Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Exception - Apple Update and iCloud

Good day! We've added in Web Exception the recommended links from Apple to except it from policy checks and https decryption. Unfortunately yesterday, our company issued Apple phones to it's employees and it seems even if weset Allow All in Web Policy and Application Policy the apps can't be downloaded or retrieve... Halp.



This thread was automatically locked due to age.
Parents Reply Children
  • Not all of them are in your exception list. Also I found that the access seems to change from week to week. At one stage I had that rule disabled and relied on the exceptions, then there was an update possibly to XG policies that broke access to the Apple sites again so I had to re-enable the firewall rule.

    Just going on my Apple device access issues and how I solved them for 2 iPhones, iPad and 2 MBPs, one with MS office.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi sir! I've opened a ticket to Sophos regarding this case. We've tried getting some log and tried packet capture.

    To cut the story short, we have RETRANSMISSION issues.

    Can you guys explain what does retransmission means?

    And they've recommended to reduce the MSS size, how does it help us resolve the issue?

    rfcat_vk said:
    Not all of them are in your exception list. Also I found that the access seems to change from week to week. At one stage I had that rule disabled and relied on the exceptions, then there was an update possibly to XG policies that broke access to the Apple sites again so I had to re-enable the firewall rule.

    Just going on my Apple device access issues and how I solved them for 2 iPhones, iPad and 2 MBPs, one with MS office.

    Ian

  • They have asked us to put the MSS to 1280

  • Hi  

    Your screenshot, as you have stated, is from v18EAP refresh 3.  This is not supported as of yet via support.

    You should check in with the correct forum here: https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues

    I am on v17.5MR9 and have no issues updating my apple devices as long as the preconfigured web exception for apple is still enabled.  Below is a screenshot:

     

    If I disable that web exception, nothing for Apple works.

    Thanks.

    KingChris
    Community Support | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link