This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocked HTTPS from Apple

All:

I've noticed recently that my Apple iOS products no longer sync Contacts--that is, if I create a contact on my iPhone, that contact is never recognized on my iPad--until I use those products on networks other than one running through my Sophos UTM. I pulled up an WebAdmin Live Log Firewall window to see if something was being blocked. Sure enough, while using my iPad (or iPhone) I'm seeing HTTPS (443) traffic being dropped that's sourcing from Apple subnets 17.253.x.x and 17.248.x.x with the destination address being the static address assigned by my Internet Provider.

For example, if x.x.x.x is the static IP address assigned to me (which I have entered under Management-->System Settings-->Hostname), I'm seeing:

Default DROP  TCP  17.253.29.204:443 --> x.x.x.x: (Some high port number like 54977) [RST] len=40  ttl=56 tos=0x00 srcmac=whatever  dstmac=whatever

What's going on here and how do I remedy it? I already have firewall rules in place to allow traffic to/from Apple Networks (17.0.0.0/8) to my iPad and iPhone in place.

Any suggestions or thoughts would be appreciated.

Regards,

Robert



This thread was automatically locked due to age.
  • Hi Robert,

    Go to Web Filter > Filtering Options > Exceptions; edit the default policy for Apple. Skip all the checks and verify if that helps. If that doesn't help, create a new exception policy for all the requests coming from the Apple servers IP addresses. I can also see that the RST packet is initiated from the Apple servers in the firewall logs. I need to check the http.log for more details. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • If Sachin's suggestion doesn't fix you up, please show us a relevant line from the Web Filtering or full Firewall log file.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks to both of you for trying to help. What I've been dealing with in a large-scale failing of the Web Filtering functionality. Ever since I mistakenly deleted everything from the Edit Filter Action section months and months ago, it's been a hopeless disaster. Web Filtering just does NOT work. Is there any way to revert a particular section to default and leave everything else alone?

     

  • I had this exact same problem.  None of the solutions posted so far resolved it.  This is what did:

     

    Go to:  Web Protection / Filtering Options / Misc.

    Add the ipad/ipod into the "Skip Transparent Mode Source Hosts/Nets"

     

    The SSL interception completely hoses things like iCloud backups.  As soon as I did this, it all started working again and the messages in the firewall logs (like you're seeing) stopped.

     

    Hope this helps you too!