Apple Private Relay being blocked

jgrant999
Comes here often

Apple Private Relay being blocked

We have a few Mac OS users and they were able to use Apple's Private Relay without issues until last week.  I'm not sure what changed other than a MX upgrade to MX 18.211.2.  Does anyone have any experience with allowing or blocking Apple Private Relay?  I haven't been able to find much of anything on line.  For referernce, when a user now tried to access our network via eithernet or wifi they get an error that says "WiFi Name or Ethernet isn't compatible with iCloud Private Relay"  The user is now forced to turn off private relay before connecting.  Before anyone says that we shouldn't allow private relay, I fully understand that and prefer to leave it blocked however our CEO is the primary MAC user and he wants to use it.  At this point I am just trying to understand what is blocking it then I will make my arguement to him that our network shouldn't allow it anyway but until then I need ammunition and to know why all of a sudden it is not working. 

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

Maybe it will help you.

 

https://support.apple.com/en-us/102022

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ConnorL
Meraki Employee
Meraki Employee

The first thing to check is If you are using content filtering, make sure you're not blocking "Online Storage" as it'll block icloud.com, which Private Relay uses.

 

Specifically, it uses:

 

mask.icloud.com
mask-h2.icloud.com

 

Building on the KB @alemabrahao shared, here's the network administrator version of it: https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay

PhilipDAth
Kind of a big deal
Kind of a big deal

Are you sure you want to allow this?  It will cause them to bypass many of the security capabilities offered by the MX.  They gain more privacy but at an increased cyber risk to the company.

 

I would be blocking it if it was me ...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.