8 Replies Latest reply: Dec 13, 2015 1:59 PM by bpefromermelo
godona Level 1 (0 points)

I work in a secondary school in Victoria, and we are keen on blocking iMessage and Facetime while connected to the school network.  In our context, students own their individual devices and hence we do not want to lock down the individual devices.  However, we want to be able to block the appropriate connections such that iMessage would be disabled while at school.

 

My greatest concern is that blocking the ports outright would cause all sorts of other problems with other browsing and network functions.  Any suggestions would be welcomed.


iPad 2 Wi-Fi
  • gyrhead Level 3 (785 points)

    You can block Facetime by turninig it off in the Restrictions setting.  iMessage cannot be restricted this way and blocking it on the firewall may cause issues with apps the use APNS, iCloud, etc.. proceed at your own risk.....

  • MessagingTech Level 1 (40 points)

    Looking at our firewall logs and doing some tests iMessage is going out over port 80 to Apple.  If you were to block this like guyhead said, you'll likely block other services or apps from working on the device.  I don't really see a way to block iMessage as the students could switch to 3G if the devices support it and still use it.  Looking in our MDM solution, doesn't provide an option to restrict access to it either.

  • gyrhead Level 3 (785 points)

    http://support.apple.com/kb/ht4245

     

     

    iMessage uses 80, 443, and 5223.  Obviously you cannot block 80 and 443 but 5223 might cripple it without too collateral damage. Below are listed some other services Apple has on 5223:

    http://support.apple.com/kb/TS1629

     

     

    5223

     

     

     

    XMPP over SSL, Apple Push Notification Service

     

    -

     

    -

     

    MobileMe (Automatic sync notifications) (see note 9), APNs, FaceTime, Game Center

  • godona Level 1 (0 points)

    Thank you for your response.

     

    I understand that we are never going to be able to completely prevent its usage due to techologies such as 3G or personal wireless hotspots.  However, we do not want iMessage to be running continuous traffic on our alreadly limited network.  Nor do we want to make it easy for them to have continuous access to communication whille in class.

     

    We're not overly fussed about limiting some of the other functions from apple, iMessage has caused us enough consistent bullying issues that limited access at school can come at the cost of some functionality.  Obviously, we want to ensure that students can access the apps store and download apps at school.

     

    I also understand that there are going to be other messaging applications that can be used, but again, it's about makeing a concerted effort to maintain the environments in which students are learning.

  • godona Level 1 (0 points)

    thanks.

     

    we'll have a further look into blocking this port and see if it solves the issue or not.

  • captrams Level 1 (0 points)

    Godona,

    Did you ever have any luck blocking your students to Imessage. We had been doing this with our MDM but after IOS 7 we are seeing students using it again. I am attempting to block it via our firewall with no luck as it appears to work just fine using 443. Just wondering if you had found a solution and if it was still working for you after the release of IOS 7.

  • gyrhead Level 3 (785 points)

    Supervise the IOS 7 iPads with Configurator 1.4 and you can disable iMessage in the configurator settings.

    If the device is supervised most MDM solutions allow for disabling iMessage as well.

  • bpefromermelo Level 1 (0 points)

    Hi

     

    I have finally succeeded in blocking imessage (and facetime) on the iphones and ipads in my family network by adjusting router settings.

     

    In the router, in my case Netgear, there is an option to block services for a specific number of IP addresses (which I gave fixed numbers in the DHCP table). I blocked port numbers for TCP at 5223 (apple push notification service), 443 ( Secure Sockets Layer (SSL, or "HTTPS")), 2195 (apple push notification service) and 2196 (apple push notification service). Additionally, I blocked according to a time schedule which is also an option in the router settings. During daytime my family is able to imessage and facetime. In the evening and night the above mentioned port numbers are closed. I hope this helps.

     

    Kind regards