Step 1: Configuring an Interconnect in Jamf Security Cloud

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
  1. In Jamf Security Cloud, navigate to Integrations > Access gateways.
  2. On the Dedicated gateways tab, in the Dedicated IPSec gateways section, click Create gateway.
  3. Under Custom IPSec, click Create gateway.
    Note:

    Use the quick connect option if your hardware does not meet the minimum requirements for Custom IPSec implementation.

  4. Enter a Gateway name for the gateway.
    This name will be used as a routing destination within your access policies.
  5. Select your IPSec network vendor.
  6. Enter your technical contact's name and email address.
  7. Use the Egress region menu to select the global Jamf datacenter that is geographically closest to your cloud infrastructure region.
    1. Under Jamf Security Cloud IPSec source IP addresses, select "Single IP address" and pick any of the available addresses.
      Note:

      Save this IP address for a later step when configuring the cloud infrastructure side of the tunnel.

  8. Under Connection and authentication, complete the following fields:
    1. Enter a random temporary IP address in the Your IPSec gateway IP address field.

      This value will be changed when your cloud infrastructure assigns you an IP address on their side in a later step.

    2. Set the IKE domain ID to the outside IP address of the site-to-site VPN connection.
    3. Click Generate secret, then Copy secret.
    4. Paste the password into a secure location, such as a note in a password manager.
    5. Select the I have saved the authentication secret checkbox.
      Note:

      You can change the shared secret in the future, but cannot view it for security purposes.

  9. Under Proposals and Cyphers for Phase 1 and Phase 2, complete the following:
    1. Select a key exchange protocol.
    2. Modify the Phase 1 and Phase 2 configurations as needed.
    Note:

    The Phase 1 and Phase 2 configurations are pre-selected in Jamf Security Cloud. Modify the settings so that they exactly match the configurations on your side of the VPN tunnel.

  10. Under Encryption Domain, complete the fields below:
    1. Define the Jamf Security Cloud subnet with the IP address picker.

      The picker limits available IPs to those in the Address Allocation for Private Internets (RFC1918) defined categories.

    2. Note the resulting Pingable ICMP test address that is generated.

      You can use this IP address to validate that the Jamf Security Cloud side of the tunnel is reachable from your side.

    3. Define Customer subnets.

      These are the network subnets (typically your application servers) in CIDR format that remote Jamf Trust users will be able to reach via this interconnect, provided their device is allowed by all Zero Trust policies. If you are unsure of the value to enter, or want to make all IPs routable via this tunnel, set this field to 0.0.0.0/0.

      Note:

      An Encryption Domain is the IP addresses (network subnets) at either end of the tunnel that should be encrypted and able to route to each other. These can be single hosts or multiple networks.

    4. Click Next.
  11. Review your configuration, then click Save and create.

    The new gateway is displayed on the Dedicated gateways tab.

  12. Click the Actions menu for the newly created gateway, then select "View" to view the details you will need to configure the cloud infrastructure side.

The VPN route has now been created on the Jamf side of the interconnect.