This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best way to allow Mac updates

We're primarily a Windows shop, but we do have 20 or so Macs in our various Graphics Departments.

Since we rolled out our UTM last week, they haven't been able to get their updates. I'm told they need access to the App Store on ports 80 and 443.

What's the best practice for allowing these updates and still keeping people otherwise off the App Store?



This thread was automatically locked due to age.
  • Show one log line for each URL that was blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • There are hundreds of similar lines. Here's a sample:

    2016:03:07-09:47:21 perimeter1-1 httpproxy[28120]: id="0078" severity="info" sys="SecureWeb" sub="http" name="web request warned, forbidden tag detected" action="warn" method="GET" srcip="10.10.10.106" dstip="" user="kknodel" ad_domain="WRIGHTBG" statuscode="403" cached="0" profile="REF_HttProContaDclanNetwo (AD SSO)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3344" request="0x92d0a000" url="ax.init.itunes.apple.com/.../initiateSession referer="" error="" authtime="34" dnstime="0" cattime="123" avscantime="0" fullreqtime="353" device="2" auth="2" ua="MacAppStore/1.3 (Macintosh; OS X 10.9.5) AppleWebKit/537.78.2" exceptions="av,fileextension" reason="WBG_WARN" category="177" reputation="neutral" categoryname="Content Server"

  • SteveHart said:
    name="web request warned, forbidden tag detected" action="warn"

    It looks like you are blocking iTunes on purpose.  You need an Exception for the tag in question for the group of Mac users, or for the subnet they are in if that's the case.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Is there any way to allow mac updates, but block music downloads and such from the same sites?

  • In that case, make an Exception with a list of the allowed URLs.  For example, ^https?://ax.init.itunes.apple.com/WebObjects would cover the block in the log line you showed above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA