Jamf Nation Community

j_cyber · ‎04-15-2024

Environment context:

2 different ssids

- Open network Captive Portal SSID with a portal enforced (Aruba Clearpass)

- WPA2 SSID with an allow all after authentication (by default)

While devices are on the default SSID, we are able to push a wifi profile consisting of the captive portal SSID to devices successfully. However, when devices are on the Captive Portal SSID, we are unable to push the default wifi profile back on devices. The following IPs, URLs and Ports have been allowed to devices on the Captive Portal SSID:

https://learn.jamf.com/en-US/bundle/jamf-school-documentation/page/Firewall_Ports_IP_Addresses_and_U...

We need to switch SSIDs during maintenance periods where having an allow all SSID will be beneficial to us, open to other suggestions on a better workflow as well.

Any one has any idea how we can go about this?

Thanks for reading

Lasse · ‎05-28-2024

I would consider another network setup during your maintenance periods. It seems like the captive network connection is not stable/needs re-connecting on a recurring basis.

Otherwise, try to set up a wifi-profile for the captive network that bypasses the captive setup if that is compatible and gives a usable network connection.

j_cyber · ‎07-02-2024

Hi Lasse,

Thanks for your contribution, however this envrionment seems dependant on having a fast paced workflow without the luxury of having a maintenance period to push apps/profiles and make device configuration changes.

We found that it isnt the SSID affecting this connection, rather the AP Profile. We are able to whitelist Jamfcloud URLs on the ACL on the AP Profile, however we are still unable to successfully refresh devices that are using this AP Profile.

Any information on how Jamf communicates with its client or any expertise with using Aruba APs and Jamf Cloud would be very much appreciated.

Jamf Nation Community

WIFI Profile does not deploy on device connected to a captive portal SSID