V17 MR5 and failures

Hi,

under MR3 there was a problem using Application policy which is fixed for the PCs and the Macs once they have seen the wild internet but not behind the XG.

The logs don't help, failed or successful attempts show.

Ian

Interesting, that sounds like the issue I had with a fresh install of Bitdefender.  It could not connect to the Bitdefender server for the initial update.  Other machines with Bitdefender installed prior to XG 17 worked fine.  I managed to get the fresh install of Bitdefender to work by temporarily changing the firewall rule on XG from any-to-any, updating Bitdefender database, then reverting my firewall rule back.  The fresh install now works flawlessly.  Nothing was ever registered in the logs, but something was obviously being blocked.

Looks like it was only the Apple App store that failed to find an internet connection, the apps themselves all updated, strange.

I have connected my failing devices directly to the internet via the iphone hotspot and now all connect to the Apple App store without errors while using the XG.

Ian

rfcat_vk said:

directly to the internet via the iphone hotspot

I have also seen this - once its spoken with Apple its OK behind the XG

I never worked out what was causing it though

Hey rfcat_vk 

Do you currently have any iOS devices where this issue can still be replicated?

Regards,

FloSupport | Community Support Engineer

Hi Flo,

I don't, I have connected them all via the hotspot.

Ian

If any users on this thread have a similar initial communication issue, please PM me so that we can perform further troubleshooting.
Please ensure that the Apple Update web exception is enabled if you are utilizing web filtering, along with verifying that the correct firewall rule is matching to the traffic via performing a packet capture.

Thanks,

FloSupport | Community Support Engineer

Hi Flo,

these were my findings in MR3.

The *.apple.com and the web exception did not work I had to create my own exception list. When I added the *.apple.com to my exception list (fqdn group) the connections again failed.

Under MR5 the applications updated, but the apple store filed on update checking regardless of settings.

Ian

Hi Flo,

one of my mac books has suddenly stopped talking to the Apple store update, 'no internet'. The following thread might have similar issues with the XG.

Two MACs both connect quite happily to the update servers. For some unknown reason the IP address used by my MAC is not recognised as being an Apple server (on Amazon) and goes straight through to rule 0. I have restarted the MAC, changed the firewall rule, but nothing. 54.251.46.50

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/98789/lan--wan-problem---dst-port-443

Ian

Hi Ian,

I will check my XG and Apple as soon I come back at home. What I have noticed is that hotmail emails are not working correctly. I use decrypt and scan since v16 and on hotmail, when you open an email, the link inside the email are not click-able and you cannot even copy text. Double clicliking the email (so the email opens in a new tab), all work as expected.

Of course, creating a firewall rule with no web filters works. Before MR5, I never had this issue.