Help

Question about Distribution points and network segments

Maclife
New Contributor III

Posted on ‎09-30-2023 01:01 AM

OK hopefully somebody can help or explain. Let's say we have the following setup

A Jamf Server on premise with 2 Distribution Points also on premise only.

Distribution Points setup:

Public DP = Failover

US DP = Principal

Network Segment

192.168.1.1 - 192.168.255.255 = use Public DP

10.0.0.0 - 10.255.255.255 = use US DP

ok so now we have devices that work outside the LAN at home office. In Jamf I can see for example last reported ip 192.168.1.10. Meaning since he in the range of Public DP the computer should use the public DP. But if I start to install an app from self service I can see in the log file that the device tries to mount the US DP first then fails and then switches over to the failover DP which is the Public DP.

My question now why is the device not taking the Public DP as the 1st try since the device is in the range of ip addresses from that network segment Public DP.

Can somebody explain this behaviour to me or what am I doing wrong?

0 Kudos
Reply
2 REPLIES 2

sdagley
Esteemed Contributor II

‎09-30-2023 11:39 AM - edited ‎09-30-2023 11:40 AM

@Maclife When you're looking at a Computer record in Jamf Pro the Last Reported IP field is the IP address for the network the Mac is connected to (e.g. the common 192.168.x.x used for home networks). The IP Address field is the IP address that your Jamf Pro server sees traffic from the Mac originating from, so for Macs not on a VPN connection that would be the public IP address from their ISP (e.g. for Verizon it could be something in the 100.7.x.x range), or for a Mac connected to VPN it'd be in the range of the public IP exit range for the VPN.

You need to use the IP address from the IP Address field to define your Network Segments, not the Reported IP Address field.

0 Kudos
Reply

Maclife
New Contributor III
In response to sdagley

Posted on ‎10-03-2023 12:19 AM

I don't think that is correct in Jamf doc it is stated:

Network segments are evaluated based on the reported IP address.

The calculation occurs any time the binary on the computer communicates with the Jamf Pro server. For example, if a policy is configured to run on a pre-defined trigger, network segments are calculated before the actual content of the policy runs.

0 Kudos
Reply