Cannot Connect to App Store Since Upgrading to iOS v11

Ever since upgrading our iOS devices to v11 they "Cannot Connect to App Store" when the connection is through our UTM. We are not experiencing any issues connecting these devices to the App Store through other non-UTM Internet connections.

There are no blocked packets in the Firewall logs and no blocked connection attempts in the Web Protection logs.

The "Apple Update [Allows Apple Update without content scanning side effects.]" Web Protection exception is enabled.

I'm running UTM v9.415-1 (and not interested in upgrading to v9.5 so please don't suggest that as a fix unless this is a known issue with v9.4).

Adding iOS devices to the "Skip Transparent Mode Source" list resolves the issue but is obviously a less than desirable solution.

I can't be the only one experiencing this issue. Please help.

  • In reply to busthead:

    Hi busthead,

    are you located in Australia? I was saying add *.apple.com.au or even apple.com.au with the suffix being your country.

    Ian

  • In reply to busthead:

    v9.509-3 appears to have resolved this issue.

  • I have similar problem.

    I fixed the problem by adding "ocsp.digicert.com" to "Skip Transparent Mode Destination Hosts/Nets".

  • In reply to busthead:

    busthead

    v9.509-3 appears to have resolved this issue.

     

     
    Strike that. The issue returned after updating to iOS 11.3.1 and remains unresolved for at least the last five months. Is there no way to get Sophos support to do something about this?
  • In reply to busthead:

    Hi,

    slightly different to you, my iPad and iPhones are all connecting quite happily, but the MAC Book Pro isn't. The error message indicates a DNS issue, which more than likely means apple have added another url to the update list which is not *.apple.com.

    Ian

  • In reply to rfcat_vk:

    rfcat_vk
    The error message indicates a DNS issue

     

    What error message? Can you please capture and share it here? It may provide a clue as to how to solve this issue.

     

    Also, if you update iOS on your iPad, it's able to connect to the iOS app store and update apps? Does your iPad have a cellular connection or only Wi-Fi? This issue appears to affect Wi-Fi only devices but not cellular enabled iPhones, etc.

     

    Could anyone with a Mac who is experiencing this issue grab a packet capture via 'sudo tcpdump port 53' please?

  • In reply to busthead:

    Further update. iPad is only wifi and checks software version okay but fails app store again.

    The error from the MAC

    Ian

     

    Update:- I see SYN error in the firewall log when I try to connect from any Apple device.

    More. The Apple site advises restarting IoS device after receiving the error. I did on the iphone and that worked, but not the iPad. The other interesting thing is if you take the device out of the network update it then bring it back into the secure environment the access to the app store works. So what is being blocked, I can't see whatever it is in any log?

  • In reply to rfcat_vk:

    Hi,

    have a look at this url, might provide some insight about certificate errors.

    https://discussions.apple.com/thread/8161225

    Ian

    Doing a lot more digging the issue appears to be apple based to do with certificates expiring.

  • In reply to James Lee:

    Thanks James, this is the only solution that helped me.  I'd rather transparent proxy everything I can, so am keen to find out why proxying this host causes iTunes store to not be accessible.