Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 41 subscribers
  • Views 10631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Apple App Store Cannot Connect

tomrgsd

We are having an issue with the app store not opening on some Macbooks and iPads. It appeared to be related to Mojave, but some iPads are having issue too. It says Cannot Connect to App Store. After some troubleshooting, it appears that the app store is using Akamai servers for the content. I did a packet capture and there was traffic trying to get to the some IP addresses in the 23.x.x.x range. Although our filter says the traffic was allowed, the firewall packet capture shows it getting denied. As a test I created a firewall rule to allow any traffic going to 23.0.0.0/8 (Where Akamai Resides) and it fixed the issue. Now I don’t want to allow that whole CIDR block. Any thoughts on what changed? The strange part is that it is not happening to all devices, just a few.



This thread was automatically locked due to age.
Parents
  • 0

    Ok. I have confirmed now, I had a Macbook with High Sierra OS and the App Store worked perfectly fine. I updated to Mojave and the issue popped up. When you open the App Store, it says cannot connect to App Store and only provides an option retry, which does nothing. I also tested an iPad that had iOS 11.2.5 (I believe). I updated to iOS 12.1.1 and the same problem, the App Store worked fine before update, then after it says Cannot Connect to App Store. If I then enable a firewall rule to allow all traffic to 23.0.0.0/8, the App Store on the Macbook and iPad start working again. Not sure what changes that would require me to specifically open that IP range. Still Stumped.

  • 0 in reply to tomrgsd

    Hi Tom,

    this is what I updated my exceptions to for the Apple APP store and News. I am running MBPs, iPhones and iPad.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

  • FormerMember
    0 FormerMember in reply to rfcat_vk

    Hi rfcat_vk,

    I just verified with these web exceptions and it works with Apple Application store. 

     

    ^([A-Za-z0-9.-]*\.)?cdn-apple\.com\.?/

    ^([A-Za-z0-9.-]*\.)?icloud\.com\.?/

    ^([A-Za-z0-9.-]*\.)?mzstatic\.com\.?/

    ^([A-Za-z0-9.-]*\.)?apple\.com\.?/

    Thanks,

     

  • 0 in reply to FormerMember

    Hi H_Patel,

    for some strange reason that series of exceptions is turned off in V18 EAP3 and I can access the Apple store from all devices, strange?

    Ian

     

    Further investigation was I created a firewall rule specifically for the Apple devices to access Apple sites, so no need for exceptions.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Update.

    I moved from using DPI to proxy because I was having too many failed connect attempts and now I have to enable ether web proxy exception list. I also to enable the facebook exception list.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to rfcat_vk

    Update.

    I moved from using DPI to proxy because I was having too many failed connect attempts and now I have to enable ether web proxy exception list. I also to enable the facebook exception list.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML