Jamf Trust now prevents internet traffic blockages

New Jamf Trust capability

Jamf Trust now notifies users when a device loses its Zero Trust Network Access (ZTNA) connection and provides additional context when users access the internet from captive portals.

This blog explores how Jamf Trust improves the user experience with captive portals: login or payment screens often found on airplanes, trains or in public spaces. We'll discuss how the app now ensures internet access isn't blocked and clearly informs the user of their ZTNA status.

The captive portal conundrum

Working with traditional Virtual Private Network (VPN) software can be frustrating; it often requires constant authentication and provides little visibility into connection status. While ZTNA significantly reduces these headaches by only routing relevant company traffic, it isn't immune to connection issues.

A common pain point for Jamf customers

Customers were having trouble with the way Jamf Trust managed and reported ZTNA status, particularly when using captive portals.

What are captive portals?

Captive portals are used to present users with a license agreement, login or payment screen before granting full internet access. They are ubiquitous, whether you're purchasing in-flight snacks or completing a hotel's Wi-Fi login.

Most modern operating systems (OS) support the Wireless Internet Service Provider Roaming (WISPr) protocol to help detect internet connectivity. However, this often results in complicated, confusing device statuses.

By allowing access to in-flight maps or purchase menus only through captive portals, these network configurations can inadvertently break a necessary ZTNA or VPN connection.

This leaves the end user completely blocked from both the internet and company resources. Users were understandably frustrated, often attributing the fault to the Jamf Trust app. This was a problem we needed to solve.

Dead gateway detection

We are excited to announce that this problem is now a thing of the past. We have enhanced Jamf Trust to provide better detection in these scenarios.

When the connection to your ZTNA gateway is unavailable, the app will now temporarily disable ZTNA and its related features to ensure that your internet traffic is not blocked.

This key enhancement:

• Maintains internet access. End users can complete the captive portal login, browse the web or access any other internet services like streaming movies or purchasing snacks.
• Helps on-device filtering respect these bypass policies to prevent the device from blocking internet traffic while the ZTNA connection is down.
• Communicates clearly. The app provides clear in-app information and notifies users about the ZTNA connection status.

Once the device has a restored connection, Jamf Trust will automatically and silently reconnect to ZTNA and re-enable content filtering. This ensures continued access to company resources while also providing network security — all without any user intervention.

This feature is a prime example of our continuous pursuit to help organizations succeed with Apple. We're proud to give end users clarity into connection status, eliminating guesswork when their device isn't connecting as expected.

Availability

This capability, Dead Gateway Detection (DGD), is now available for Jamf Trust on iOS, macOS and Android devices.