Help

Jamf Pro On Prem - External Access?

sedwards
Contributor

Posted on ‎08-10-2020 07:47 AM

Does anyone have their on prem Jamf Pro installation configured for external access so devices outside the local network can be managed? If so, can you give me some information on how you configured that, (ie. firewall ports needing to be opened, etc.). I know many will probably recommend that I migrate to Jamf Cloud but I'm using a self-signed cert in my JSS right now and re-enrolling all my devices is not an option at this time.

Labels:
0 Kudos
Reply
3 REPLIES 3

sdagley
Esteemed Contributor II

Posted on ‎08-10-2020 08:14 AM

@sedwards Opening firewall ports to an internal server is never a good idea. A satellite JSS node, and a DP configured for HTTPS, in your DMZ (if you have one) could be an option but not easy with a self-signed cert. Unless you can create an external only DNS entry with the same name as your internal DNS (see Split DNS) entry for your JSS it's won't matter since your devices will need to resolve the same JSS address on or off your network.

You'll find several discussions on Jamf Nation regarding this topic. Considering adding a DMZ server is a recent example.

Reply

Hugonaut
Valued Contributor II

Posted on ‎08-10-2020 08:15 AM

What kind of on prem server you running?

To do it securely, if you have a firewall & networking team you should speak with them. Easy way to do it is https dp out. I've got servers configured on the dmz, only sends out https, configured on firewall & server itself to communicate internally with the other dps.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
0 Kudos
Reply

mark_mahabir
Valued Contributor

Posted on ‎08-10-2020 01:22 PM

Yes, we followed this advice.

0 Kudos
Reply