Disable Facetime for Guest Network

SOLVED
kYutobi
Kind of a big deal

Disable Facetime for Guest Network

Is there a way to disable Facetime in Firewall & Traffic Shaping? Any help would be great.

Enthusiast
1 ACCEPTED SOLUTION
kYutobi
Kind of a big deal

Thank you guys. I will continue to experiment and give it a try.

Enthusiast

View solution in original post

6 REPLIES 6
NolanHerring
Kind of a big deal

Pretty sure you won't be able to do that via L3/L7 firewall rules. I think you can only do that via control over the device restriction settings via SM for example.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

@NolanHerring I don't mean supervised or managed iPads through SM but just any guest that tries to make a factime call on wifi. I wasn't too sure if it could be done with L3-L7 rules.
Enthusiast

The only thing I know of is if you were to block the actual public IP addresses that APPLE uses, but doing so I'm pretty sure you would also block everything else like App Store and what not.
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Found some info here:

https://discussions.apple.com/thread/3963202

 

Blocking TCP 5223 and the following IP ranges:

17.173.0.0/16

17.178.0.0/16

17.133.0.0/16

 

Again with the caveat that this will likely take down multiple Apple services as the port is used for the Apple Push Notification Service and the ranges are big.

 

Also found a blog of someone who studied the Facetime protocol in detail in 2010:

http://www.packetstan.com/search?q=facetime

 

Might have changed since then...

 

I also found some info on the Aruba website that they at least can identify the conversations to optimise QoS (not with the intention to block anything).

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

What you might be able to do is a packet capture of DNS queries, and then see if any of them mention FaceTime, and then try blocking those.

kYutobi
Kind of a big deal

Thank you guys. I will continue to experiment and give it a try.

Enthusiast
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels