MDM/Apple whitelisting on firewall/filtering

AftabAhmad
Here to help

MDM/Apple whitelisting on firewall/filtering

Hi all

 

I am at a school where I do no support their network, instead I will be setting up the MDM for their iPads.

 

Dashboard is all set up, iPads are in DEP and I am able to wipe and install profiles on to the iPads.

 

However apps are not installing on the wifi, it seems Apple ID/AppStore seems to be blocked. When trying to log in to the AppStore using my personal AppleID, it fails without an error, just returns back to the login page. 

Apps deployed via Meraki (VPP) also do not download.

 

As soon as I connect the iPad to my 4G hotspot, everything kicks in and starts working, apps install and I am able to log in to the AppStore.

 

Are there any URLs, ports etc that need to be whitelisted or unblocked for smooth working of the iPads?

 

The school is on a BT Fibre network with Smoothwall running their firewall/URL Filtering.

 

I have commissioned iPads at other schools where they are on a LGFL network and everything works without intervention.

 

I want to be able to pass information on to their network support so I can make sure that when I come to set up all of the iPads that nothing will go wrong.

 

You help will be greatly appreciated.

 

thank you.

5 REPLIES 5
Noah_Salzman
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Could be certain domains being blocked:

https://support.apple.com/en-us/HT201999

 

Could be ports being blocked, but this is probably less likely:

https://support.apple.com/en-us/HT203609

 

PhilipDAth
Kind of a big deal
Kind of a big deal

To make Apple devices work reliably you need to allow access to Apple's whole IP address space - 17.0.0.0/8 - yep, a /8.  Allow all ports if you want your life to be simple.

@AftabAhmad You mentioned you don't support the network, in that case have you spoken to the network engineers to see if they have blocked app store traffic on purpose?

 

I get some organisations block app store traffic in an effort to reduce bandwidth especially around the time of large OS releases, the way around this for Apple is to setup a content caching server which means the files only has to be downloaded by a single client before its hosted for everyone on that subnet.

Weird thing is that they were using DataJar MDM before with apps being deployed, I'll have to investigate further as the iPads still have the profile on them, I'll be able to see which SSID they were connected to. It may be that the one I was connecting to after a wipe wasn't the correct one and could be filtering the AppStore/AppleID.

AftabAhmad
Here to help

Thanks for the replies, I will ask them to take a look asap before my next visit. Hopefully it all works out and goes smoothly.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels