Blocked HTTPS from Apple

Question

All: 
 I've noticed recently that my Apple iOS products no longer sync Contacts--that is, if I create a contact on my iPhone, that contact is never recognized on my iPad--until I use those products on networks other than one running through my Sophos UTM. I pulled up an WebAdmin Live Log Firewall window to see if something was being blocked. Sure enough, while using my iPad (or iPhone) I'm seeing HTTPS (443) traffic being dropped that's sourcing from Apple subnets 17.253.x.x and 17.248.x.x with the destination address being the static address assigned by my Internet Provider. 
 For example, if x.x.x.x is the static IP address assigned to me (which I have entered under Management-->System Settings-->Hostname), I'm seeing: 
 Default DROP TCP 17.253.29.204:443 --> x.x.x.x: (Some high port number like 54977) [RST] len=40 ttl=56 tos=0x00 srcmac=whatever dstmac=whatever 
 What's going on here and how do I remedy it? I already have firewall rules in place to allow traffic to/from Apple Networks (17.0.0.0/8) to my iPad and iPhone in place. 
 Any suggestions or thoughts would be appreciated. 
 Regards, 
 Robert

sachingurung · Answer

Hi Robert, 
 Go to Web Filter > Filtering Options > Exceptions; edit the default policy for Apple. Skip all the checks and verify if that helps. If that doesn't help, create a new exception policy for all the requests coming from the Apple servers IP addresses. I can also see that the RST packet is initiated from the Apple servers in the firewall logs. I need to check the http.log for more details. 
 Thanks

moose3d · Answer

I had this exact same problem. None of the solutions posted so far resolved it. This is what did: 
 
 Go to: Web Protection / Filtering Options / Misc. 
 Add the ipad/ipod into the "Skip Transparent Mode Source Hosts/Nets" 
 
 The SSL interception completely hoses things like iCloud backups. As soon as I did this, it all started working again and the messages in the firewall logs (like you're seeing) stopped. 
 
 Hope this helps you too!