SCEP Proxy in a DMZ Clustered Environment

Contributor II

Hello all,

I'll be standing up a second JSS in the DMZ (Computer Access Only) soon while simultaneously enabling SCEP proxy services for enrollment and configuration profiles. I'd like to understand how SCEP traffic would function in such a configuration.

For example, if a Mac on the internet enrolls via DEP, will our DMZ JSS need to be able to reach our internal SCEP server? Or will this request route to our internal JSS and on to the SCEP server?


Contributor II

I think just the internal master JSS needs access as that's what initiates the request back to the CA or NDES server and then sorts the policies/configs to push via the DMZ box.