Jamf Protect and SSL Inspection

stephenb
New Contributor III

Hey all. Can I confirm that Jamf Protect traffic (i.e from client to the Jamf Protect instance) needs to be excluded from SSL inspection? I don't see mention of this anywhere, but I can see errors when running the Jamf Environment Test tool in my customer's environment (see attached).

Thanks!
180c2de8fd6648e983c38086d67cdf3d

2 REPLIES 2

stephenb
New Contributor III

I ask, because all Macs within my client's network are stuck at enrolment stage, with the protectctl binary reporting as follows:

superuser@XXXXXX user % sudo protectctl info
Password:
Uptime:        22m 47s
Version:       1.3.4.294
Status:        Enrolling
Tenant:        $client.protect
Plan ID:       2
Plan Hash:     00000000000000000000000000000000
Last Check-in: 01.01.0001 12:00:00 AM GMT
Last Insights: 01.01.0001 12:00:00 AM GMT

The documentation (https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html) doesn't mention that SSL inspection being disabled is a requirement, but the above report from JET makes it seem like it is?

MattT
New Contributor III
New Contributor III

Hey @stephenb.  You're correct, if connections from the Jamf Protect agent to Jamf Protect Cloud traverse a web proxy then HTTPS (SSL) inspection must be disabled for that traffic.  We're working to update the Jamf Protect Documentation with this information.