Hello everyone,
in my company, we have a desktop policy for all devices which makes access to the network through the VPN, which gets deployed locally on the client devices by the Firewall.
The policy restricts port 443 NOT to go anywhere (in and out) till you're logged in the VPN (and many other things). Just a few ip addresses are not restricted, by rules made by the Firewall Admin.
If we know a specific IP address or a specific IP range, we can tell to the desktop policy to allow those IP addresses (both in and out), but we can not set on the Desktop Policy an address which resolves IP addresses which are not static.
Example: our "company.jamfcloud.com" is always resolving a different address (as it seems to rely on Amazon cloud services) and this can not be pointed out on the Desktop Policy.
Result: our devices can not establish any connection to the Jamf Cloud, the Self Service, or receive any Push notification when NOT connected to the VPN.
This is something that we don't want as it is necessary for us to be able to remotely send commands to devices both if they are logged in or logged out the VPN. Otherwise we have no control on them while not connected to the VPN.
Can someone help us going through this?
