I've setup the profile manager and locking a laptop works great while on the same LAN as the Lion server but if I'm outside the office it will never get the remote lock request. The Lion server is behind a NAT. Do I need to forward ports to the lion server?
Lion Server: Send remote lock from outside LAN
profile-managerserver.app
Related Question
- Profile Manager on Lion and the Workgroup group
- MacOS – Using Software Update server without binding Mac to Lion Server domain
- Is it possible to use Remote Desktop to control a Mac Lion Server without monitor and keyboard attached
- MacOS – What ports need to be opened to use the L2TP VPN server on Mountain Lion Server
- MacOS – How to fix Lion 10.7 Apple Webmail “Connection to IMAP server failed”
- MacOS – Can’t lock Profile Manager devices outside of server WiFi network
Best Answer
Yes, you'll need to either forward these ports to your Lion server, or put the Lion server in your firewall's DMZ. You will also need to make sure that the DNS name of your Lion server is resolvable to devices outside of your network.
The Apple Push Notification service used by Profile Manager will tell your device "Check in with this server", but your server needs to be resolvable and accessible for your device to actually check in and get the command that you've set for it in Profile Manager. That's why the lock command is working while your laptop is on the same LAN as the server.