Apple App Store Connection Errors

Hi There,

I have some weird problems with the Apple App Store on our Macbooks. Some colleagues can use the store without any problems, others can not open it at all.
There are they same firewall rules that apply to all users, regardless of whether they are WiFi or LAN.
I have already set exceptions in the web policy, and put all the URLs from the Apple article into a firewall rule where the IPS is disabled.https://support.apple.com/de-de/HT201999

Please have a look at my screenshots. The Problem is also, that I can't see any errors at the log viewer or with paket capture whan a colleague try's to download something at the store.

Any ideas?

 

WiFi Clients are in the same zone like LAN.

  • Which Version do you use? 

  • In reply to LuCar Toni:

    Hi, 

     

    sorry for the delayed answer. I was on vacation. 

    SFOS 17.5.4 MR-4

     

    Regards, 

    Jonny

  • In reply to Jonny Klaas:

    Hi,

    I have been experiencing the same issue on my iPad, applications cannot be downloaded at the moment, try later. Same apple;ications are installed and working on MBP and iPhone. iPad and MBP use the same firewall rules. My exception list is not as large as the one above.

    I was able to download and install other applications without an issue, just the Apple apps.

    Nothing in the log viewer either firewall or web. I setup a 4G hotspot on my iPhone and the applications downloaded and installed without any issues. Strange?

    Ian

  • Same issues,  and more related to Apple App Store, iTines and Apple TV app connectivity.

    I’m running 17.5.5 MR5, but this has been an issue for a while on previous versions.

    I have multiple devices that work consistently connecting to Apple App Store,  and several that consistently have issues.

    One potential piece of the puzzle is that the devices that work consistently connect to networks at other locations regularly, while those that do not work are more likely only on the XG network.

  • In reply to Scott Klauminzer:

    Scott Klauminzer

     I have multiple devices that work consistently connecting to Apple App Store,  and several that consistently have issues.

    One potential piece of the puzzle is that the devices that work consistently connect to networks at other locations regularly, while those that do not work are more likely only on the XG network.

     

     
    THIS!
    Absolutely same behaviour at my site. 
     
    @ some ideas? 
  • In reply to Jonny Klaas:

    Can you explain to us, if all devices are wireless devices? 

    Do you use Sophos Wireless Hardware? 

  • In reply to LuCar Toni:

    Hey, 

     

    No, not only Wireless. Some macbooks with Ethernet Connection and some wireless. 

    Yes we use 13x AP100C from Sophos. 

     

    UPDATE: 

    I've just talked with my colleagues, which reported this problem. For the moment the app store is working again without any problems!? 

    I've investigated this problem for 1,5 weeks... i have no clue whats happening. I'm the only person who has access to our xg. 

    *scratch head*

  • In reply to Jonny Klaas:

    Hi,

    I used find it had to with Apple software releases. Mine worked until the latest IoS release.

    Also I agree with a previous poster that the devices that are never used outside the local network suffer most.

    Ian

  • In reply to LuCar Toni:

    LuCar Toni

    Can you explain to us, if all devices are wireless devices? 

    Do you use Sophos Wireless Hardware? 

     

     

    All devices with issue are wireless. We have both AP50 and AP30 Sophos hardware.

  • In reply to Scott Klauminzer:

    More Info:

    Confirmed the issue with devices not connected to alternate wireless networks. I connected a device that had only been connected to XG wireless via Sophos AP50, which could not connect to Apple App Store, to a wireless network not associated with the XG and it connected first try. Not only that, it is now able to connect to the Apple App Store via its original Sophos XG wireless network.

    Hope this helps determine the issue. Please post with your results, if able to test.

  • In reply to Scott Klauminzer:

    Do you use separate zone or bridge to AP LAN? 

    Can you try Bridge to AP LAN and reproduce the issue?

    If the issue only exist in Separate zone, verify, you are running V17.5 and delete / recreate the separate zone. 

     

  • In reply to LuCar Toni:

    Hey, me again. 

    After the update to 17.5 MR5 the issues come back. 

    I can confirm:

    • that the problem occurs with wifi and ethernet connection, same rule and zone settings
    • some colleagues can open the store without any problems, but the majority get an error
    • that the IPad Appstore is also blocked, even in our wifi guest network where are no webfilter or ips rules have been activated. only AV, but already tested it without scanning.
    • After I switched the Ipad to a private hotspot, the app store works immediately. 

    But if I switch back to our guest wifi, the app store works again without any problem or error?

    I can't reproduce the problem after one successfull connection to the app store. 

     

    Any Ideas?

  • In reply to Jonny Klaas:

    As far as i know, there were couple of issue in the past with the MTU Size and Apple services. 

    UTM9.3 (or 9.2) had a bug fix with MTU Size change to 1450 in wireless (separate zone).

    This caused all apple services were not able to connect anymore. 

    But it seems to be kinda odd, that you only observe this with certain clients and you cannot reproduce this issue. 

  • In reply to LuCar Toni:

    LuCar Toni

    But it seems to be kinda odd, that you only observe this with certain clients and you cannot reproduce this issue. 

     

     
    I will do some more testing at thursday and give you a feedback. But yes it's a really strange behaviour. 
    We also use the Sophos Endpoint Security at our Mac's, but there is no security client at our IPad with the described error from yesterday. 
     
    Maybe do you have an idea which Log from the XG could be helpful, to delimit the problem? Or should I open a ticket with the support?
  • In reply to Jonny Klaas:

    The point is, it is hard to find the causing module in XG, if we do not know, what is going on and when.

    So we can not simply put everything in Debug and "wait".