Jamf Nation Community

Report Inappropriate Content · ‎01-12-2010

I know this has been discussed before - are some of you allowing access to
your JSS from outside your internal network? Whats the best practice
here? Is port 8443 all that's needed to allow a client to check in?

Chad

John_Wetter · ‎01-12-2010

Hi Chad,
We have it externally accessible for a couple reasons:
-ability to edit policies, etc. from home
-ability to trigger items on computers at home
-theft tracking (getting the IP’s for warrants)

We only allow 8443 open so only encrypted connections can get through from outside.

John

dustydorey · ‎01-12-2010

Same as John's set up here. And for the same reasons.

Added Bonus, ability to use the JSS iPhone app when not on WiFi at work!
J

-Dusty-

Dustin Dorey

Technology Support Cluster Specialist

Independent School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

Report Inappropriate Content · ‎01-12-2010

Hi
Same here. I have port 8443 only so I can track the devices and update them,
Cheers

Carmelo Lopez Portilla

Embl Heidelberg
IT Support

Please consider the enviroment before printing this e-mail.

El 12/01/2010, a las 19:56, John Wetter

Report Inappropriate Content · ‎01-12-2010

Just be sure to scope your policies, that need packages/scripts, to run only within your internal network, otherwise afp/smb and http downloads will fail unless you allow the correct ports (learned from experience and filling an inbox with policy failed messages).

Though I also only allow 8443, and it works great.

Thanks,
Robert

Report Inappropriate Content · ‎01-12-2010

This is a good tip, but what's the best way to accomplish. I can't create
a network segment large enough to encompass our entire network. I have
many smaller segments already created but dont want to have to select all
of those individually. Wish I could create one segment that includes all
of 10.192.0.0/10.

Jamf Nation Community

JSS access from outside