Solved

Firewall issue with iPad restore though iTunes

Posted on 2015-02-06
8
103 Views
Last Modified: 2015-02-17
I just installed a Fortigate 80D at a client site.  Installed fine but now client is saying that they cannot do a restore of their iPads and are getting a error when it tries to verify software?  Nothing is blocked going out of the firewall.  There is a content filter on Fortigate.  I have opened *.apple.com and *.verisign.com through the filter.  Any ideas what I might be missing?
0
Comment
Question by:DaveKall42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 7

Accepted Solution

by:
Peter Loobuyck earned 500 total points
ID: 40595642
My best guess is that you scanning ssl traffic. I suggest you turn off all ssl filtering on the 17.0.0.0/8 subnet (it's all Apple).

The ipads will get through now..
0
 

Author Comment

by:DaveKall42
ID: 40595705
Ok, let me try that.
0
 

Author Comment

by:DaveKall42
ID: 40595709
I just created a new policy for lan to wan any to 17.0.0.0/8  for any ports with no services enabled on the policy.  That should work?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:Peter Loobuyck
ID: 40595754
Yes, lan to wan to 17.0.0.0/8, without any um profile, just nat.
It's probably the deep ssl inspection. That replaces the ssl certificate to inspect it. Apple won't allow that I bet!
That should work.

Can you test it?
0
 

Author Comment

by:DaveKall42
ID: 40595755
I cannot today as I am not onsite.  Its a school so will be only able to test on Monday.
0
 
LVL 7

Expert Comment

by:Peter Loobuyck
ID: 40595768
Allright, let me know on Monday if it's working or not..
0
 

Author Comment

by:DaveKall42
ID: 40595770
Will do, thanks so much for your help!
0
 

Author Closing Comment

by:DaveKall42
ID: 40615518
Worked!!
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
A professional opinion on which Apple product to buy, and a tidbit about the WWDC.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question