SSL DPI scanning not allowing iCloud and Apple Services

Question

Level 1

0 points

SSL DPI scanning not allowing iCloud and Apple Services

Hello,

This is my first post. So please be easy on me.

I have a Fortigate200D and we are doing SSL DPI (Deep Packet Inspection) on all encrypted traffic. I noticed that all of my Apple devices do not allow me to update now. Also, I cannot log into iCloud using the Settings on my iPad devices.

Apple thinks it cannot trust the certificate because it thinks there's a man in the middle attack. I can apply (accept) our Firewall certs and access akk port 443 websites (SSL) using safari and no issues with that.... it's just when the iPad itself tries to connect.

I'd like to set some exceptions in the firewall to skip all icloud and apple related services. I tried *.icloud.com and *.itunes.com but it didn't work.

Does anyone know the FQDN for the sites or the IP addresses I will need to put as a DPI exception to allow that traffic to pass through our firewall?

Many Thanks! Also thanks for showing mercy.

Apple Ipad 3, iPad Air 1 IOS 8.3

Joseph 😊

iPad (3rd gen) Wi-Fi, iOS 8.3

Posted on May 21, 2015 11:26 AM

Reply

Answer 1

Best reply

yimmay

Level 1

4 points

Sep 13, 2017 8:00 AM in response to CTLUSA

I know this is years old, but we just lit up DPI-SSL and had the same issue getting iTunes desktop to check for updates. I don't know that this will work for your iDevices as we've not experienced the issue with device updates.

23.64.127.112 did it for me. This is resolves to an Akamai address, however, we had to whitelist the IP to get it to work.

Cheers,

James

Reply