Access to Apple APP store broke overnight

Hi folks,

this morning 3 of my Apple devices failed to connect to the APP store. I cannot find any reason in the logs.

I turned off wifi on my iPhone and connected to the APP store where two updates were flagged. Turned the wifi on and accessed the APP store and the updates were processed.

The question what downloaded and broke the APP store access. 

I will try using my wife's iPhone later because it is in a different rule group to see what happens and report back.

Ian

  • Hi  

    Is there any timeout configured for standby/idle connection?

  • In reply to Keyur:

    Hi Keyur,

    no change from the default. I will try disabling the iPad and re-enabling to see if a new connection works. DHCP refresh did not have any affect.

    Ian

  • In reply to rfcat_vk:

    Change of status did not and neither did a power restart.

    Now have 2 MBPs and an iPad that cannot connect to the App store.

    Ian

     

    My wife just returned from shopping and her iPhone connects to the App store and updates via the wifi.

  • In reply to rfcat_vk:

    There is a quite old thread on the same subject which I fail to find because my search skills are not very good in these forums.

    That thread had some instructions on what to use and search for in similar instances.

    Ian

  • In reply to rfcat_vk:

    Hi,

    I had the same problems and tried a lot with Web Exceptions and FQDN hosts. The big problem with the App Store definitely is the Malware Scan for http, as the app updates (and maybe images etc.) are transfered using http. Additionally the FQDNs are still problematic so I added the complete Class A network which belongs to Apple.

     

    My working solution (which I'm using for >1 years now) is the following WAN rule which I assign to all Apple Devices:

    • Destination networks:
    • FQDNs:
      *.apple.com
      *.icloud-content.com
      *.icloud.com
      *.mzstatic.com
      *.apple.com.edgesuite.net
      *.cdn-apple.com
      *.itunes.com
      *.apple-dns.net
      *.aaplimg.com
      *.apple.com.akadns.net
      *.ls-apple.com.akadns.net
      *.itunes-apple.com.akadns.net
      *.apple.com.edgekey.net
      *.ls2-apple.com.akadns.net
      *.origin-apple.com.akadns.net
      *.content-storage-download.googleapis.com
      *.content-storage-upload.googleapis.com
      *.mail.me.com
      *.mail.me.com.akadns.net
    • Network:
      17.0.0.0/8
    • Ports TCP:
      80, 443, 5223, 2195, 2196, 5224, 5228
    • Ports UDP:
      16384:16472, 3478:3497
    • Web and content scanning:
      nothing selected (!), Google QUIC disabled
    • Advanced:
      - IPS rule:
      Category = app-detect, browser-chrome, browser-firefox, browser-other, browser-plugins, browser-webkit, exploit-kit, file-executable, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, misc, netbios, os-mobile, os-other, policy-other, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-other, protocol-services, protocol-voip, pua-other, scan
      Platform = Unix, Mac, Other
      Target = Client

      - Custom Web policy without restrictions but with logging enabled.

     

    I hope this will help. :-)

    Best Regards

    Dom Nik

  • In reply to Dom Nik:

    Hi Dom,

    I will slowly add items from your list.

    I have had some of the suggested sites blocked for a considerable time, so I do not understand why all of a sudden access is blocked with no error messages in any log.

     

    Ian

    I have added all those FQDNs, some are duplicated in addressing. Somewhere while adding the FQDNs I fixed access to the APP store, but cannot get updates to the MBP OS. More work tomorrow in looking at the logs to see what is failing, maybe.
  • In reply to rfcat_vk:

    Hi Ian,

    I had similar issues and I believe some of the problems are related to caching on the client side. Especially different behaviour between clients and also the fact that changes on the FW side won‘t change anything on the client in the first place. I would suggest to restart the devices and wait some days.

    My list of FQDNs might not be 100% perfect as this is a very time consuming and frustrating. Please feel free to improve the list. :)

    Best Regards

    Dom Nik

  • In reply to Dom Nik:

    Hi Dom,

    I found two FQDNs that are not used one is iTunes which I suspect has been migrated to one of there complex FQDNs.

    I still cannot find what is blocking the MBP OS update check, nothing shows in the XG logs or the Sophos Home Premium logs.

    Ian

  • In reply to rfcat_vk:

    Hi,

    I connected to the internet from my MBP through my iPhone and was able to check the MBP OS without issues. Put the MBP back through the XG and the software update check worked.

    Please explain.

    Ian

  • In reply to Dom Nik:

    Hey Dom, do you know what TCP 5224 is being used for? I’ve searched around Google and posted about it on a couple forums but no one seems to know. I see this connection coming from my iPhone to an Apple server, but it’s not listed as a port that is used by Apple on their official website.

  • In reply to shred:

    Hi Shred,

    I think I had to open this port for push notifications. That must have happened 2-4 years ago.

    Right now the port is not used in my network. The FW logs are empty. Is your device using an older iOS version?

     

    I replaced this port by 2197/tcp right now - this one must be a new port in the Apple documentation?!

    Best Regards

    Dom

  • In reply to Dom Nik:

    I'm on the latest iOS 12 version. I have four iOS devices in my house too but I remember only seeing it from my iPhone. It continues to remain a mystery. :)