Apple TCP and UDP ports used KB article HT202944 is missing basic information...

Question

Level 1

24 points

Apple TCP and UDP ports used KB article HT202944 is missing basic information...

I am an IT professional who is responsible for managing multiple firewall security devices for multiple companies. we frequently have problems when setting up firewalls so that Apple devices are able to interact properly with Apple's Internet services.

I have finally got round to spending some time, working this out and have discovered that Apple's KB articles, that address ports and protocols, are almost all missing fundamental information IT professionals need to set up adequately secure firewall policies. The KB articles I have used, in my research, are as follows:

TCP and UDP ports used by Apple software products - Apple Support

If you use FaceTime and iMessage behind a firewall - Apple Support

If you aren't getting Apple push notifications - Apple Support

The basic information that is missing, from all but one of these articles (the last one is the only one that intimates the correct information) is the destination. i.e. Apple's hosts on the Internet. When setting up firewall policies or rules there are several fundamental pieces of information you need, to build the policies. These are:

1. Port (can be individual or multiple port numbers, including ranges of port numbers)

2. Protocol (e.g. TCP or UDP, etc...)

3. Source (Where the traffic will be allowed from. e.g. A specific host, group of hosts, IP ranges or subnets)

4. Destination (Where the traffic will be allowed to. e.g. A specific host, group of hosts, IP ranges or subnets)

5. Direction (which direction connections can be established in. i.e. Inbound, outbound or both)

What Apple is missing, from the first article, above, that would assist a whole world of IT professionals is the last two items from the above list, namely destination and direction.

I have contacted Apple support today and eventually got through to tone of their product specialists, who, after consulting with their enterprise support team suggested I contact an authorised Apple consultant, to find this information.

This is a wholly unacceptable outcome for this issue. Apple have to provide adequate information in their KB article HT202944, that will allow IT professionals to see the necessary information to set up firewall policies. For Apple to simply not engage in the provision of this fundamental information is a really poor effort and highly unprofessional.

I would like to now open this up for debate, to the community...

Mac OS X Server-OTHER, macOS Sierra (10.12.6)

Posted on Oct 31, 2017 11:07 PM

Reply

Answer 1

LACAllen

Level 8

43,506 points

Nov 10, 2017 3:56 AM in response to deejerydoo

Gladly.

Apple Support Communities Use Agreement

Apple Support gave you the consideration your inquiry needs.

My point that their KB article is missing basic firewall configuration information still stands.

What you consider basic is not what Apple considers basic. You can get a higher level of detail through their consultant network, which is why it exists.

I am not arguing anything here. Feel free to ignore me. Many do.

Reply

Answer 2

LACAllen

Level 8

43,506 points

Dec 11, 2017 4:18 PM in response to deejerydoo

The lack of any sensible response

... speaks more about you and your expectations then it does about the quality of this community.

For Apple to simply not engage in the provision of this fundamental information is a really poor effort and highly unprofessional.

That you wish to lecture anyone about professionalism is remarkable.

Have you considered this?

https://developer.apple.com/support/compare-memberships/

Reply

Answer 3

LACAllen

Level 8

43,506 points

Nov 10, 2017 3:13 AM in response to deejerydoo

I would like to now open this up for debate, to the community...

This is against the terms and conditions of this community.

Debating Apple policies and decisions is expressly forbidden.

As an IT professional you should be able to appreciate that you agreed to this when you joined here. Your response to Zinacef hints that you don't.

You have been offered a solution by Apple you don't like. I find it highly ironic that you, an IT professional, want detailed configuration data for a project (presumably) but don't see the value in engaging another IT professional to get it.

Reply

Answer 4

deejerydoo Author

Level 1

24 points

Nov 10, 2017 3:51 AM in response to LACAllen

"This is against the terms and conditions of this community."

Care to share which part of the Ts&Cs I am contravening? If you are going to reference the riot act be prepared to identify the parts to which you refer.

"As an IT professional you should be able to appreciate that you agreed to this when you joined here. Your response to Zinacef hints that you don't."

See my above request for clarification/confirmation.

"You have been offered a solution by Apple you don't like. I find it highly ironic that you, an IT professional, want detailed configuration data for a project (presumably) but don't see the value in engaging another IT professional to get it."

Whether I like their response or not is irrelevant. My point that their KB article is missing basic firewall configuration information still stands. Now, if you would like to argue this point feel free. Otherwise, please don't come here to tell me off like a school child and offer nothing else to the tread than a telling off.

Reply

Answer 5

deejerydoo Author

Level 1

24 points

Nov 10, 2017 4:05 AM in response to LACAllen

OK. I'll change the post to meet the requirements.

Please disregard the last sentence "I would like to now open this up for debate, to the community..." and substuitute this question, instead...

Is there anybody in the community who is prepared to provide any information regarding what it is I have claimed is missing from the Apple KB article.

There, it is now a request for help/advice. Assuming asking for help doesn't contravene any other ts&cs.

Reply

Answer 6

deejerydoo Author

Level 1

24 points

Nov 10, 2017 6:46 PM in response to deejerydoo

Three further points:

1. Communities like this exist for people who don't know the answer to a problem, (regardless of whether they are professional or hobbyist) to open up said problem to other community members to provide help or ignore.

2. Over 30 odd years in IT, I have dealt with tens if not hundreds of vendors who host Internet services. Generally, when approached, and if they haven't already provided the adequate information, they are normally forthcoming with the host information and sometimes even the directional information. Apple, whilst not alone in this regard, are not helpful, beyond providing what most Internet security professionals would deem partial (basic - "tomato tomayto") information.

3. I have been working with Apple devices since the early 90s, so I would actually deem myself to be part of the Apple pro community. I don't claim to know everything and this is why I post to community fora, asking for discussion/clarification/help/assistance, just like the majority of IT professionals, across the world.

Reply

Answer 7

LACAllen

Level 8

43,506 points

Nov 10, 2017 7:13 PM in response to deejerydoo

Apple, whilst not alone in this regard, are not helpful, beyond providing what most Internet security professionals would deem partial (basic - "tomato tomayto") information.

Hence the provided feedback link, which you have sniffed at and derided.

If you look around... this is not a pro level community. We are volunteers, who answer answerable questions, based on (usually) published material, primarily provided by Apple.

Once again... Apple Support, and this is not a support channel here, gave you the best possible solution.

You need more than this community is typically able to provide.