the .2.xxx IP range.

Is there a DB entry or file that needs edited for the JSS server to communicate with devices on the .3.xxx range or does teh JSS server need a FQDN entry in DNS to work?

2 REPLIES 2

nigelg
Contributor

My understanding is that the JSS needs to be able to speak to the Apple Push Notification Service Servers on the internet and the iPads also need to speak to the APNS servers.

Your JSS is already talking to the APNS servers. The iPads on .3 xxx range may not be. Can you see anything in the JSS that looks like they are communicating at all? Maybe there is a firewall policy stopping the .3 xxx range from contacting the APNS servers? Another option would be putting a casper laptop onto the wireless and assigning it a .3 xxx address then running the jamf binary (recon or other command) to see if communication exists between the laptop and the JSS.

battle
New Contributor

Thanks for your help, our broadband provider administers our external firewall and I'd assumed that my original request to have the relevant ports opened for APNS comms would apply to all network traffic from within, but having now tested, it seems the ports are open for everything on the .2.xxx network but not the .3.xxx network.

I will ask them to update the firewall rule for our extended internal IP range and all should be sorted.

Many thanks.