I have recently setup a JSS in the DMZ and have computers successfully checking in. But if I send a "Lock Computer" Command, the command only works if the computer connects to my VPN. The whole point of putting a JSS in the DMZ was so that the lock/wipe commands would work on a machine outside of my network.
Is your DMZ server publicly accessible, aka are all the clients talking to it? Or are they talking to your internal server?
Do you have the push notification ports unblocked?
As listed on this KB: https://jamfnation.jamfsoftware.com/article.html?id=34