Posted on 05-28-2021 03:55 AM
Hey all. Can I confirm that Jamf Protect traffic (i.e from client to the Jamf Protect instance) needs to be excluded from SSL inspection? I don't see mention of this anywhere, but I can see errors when running the Jamf Environment Test tool in my customer's environment (see attached).
Posted on 05-28-2021 04:07 AM
I ask, because all Macs within my client's network are stuck at enrolment stage, with the
protectctl binary reporting as follows:
superuser@XXXXXX user % sudo protectctl info Password: Uptime: 22m 47s Version: 220.127.116.114 Status: Enrolling Tenant: $client.protect Plan ID: 2 Plan Hash: 00000000000000000000000000000000 Last Check-in: 01.01.0001 12:00:00 AM GMT Last Insights: 01.01.0001 12:00:00 AM GMT
The documentation (https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html) doesn't mention that SSL inspection being disabled is a requirement, but the above report from JET makes it seem like it is?
Posted on 08-04-2021 03:54 AM
Hey @stephenb. You're correct, if connections from the Jamf Protect agent to Jamf Protect Cloud traverse a web proxy then HTTPS (SSL) inspection must be disabled for that traffic. We're working to update the Jamf Protect Documentation with this information.