- Jamf Nation Community
- Products
- Jamf Pro
- Re: Unsuccessfully adding an application into our ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Unsuccessfully adding an application into our firewall config profile...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-05-2024 06:57 AM
Hi all,
Hopefully someone can give me some pointers on this one. I've been tasked with getting the firewall enabled on our macOS devices and I was running a basic config profile for while and couldn't trigger any in-bound alerts but as soon as we enabled it on the wider estate there was one specific .app that was asking for in-bound communication which I thought was strange as all signed apps should be enabled and all apps need to be signed to run on macOS, right???
Anyway, I tracked the binary down to...
"/Library/Application Support/projectstore/nwjs.app/Contents/Frameworks/nwjs Framework.framework/Versions/87.0.4200.88\Helpers/nwjs Helper (Renderer).app"
Running "codesign -dv" against that app give me an identifier of "io.nwjs.nwjs.helper.renderer". This is the Bundle ID, right?
I've added the app name and Bundle ID to our firewall config profile and verified it's taken on a sample endpoint but I still get prompted for firewall access when I log in.
I can't help but feel I am just plain doing something wrong but I can't find any guides to detail exactly how I should be setting up these exemptions.
I need to get this implemented and documented for our other technicians but I'm failing to do it myself...
Any help / pointers would be welcome.
Thanks
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-05-2024 09:54 AM
My advice; do not use Jamf Pro for this. Apple only has built in the most basic of MacOS Firewall Management into the MDM Framework. You really need to be using a tool that is specifically designed to manage Firewalls on the Security framework side. Use the right tool for the job or have a bad time as they say.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-06-2024 12:02 AM
Dare I ask, if Jamf isn't the right tool for managing the macOS firewall, what is?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-11-2024 11:31 AM
What tool would you recommend? I am trying to add firewall rules for some binaries we build in-house that are not signed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-05-2024 01:04 PM
Sounds like you're doing the right thing. Are you running this in Terminal?
codesign -dr - /path/to/yourapp.appInstead of getting the Bundle ID/Identifier for the binary, can you do it against the app? And then finally, did you select "Allowed" for the exception and push?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-06-2024 12:05 AM
I only did the binary, as this is what the actual firewall GUI was prompting for. I can try the parent .app also. It was definitely set to allow and the client had received it as there was a visible exclusion in the GUI added from Jamf.
