IBM MaaS360

IBM MaaS360

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Firewall Blocking Some MaaS360 Features

    Posted Wed June 26, 2019 08:44 AM
    Hi All

    I've recently deployed MaaS360 to around 40 Apple devices.

    We are using a Sophos UTM which I believe is blocking some, but not all MDM features. Restrictions and policies work fine but when I distribute apps (purchased via VPP and distributed via MaaS360) the devices don't download until we connect to cellular network rather than wifi. Some of the actions don't work either (i.e. set device name and buzz, there may be more).

    Unfortunately the logging on the UTM is terrible (thanks Sophos) so I'm struggling to identify the URL's we're having trouble with.

    Can someone provide an exhaustive list of URL's that need to be allowed in order for MaaS360 to work correctly?

    ------------------------------
    Adam Williams
    ------------------------------


  • 2.  RE: Firewall Blocking Some MaaS360 Features

    Posted Tue July 09, 2019 02:40 PM

    Hi Adam,

    In addition to the common MaaS360 URLs (found HERE) you also need to open up Apple MDM port - 5223 (this is the most common reason for MDM actions not going through) and certain Apple URLs are needed (especially for iTunes App Store app distributions).  The list I generally stick with is:

    *.phobos.itunes-apple.com.akadns.net
    *.gateway.push-apple.com.akadns.net
    *.ax.itunes.apple.com
    *.mesu.apple.com
    *.phobos.apple.com
    *.albert.gcsis-apple.com.akadns.net
    *.ax.init.itunes.apple.com
    *.init.itunes.apple.com
    *.oscp.apple.com
    *.deploy.static.akamaitechnologies.com
    *.itunes.apple.com.edgekey.net
    *.swcdn.apple.com
    *.swdownload.apple.com
    *.swquery.apple.com
    *.swscan.apple.com

    Hope this solves the issue.  Let me know if more info is needed



    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------

    Original Message