Chris Millard
asked on
Cannot connect to iTunes store through Firebox
I have a customer with a Watchguard Firebox x550e. One user goes through an HTTP-Proxy policy. However, he cannot get access to the iTunes store when using iTunes. If I add his IP to the HTTP Policy, then he can get access - but obviously, I don't want him going out thruogh the HTTP Policy.
In the WebBlocker configuration, I have added an "Allow" exception of *.apple.com/* but still iTunes will not connect to the store.
What else do I need to configure in the Firebox policy?
In the WebBlocker configuration, I have added an "Allow" exception of *.apple.com/* but still iTunes will not connect to the store.
What else do I need to configure in the Firebox policy?
This might help:
The following iTunes Store Internet addresses should be added as trusted domains to any filtering software that may be running:
itunes.apple.com
ax.itunes.apple.com
albert.apple.com
gs.apple.com
http://support.apple.com/kb/ts1379
Does your wildcard rule work with other domains/subdomains? Try entering those 4 addresses and see what happens - if it works and he can connect to iTunes then your wildacrd rule might not work properly.
Hope that helps
The following iTunes Store Internet addresses should be added as trusted domains to any filtering software that may be running:
itunes.apple.com
ax.itunes.apple.com
albert.apple.com
gs.apple.com
http://support.apple.com/kb/ts1379
Does your wildcard rule work with other domains/subdomains? Try entering those 4 addresses and see what happens - if it works and he can connect to iTunes then your wildacrd rule might not work properly.
Hope that helps
ASKER
@vukovarcan - I have a wildcard rule in place for *.apple.com/* but that has not worked.
@JRoyse - I'll add this domain tomorrow when I'm back at work...
@JRoyse - I'll add this domain tomorrow when I'm back at work...
@roybridge try deleting that rule and add those 4 domains instead just to test it.
ASKER
OK - I'm at a loss. I've tried the suggestions above, but to no avail.
Looking at the Firebox logs, it appears in this instance that the PC trying to access iTunes is being blocked because iTunes falls into the Download category. Also, however, the IP address that the PC is trying to connect to is 213.120.161.169 which appears to be a BT Internet IP - not Apple.
If I go into the WebBlocker configuration and allow Downloads, then the computer can connect to the iTunes store OK - but of course, I don't want to allow all downloads.
Looking at the Firebox logs, it appears in this instance that the PC trying to access iTunes is being blocked because iTunes falls into the Download category. Also, however, the IP address that the PC is trying to connect to is 213.120.161.169 which appears to be a BT Internet IP - not Apple.
If I go into the WebBlocker configuration and allow Downloads, then the computer can connect to the iTunes store OK - but of course, I don't want to allow all downloads.
You are going to have a tough time providing/blocking access to the small things with the URL filter. I would recommend a time-allowance for goof-off site like itunes/facebook/etc. Limit it to 30 minutes or something, or during lunch, break, etc.
I did this once with a barracuda webfilter. It was awesome for catching trojans/viruses which may be partially why you want to block "downloads" in general?
I did this once with a barracuda webfilter. It was awesome for catching trojans/viruses which may be partially why you want to block "downloads" in general?
ASKER
iTunes isn't necessarily what I would call a goof-off site - our client is in the process of buying iPads for student use, and they need to use iTunes for podcasts, apps etc...
I've logged the call with Watchguard.
I've logged the call with Watchguard.
lots of companies use iPads now a days.
This might answer your question: http://www.google.com/search?q=site%3Awww.experts-exchange.com+watchgurad+%2B+itunes
This might answer your question: http://www.google.com/search?q=site%3Awww.experts-exchange.com+watchgurad+%2B+itunes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was unable to resolve the issue myself, so I contact Watchguard support. They remotely accessed the Firebox and since doing so, my iTunes issue is resolved.
http://r.mzstatic.com/htmlResources/D572/images/callout_screenshot.
png
if you go to http://mzstatic.com it redirects to apple so it is a safe bet to whitelist.