Jamf Nation Community

ukspvmalapati · ‎12-05-2018

Hello All.

Suggestions/Script to deploy app only when connected to LAN and deployment has to be stopped when connected in VPN and suggest user to deploy only when connected to LAN.

Thanks in Advance.

garybidwell · ‎12-06-2018

No need for a script.

Cant remember which version of Jamf this appeared in, but use Client Side limitations for you policy in the General tab.
You can set it to deploy when connected to Ethernet only.

Then if you define a network segment for your internal VPN `IP range you can use that as an scope for exclusion, so any devices reporting on that range won't run the policy

ryan_ball · ‎12-06-2018

That would still run even if you are connected to a VPN and on ethernet. I would set up a script to do an nslookup on a server that might return a specific IP when you are connected to VPN, that might return something different when you are not connected to the VPN.

dgreening · ‎12-06-2018

You need to define your VPN IP segment(s) in Network Segments and add that as an exclusion to the policy. We do this all the time for policies which have LARGE payload.

garybidwell · ‎12-06-2018

Not if you have all your network segments defined and combined in the same policy, sounds like dgreening is using these the same way as we do. As we know what the IP ranges our global VPNs use and what the client will report in on when connected, we can use the network segments for policy exclusions.

Example below is to stop users installing large Adobe CC installs when connected to their local VPN: This exclusion stop the policy running when user connects from a certain VPN range and/or if they are on WiFi (i.e the option to install Adobe CC disappears from their Self Service, but only returns when they are connected the internal LAN)

Jamf Nation Community

Script to deploy app when connected only in LAN