Jamf Pro On Prem - External Access?


Does anyone have their on prem Jamf Pro installation configured for external access so devices outside the local network can be managed? If so, can you give me some information on how you configured that, (ie. firewall ports needing to be opened, etc.). I know many will probably recommend that I migrate to Jamf Cloud but I'm using a self-signed cert in my JSS right now and re-enrolling all my devices is not an option at this time.


Esteemed Contributor II

@sedwards Opening firewall ports to an internal server is never a good idea. A satellite JSS node, and a DP configured for HTTPS, in your DMZ (if you have one) could be an option but not easy with a self-signed cert. Unless you can create an external only DNS entry with the same name as your internal DNS (see Split DNS) entry for your JSS it's won't matter since your devices will need to resolve the same JSS address on or off your network.

You'll find several discussions on Jamf Nation regarding this topic. Considering adding a DMZ server is a recent example.

Valued Contributor II

What kind of on prem server you running?

To do it securely, if you have a firewall & networking team you should speak with them. Easy way to do it is https dp out. I've got servers configured on the dmz, only sends out https, configured on firewall & server itself to communicate internally with the other dps.

Looking for a Jamf Managed Service Provider? Look no further than Rocketman

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

Valued Contributor

Yes, we followed this advice.