We have a clustered DMZ/Internal JAMF environment with Windows Serves. JAMF works fine internally and grabs everything, but we've started to see issues in the last six months where mobile devices on a non-internal network don't get push notifications/profile changes/device lock/clear passcode commands. This also goes for configuration profile changes on Macs. Also, when enrolling devices, they have to be on an internal network for it to be able to grab the DEP config - it fails when attempting to download the prestage.
Is this an issue with ports not being open on the servers? Could it be that there's an expired certificate on our DMZ server? Our push certificate is up to date.
Any ideas would be appreciated.