Help

Internal and external self service

ED-209
New Contributor

Posted on ‎11-26-2015 10:16 AM

We're currently running jss in a dmz on an internal address and use NAT/port forward in our firewall to make it available externally. We have some functionality available from any public IP and limiting application distribution based on source network.
Now we're facing some users that will have dynamic puplic IP, and so we can not white list them. We can give them access to internal network via VPN but want to maintain some functionality via the external distribution point. So we need to enable both an internal and external hostname
jss.external.domain
jss.internal.domain

Is it possible to do this in the self service client?

0 Kudos
Reply
3 REPLIES 3

calumhunter
Valued Contributor

Posted on ‎11-26-2015 06:43 PM

can't you just add a network segment 0.0.0.0? that should catch all internet WAN IP's

0 Kudos
Reply

ED-209
New Contributor

Posted on ‎11-30-2015 01:37 AM

Well some functionality is already allowed from 0.0.0.0 while others are limited to specific addresses. We want to keep this limit so that even if an account would be compromised internal material is only available from a whitelisted destination.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎12-02-2015 01:39 AM

@ED-209 Are clients logging into Self Service? Might be a way to lock it down some & then you can offer to all IP's.

Getting compromised would then require a enrolled Mac, & username & password details of a person that can login to Self Service.

0 Kudos
Reply