JamfCloud JSS and internal JDS(s) issues

PeterG
Contributor II

We are moving our JSS to the cloud and want to have a JDS in each building. The Master will be in the home office and 'child' instances will be in the remote offices.

The roadblock that i am getting is the firewall.
The JDS(s) have internal IP addresses on each building's server subnet. The JSS is on JamfCloud (external) The systems guys can give me an external IP that routes to the internal JDS IP.

When I set up the JDS, the Installer grabs the current IP address (internal) and reports to the JSS as the IP address of the JDS. However, the IP address from the outside is actually different. So the JSS cannot connect.

If I were to 'trick' the installer to report the external address, what happens to the clients when tey try to download software? Will the JSS tell the clients to use the external address? <--- BAD!
Will the child JDSs be addressed by the Master JDS directly or do they need to be 'seen' by the JSS also?

We have a similar issue with our LDAP server connection to the cloud and we are attempting to use JAMF's Infrastructure manager...without much success

I can't be the only person struggling with this issue.

Petere2848427a002453e92ceb6bc0d6a515d

(see attached)

4 REPLIES 4

ajamal
New Contributor

I don't think Infrastructure Manager supports NAT, but you can use the LDAP Proxy that's part of the NetSUS.

ajamal
New Contributor

Vote on this feature request for NAT support in IM: https://www.jamf.com/jamf-nation/feature-requests/5179/infrastructure-manager-needs-to-support-nat

Phantom5
Contributor II

I've manage to work a similar problem with NAT and split view DNS. JDS will report a hostname to the JSS. When users need to download a package or a policy, DNS will translate the IP based on ACLs and network location of the device. If the device is on the internet, a firewall translates the external IP into the internal IP.

Hope it helps.

rigualj
New Contributor II

When installing the JDS we are prompted for the JDS hostname, JSS URL, etc.

The JDS hostname is what will be used to mount this share. We can use the IP, fqdn, or local hostname - just depends on the environment.

The JDS will then check-in with the JSS much like a client will, so it needs internet access or at least access to the cloud JSS. It will then see if it has packages available and download these packages.

Clients and Casper Admin will mount the JDS by using the hostname specified. For external JDS's I advise using a public FQDN for the hostname. jds1.company.com.