Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: How do I block iMessage on a Network?

I work in a secondary school in Victoria, and we are keen on blocking iMessage and Facetime while connected to the school network. In our context, students own their individual devices and hence we do not want to lock down the individual devices. However, we want to be able to block the appropriate connections such that iMessage would be disabled while at school.


My greatest concern is that blocking the ports outright would cause all sorts of other problems with other browsing and network functions. Any suggestions would be welcomed.

iPad 2 Wi-Fi

Posted on

Reply

May 21, 2012 7:38 AM in response to godona In response to godona

Looking at our firewall logs and doing some tests iMessage is going out over port 80 to Apple. If you were to block this like guyhead said, you'll likely block other services or apps from working on the device. I don't really see a way to block iMessage as the students could switch to 3G if the devices support it and still use it. Looking in our MDM solution, doesn't provide an option to restrict access to it either.

May 21, 2012 7:38 AM

Reply Helpful

May 21, 2012 8:10 AM in response to MessagingTech In response to MessagingTech

http://support.apple.com/kb/ht4245



iMessage uses 80, 443, and 5223. Obviously you cannot block 80 and 443 but 5223 might cripple it without too collateral damage. Below are listed some other services Apple has on 5223:

http://support.apple.com/kb/TS1629



5223




XMPP over SSL, Apple Push Notification Service


-


-


MobileMe (Automatic sync notifications) (see note 9), APNs, FaceTime, Game Center

May 21, 2012 8:10 AM

Reply Helpful

May 21, 2012 8:13 PM in response to MessagingTech In response to MessagingTech

Thank you for your response.


I understand that we are never going to be able to completely prevent its usage due to techologies such as 3G or personal wireless hotspots. However, we do not want iMessage to be running continuous traffic on our alreadly limited network. Nor do we want to make it easy for them to have continuous access to communication whille in class.


We're not overly fussed about limiting some of the other functions from apple, iMessage has caused us enough consistent bullying issues that limited access at school can come at the cost of some functionality. Obviously, we want to ensure that students can access the apps store and download apps at school.


I also understand that there are going to be other messaging applications that can be used, but again, it's about makeing a concerted effort to maintain the environments in which students are learning.

May 21, 2012 8:13 PM

Reply Helpful

Sep 30, 2013 7:18 AM in response to godona In response to godona

Godona,

Did you ever have any luck blocking your students to Imessage. We had been doing this with our MDM but after IOS 7 we are seeing students using it again. I am attempting to block it via our firewall with no luck as it appears to work just fine using 443. Just wondering if you had found a solution and if it was still working for you after the release of IOS 7.

Sep 30, 2013 7:18 AM

Reply Helpful

Dec 13, 2015 1:59 PM in response to gyrhead In response to gyrhead

Hi


I have finally succeeded in blocking imessage (and facetime) on the iphones and ipads in my family network by adjusting router settings.


In the router, in my case Netgear, there is an option to block services for a specific number of IP addresses (which I gave fixed numbers in the DHCP table). I blocked port numbers for TCP at 5223 (apple push notification service), 443 ( Secure Sockets Layer (SSL, or "HTTPS")), 2195 (apple push notification service) and 2196 (apple push notification service). Additionally, I blocked according to a time schedule which is also an option in the router settings. During daytime my family is able to imessage and facetime. In the evening and night the above mentioned port numbers are closed. I hope this helps.


Kind regards

Dec 13, 2015 1:59 PM

Reply Helpful (1)

Apr 7, 2016 11:09 PM in response to godona In response to godona

Hi Godona,


I have recently blocked iMessage at the firewall and thought I would share.

Blocking port 5223 alone is not enough (but still necessary) and blocking any domain names (ie. albert.apple.com etc.) will not work.

The block needs to happen at the IP address level - here is the approach I took:

There are three ranges of IPs that iMessage uses and need blocking:

17.173.0.1 to 17.173.255.255

17.178.0.1 to 17.178.255.255

17.133.0.1 to 17.133.255.255


Obviously, these are large IP ranges and likely contain services that you still want to use (ie. App Store). There, explicitly ALLOW the following range to enable the App Store:

17.173.65.1 to 17.173.65.255


Caveats:

1. We have only just implemented this block and therefore there may be other Apple services we are not aware of yet that need to be included in the 'Allow' rule.

2. This block also blocks FaceTime

3. With the block in place, the 'Messages' app appears to take a very long time to deliver the message but eventually reports it as delivered. The message does not actually get sent and thus not delivered.


I hope this helps someone as it took me a while to perform the forensics.


Cheers

Apr 7, 2016 11:09 PM

Reply Helpful (3)

Jan 23, 2017 1:04 PM in response to John Paul College In response to John Paul College

Hi John,


Thank you so much for this post.


But I have few question... may be with no answer...


How can we be sure that only those iP addresses are used for iMessage ?


If I check on my network, for the IP addresses Class 17, who belongs to Apple I think, I have other kind of traffic :

for example

17.249.0.0 /16

17.110.0.0 /16

17.174.0.0 /16

I'm pretty sure that some are used by other Apple's services...

What if Apple decides to add on other class B to iMessage servers ?


Cheers

Jan 23, 2017 1:04 PM

Reply Helpful
User profile for user: godona

Question: How do I block iMessage on a Network?