Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 44 replies
  • Answers 2 answers
  • Subscribers 33 subscribers
  • Views 21908 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Apple App Store Connection Errors

Jonnie

Hi There,

I have some weird problems with the Apple App Store on our Macbooks. Some colleagues can use the store without any problems, others can not open it at all.
There are they same firewall rules that apply to all users, regardless of whether they are WiFi or LAN.
I have already set exceptions in the web policy, and put all the URLs from the Apple article into a firewall rule where the IPS is disabled.https://support.apple.com/de-de/HT201999

Please have a look at my screenshots. The Problem is also, that I can't see any errors at the log viewer or with paket capture whan a colleague try's to download something at the store.

Any ideas?

 

WiFi Clients are in the same zone like LAN.



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    Ian can you dump such a connection attempt by your broken Apple device in a tcpdump and open it in wireshark?

    https://community.sophos.com/products/community-chat/f/knowledge-base-article-suggestions/105811/how-to-tcpdump-on-xg

    This should help.

    I would like to see, what is going on from XG perspective. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Toni,

    I don't have any failed connection attempts that I can find. The iPad just did not connect to the App store. I have taken out of my LAN because I needed an APP for my new headphones/hearing aids to set them up.

    As a result the APPs down load and connect. I can search for historical connections and see what I can capture.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Scott Klauminzer

    Still an issue with SFOS 17.5.6 MR-6 and AP firmware 11.0.008 (the latter applied today)

  • 0 in reply to Jonnie

    It appears that if a client connects from an outside network, something is set for a period of time, because the connection continues to function on back on the Sophos network for a while.

     

    After some time it will stop working. This sounds like a trusted certificate check / re-check interval or something like that.

     

    I'm not sure this helps, but it is a little more information to help Sophos figure this out. 

     

    Scott K.

  • 0 in reply to BLS

    After turning off Web Caching, the end result is still no ability to download updates, but the App Store can now at least populate with available updates... just fails with "Could not connect to the server" when clicking Update.

  • 0 in reply to Scott Klauminzer

    Hi Scott,

    I think I have found the possible cause while looking for something else in log viewer. I see a lot of block unknown https protocols going to some Apple sites and some AWS sites. As an experiment, try unticking block unknown https protocols in web -> general settings and see if you can connect. At the moment I don't have any blocked applications to try this on.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks for the suggestion Ian. Unfortunately, this was already unticked.

     

    I did untick the block invalid certificates for a time to test, with no luck.

     

    Scott.

  • 0 in reply to Scott Klauminzer

    The following worked for me.

    Create a new User/Network rule at the top:

    Rule Name Apple Services

    Source Zone: LAN

    Source Networks and Devices (either add selected devices or choose any)

    Destination zones: WAN

    Destination Networks

    Choose Apple Services (should be inbuilt)

    Create Apple .aaplimg Services as FQDN host: *.aaplimg.com

    You may need to create another FQDN Host for Akamai: *.akamaitechnologies.com

    Don't check any web malware and content scanning

    Don't turn on any advanced settings leave them all as None (IPS, Web, App)

     

    This resolved my problem... UP UNTIL SFVH (SFOS 17.5.7 MR-7)  - Will be rolling back to MR-6 later.

  • 0 in reply to Daniel Bingham

    Adding akamaitechnologies.com to bypass IPS, Web filtering and App is dangerous, given that they are a CDN and not just apple...

     

    I still don't understand why the OP is having issues, we have several Apple devices (Apple TV's, iPhones, iPads, MacBook's) and they all work well with the AppleStore, and go through a HTTP and HTTPS rule (I have them both separated), and I have no connectivity issues to the Apple Store.

     

    IPS on both rules is enabled, as is pharming protection...although for the HTTPS rule, I don't have scan HTTPS traffic enabled.

     

    HTTP rule...

     

    HTTPS rule...

    Tim Grantham

    Enterprise Architect & Business owner

Cookie Information Banner