- Jamf Nation Community
- Products
- Jamf Pro
- Re: Policy execution based on network segments
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Policy execution based on network segments
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2012 06:40 AM
I am looking to create a policy that will run with 2 options. One option will run if the device is within a specified network segment in Casper and if not found in a network segment then the other option will work.
Background:
We have a content filter/firewall in school that filters our network segments and then when the students take their laptops home, they use iBoss to filter off-site. The client software for iBoss has issues working with Satellite internet providers so they recommended using the iBoss appliance as a proxy for this student then.
I created 2 locations on a test computer (Home & School) and found a command that works pretty slick (imo) to switch the location on the computer. I am wanting to find a way to automate this switching with casper.
Any help from anyone will be appreciated. TIA
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2012 06:44 AM
I think I'm with you on this, but just to clarify, do you want:
a) If Casper sees it in one network IP range do X, if in a different IP range do Y
or
b) If Casper sees the computer's network location setup as A do X, if network location as B do Y.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2012 07:24 AM
Correct.
If casper see it in one of the network segments specified in the JSS then select network location "School"
or
If the device checks in from an ip outside the specified network segments then set location to "Home"
All our school network segments for DHCP are set up under "Network Segments" in the JSS if the computer gets an ip in one of those ranges we want the computer to select the "School" network location from System Preferences>Network. If not in one of the ranges we want the computer to choose "Home network location from System Preferences>Network.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2012 07:52 AM
I believe when you set up Network Segments, you can create one all encompassing segment (for the internet at large) that will cover any IPs that are not in one of your other defined segments. If I'm not mistaken, a Mac will fall into the most specific Network Segment it can locate on your JSS, so any Macs on campus should fall into the smaller scope network segments and any that don't fit into one of those buckets will fall into the all encompassing range. At least I think that's the way it works, or is supposed to work.
As far as getting one policy to run either option, you can do this with a custom script perhaps, or just create 2 policies with the different options and scope one to your internal segments and the other to the external one.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2012 08:13 AM
Ok. I think this will be handled better by a script that runs locally with launchd. Basically check your active interface's IP address and if it's within a certain range, use networksetup to change your location. Logically:
script header
check your interface IP address
case statement
do X for ip range A
networksetup -switchtolocation School
do y for everything else
networksetup -switchtolocation Home
esac
