Apple Watch weather compilation not working with DPI engine

We have two Apple Watch Series 4's (non-cellular) with the latest watchOS installed (this issue has been occurring across multiple watchOS versions). On both watches, there is a weather compilation setup that shows the current weather conditions. Although the Apple Watch is technically connected to the wifi network, they are paired to an iPhone and pulls its data from the iPhone. However, when the iPhones are connected to our home network, the Apple Watch weather compilations do not work. It simply shows two dashed lines -- (basically means no data). If I turn off wifi on my iPhone, the weather compilation will begin working a few seconds later. I don't see anything in the Sophos XG logs that indicate something is being blocked or wrong.

Firewall setup:

  • Both iPhones and Watches are assigned to a firewall rule (MAC host) with an IPS policy, application policy and web filter policy enabled. Malware scanning is also enabled.
  • Only the iPhones are assigned to an SSL/TLS inspection rule. Certificates are installed on both iPhones and we have no issues using the internet on the iPhones. 
  • Advanced Threat Protection (ATP) is disabled.

I never had this issue on v18 and the firewall rules and policies are nearly identical.

If I enable "Use web proxy instead of DPI engine" on the firewall rule that the iPhone and Watches are assigned to, this appears to fix the issue, so I'm assuming it's a problem with the DPI engine.

Parents
  • Hi shred,

    it works without any problems on my watch - in Germany Apple uses weather.com backends and I don‘t have any extra exceptions defined for it.

    However you can/should import the ca certificate to the watch, too.

    I even enabled https scanning for the watch (and all Apple devices ;) ) since the new approach and improved logging with v18.

    Update: Differences in our setup might be: I‘m not using application policies and ATP is enabled on my machine.

    Best Regards

    Dom

Reply
  • Hi shred,

    it works without any problems on my watch - in Germany Apple uses weather.com backends and I don‘t have any extra exceptions defined for it.

    However you can/should import the ca certificate to the watch, too.

    I even enabled https scanning for the watch (and all Apple devices ;) ) since the new approach and improved logging with v18.

    Update: Differences in our setup might be: I‘m not using application policies and ATP is enabled on my machine.

    Best Regards

    Dom

Children
No Data