Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sysneeb
New Contributor

cant access website with safari from iOS15.5

we have been experiencing a case where users cant access websites after upgrading their iOS to 15.5

 

users using 15.4 and lower have no problem accessing websites via firewall. upon searching, seems like that the new feature from iOS 15 called "hide my ip" seems to be the culprit. From the log, seems the apple domains are being blocked with UTM which is causing our users no access to website.

 

by the way, when doing the exact same operation from outside corporate network (no forti) they can access the website without a problem

 

we have submite a webfiltering permit case to forti but i was wondering if anyone else was experiecing this?

1 REPLY 1
Anonymous
Not applicable

Hello @sysneeb ,

 

Thank you for posting on Fortinet Forum. As per the research on your query, it seems like iOS while using "Hide my IP" feature is sending these via the QUIC protocol to mask.icloud.com and mask.apple-dns.net.
Please check your application control profile and see if you are blocking QUIC. You can create a test policy and a test application profile and disable QUIC and confirm if that fixes this issue.

 

Let me know if this works.

Thanks

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors