Jamf Nation Community

Hi, thanks for that. I am surprised that didn't show up in my search.

Please forgive me, how do you upload an xml file to the EAs? I thought they could only be scripts. Sorry to ask this.

EDIT: Nevermind, I figured this out.

Is there a way to incorporate a script that will install the app only if the firewall is off?

No worries on the questions. I'm usually the one asking and everyone at JN are so willing to help that it's nice to be able to give back.

I think the best approach to only installing it on computers that have the Firewall off would be to use Smart Groups.

1. Create a Smart Group that uses the criteria of "Extension Attributes Information" -- "Name of your EA" and set it to "IS" "Off". I would also add whatever other logic you want to this scope. Perhaps something like "does not have" this Application Version"

Note: Since the EA gets gathered during Inventory reports computer won't start showing up until they have submitted a report.

1. Create a policy and have it scoped to this Smart Group. I typically have my policies update inventory as well. That way it will fall out of that Smart Group once it has the update. I can then have the policy run "once per day", knowing if it fails the first time for any reason it will continue to try daily.

If you are needing to turn the Firewall back on afterwards you could incorporate the script from this link within your policy and have it run "After". https://jamfnation.jamfsoftware.com/viewProductFile.html?id=135&fid=457

Whatever you decide to do just make sure to test test test.

Actually, @andrewseago talked @ JNUC about having "active EA's."

Basically , as EA's are scripts... Why not use them as such?

So sack off the smart group, & instead if the firewall is found on, do something.

I'm a fan of Andrew as much as the next admin (and I didn't see that presentation), but I try to avoid using EAs to "do something" wherever possible, that's what policies are for. I guess it cuts down on one smart group, but you lose a lot of control/flexibility as well as your audit trail.

For something as simple as a firewall action, just make it into a smart group/policy.

@bentoms I am looking for a script or solution that turns off my user's laptops FW when they are in my network, and its turned ON when they unplug from it? Any suggestions how I may go about this? if there is a script you can point me to, it would be helpful. Thanks

@bentoms is a heck of a guy, but should he be providing solutions to everybody, and if he has that much time to help everybody, i could use some free help :)? @wmateo why not fix the firewall so that it works all the time and just leave it on? If you really need to turn it off, I would look at the trigger in policies that is based off network changes. and use launchctl probably to unload the firewall and load it after verifying the network, as one option.