Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Exception - Apple Update and iCloud

Good day! We've added in Web Exception the recommended links from Apple to except it from policy checks and https decryption. Unfortunately yesterday, our company issued Apple phones to it's employees and it seems even if weset Allow All in Web Policy and Application Policy the apps can't be downloaded or retrieve... Halp.



This thread was automatically locked due to age.
Parents
  • We've already added these to Web Exception

    ^([A-Za-z0-9.-]*\.)?mzstatic\.com\.?/

    ^([A-Za-z0-9.-]*\.)?apple\.com\.?/

    ^([A-Za-z0-9.-]*\.)?icloud\.com\.?/

    ^([A-Za-z0-9.-]*\.)?cdn-apple\.com\.?/

    And are these four necessary to allow Apple updates?

    And also when you do Web Exception do you always check Https Decryption and Policy Checks?

    We've checked the four...

  • Hi,

    You also need to add exceptions from policy checks, HTTPS certificate validation.

    I ended up creating a specific rule for all my apple devices that points at apple sites as well using the FQDN list.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi. How do you that FQDN in Firewall. Can you site an example?

    rfcat_vk said:
    Hi,

    You also need to add exceptions from policy checks, HTTPS certificate validation.

    I ended up creating a specific rule for all my apple devices that points at apple sites as well using the FQDN list.

    Ian

  • Hi,

    a warning this does not work in the IPv6 firewall rules.

    the firewall rule screenshot is from V18 EAP3.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • This may sound absurd but why do we need to do this even if it is already added to web exception that has bypass to policy checks? It means this is also the reason why some of Office 365 apps deployed in my Windows devices such as Microsoft Teams app that are not working properly even if it is also added to web exception :'(

    Hi,

    a warning this does not work in the IPv6 firewall rules.

    6013.Screen Shot 2020-02-03 at 10.23.17.png

    8360.Screen Shot 2020-02-03 at 10.24.00.png

    6177.Screen Shot 2020-02-03 at 10.24.47.png

    the firewall rule screenshot is from V18 EAP3.

    Ian

  • Not all of them are in your exception list. Also I found that the access seems to change from week to week. At one stage I had that rule disabled and relied on the exceptions, then there was an update possibly to XG policies that broke access to the Apple sites again so I had to re-enable the firewall rule.

    Just going on my Apple device access issues and how I solved them for 2 iPhones, iPad and 2 MBPs, one with MS office.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Not all of them are in your exception list. Also I found that the access seems to change from week to week. At one stage I had that rule disabled and relied on the exceptions, then there was an update possibly to XG policies that broke access to the Apple sites again so I had to re-enable the firewall rule.

    Just going on my Apple device access issues and how I solved them for 2 iPhones, iPad and 2 MBPs, one with MS office.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children