Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cannot connect to iTunes store through Firebox

Posted on 2011-09-06
10
Medium Priority
?
1,886 Views
Last Modified: 2012-06-27
I have a customer with a Watchguard Firebox x550e. One user goes through an HTTP-Proxy policy. However, he cannot get access to the iTunes store when using iTunes. If I add his IP to the HTTP Policy, then he can get access - but obviously, I don't want him going out thruogh the HTTP Policy.

In the WebBlocker configuration, I have added an "Allow" exception of *.apple.com/* but still iTunes will not connect to the store.

What else do I need to configure in the Firebox policy?
0
Comment
Question by:Chris Millard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 6

Expert Comment

by:JRoyse
ID: 36490258
You'll probably need to log the html traffic from the host to identify 100% of the content.  For example I found this URL in logs associated to opening the itunes store recently:

http://r.mzstatic.com/htmlResources/D572/images/callout_screenshot.
png

if you go to http://mzstatic.com it redirects to apple so it is a safe bet to whitelist.
0
 
LVL 16

Expert Comment

by:Nenad Rajsic
ID: 36490814
This might help:
The following iTunes Store Internet addresses should be added as trusted domains to any filtering software that may be running:

    itunes.apple.com
    ax.itunes.apple.com
    albert.apple.com
    gs.apple.com
http://support.apple.com/kb/ts1379

Does your wildcard rule work with other domains/subdomains? Try entering those 4 addresses and see what happens - if it works and he can connect to iTunes then your wildacrd rule might not work properly.

Hope that helps
0
 
LVL 17

Author Comment

by:Chris Millard
ID: 36491178
@vukovarcan - I have a wildcard rule in place for *.apple.com/* but that has not worked.

@JRoyse - I'll add this domain tomorrow when I'm back at work...
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 16

Expert Comment

by:Nenad Rajsic
ID: 36491335
@roybridge try deleting that rule and add those 4 domains instead just to test it.
0
 
LVL 17

Author Comment

by:Chris Millard
ID: 36494659
OK - I'm at a loss. I've tried the suggestions above, but to no avail.

Looking at the Firebox logs, it appears in this instance that the PC trying to access iTunes is being blocked because iTunes falls into the Download category. Also, however, the IP address that the PC is trying to connect to is 213.120.161.169 which appears to be a BT Internet IP - not Apple.

If I go into the WebBlocker configuration and allow Downloads, then the computer can connect to the iTunes store OK - but of course, I don't want to allow all downloads.
0
 
LVL 6

Expert Comment

by:JRoyse
ID: 36496583
You are going to have a tough time providing/blocking access to the small things with the URL filter.  I would recommend a time-allowance for goof-off site like itunes/facebook/etc.  Limit it to 30 minutes or something, or during lunch, break, etc.

I did this once with a barracuda webfilter. It was awesome for catching trojans/viruses which may be partially why you want to block "downloads" in general?
0
 
LVL 17

Author Comment

by:Chris Millard
ID: 36496812
iTunes isn't necessarily what I would call a goof-off site - our client is in the process of buying iPads for student use, and they need to use iTunes for podcasts, apps etc...

I've logged the call with Watchguard.
0
 
LVL 16

Expert Comment

by:Nenad Rajsic
ID: 36498522
lots of companies use iPads now a days.

This might answer your question: http://www.google.com/search?q=site%3Awww.experts-exchange.com+watchgurad+%2B+itunes
0
 
LVL 17

Accepted Solution

by:
Chris Millard earned 0 total points
ID: 36553728
Well, I've let Watchguard support onto the Firebox, and although I don't know what exactly they have done, it is at least working now!
0
 
LVL 17

Author Closing Comment

by:Chris Millard
ID: 36578985
I was unable to resolve the issue myself, so I contact Watchguard support. They remotely accessed the Firebox and since doing so, my iTunes issue is resolved.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question