iMessage is blocked when ever i am using Zero Trust with Team Logged in.
I setup on some mac's and noticed that all iMessages are failing, when i disconnect the all pop in. i have local IP and domains but did not realize apple traffic would be blocked how can I setup exclusion?
47 Replies
How do your zero trust Gateway > Firewall HTTP and/or Network and/or DNS policies look? All i could think off straight away is to add the apple traffic exclusions somewhere there or everywhere on tight restricted setups.
yep and i looked up the IP range for imessage and tried that but Ill try again, everything was working so well i did not even realizse imessage was failing
Make sure apple domains and or IP's are not present in any block/deny lists/categories too 😮
i only have the default blockmalware rule i believe
idemditto ^^
so i would need to go settings warp client and add those imesssage ips to bypass
oooh right!
i thought u wanted to relay those through cloudflare aswell
its just odd that by default all the default settings appear to block imessages
i would prefer all dns and everything go through don't want to bypass
perfer to relay yes
Little to no experience with warp client unfortunately 😮
i am new also deploying for a non profit in testing mode
I mean shouldn't all traffic from and to your machine start to route through cloudflare once activated?
that is what i expected and all the 1.1.1.1/help shows all good
then i was getting messages on my phone and realizse my mac book was not receiving so tested
sending imessages fail if warp is activated
was bit surprised i have 2 tunnels setup tested both and got same behavior
i turn off the Firewall policies and same same
Weird right O.o
it's not like you got any access restrictions set from within imessages?
i think im more surprised that nothing in support docs mention imessage
like im the first guy to figure this out LOL
i have a few host names and apps all working great via the tunnel
my network is in routes but non of that has anything to do with imessage so it kinda got me confused which brought me here.
i'd suggest you re-activate warp client, logout of imessage log back in and try to see if it works to receive new messages
maybe some security on apple's end (like suden change of IP) is blocking it
login out and back in makes sure you're attempting a fresh connection from cloudflare's edge
i actually even switched teams to try another one and found it did on both, and they are 2 completly different teams with different configurations, i can see the dns logs where its reaching out to apple
oooh! at least that's a good sign yes
granted its is probably some apple process that having a conflict but "Private Relay" does disable when you activate the warp client
and that is? ☺️
private relay is apples free built in vpn
ooh but warp is actually also kind-off like a vpn, doesn't that conflict indeed when both turned on?
push.apple.com.akadns.net
thats why it disables it self when you turn on warp
its knows your on private vpn
oh i see, misread there
yea i been using this for some time now and just didn't notice that imessage was failing
i would think cloudflare has to know about this some where but could not find any documenation
yea a quick google search didn't yield much for me either besides some other unrelated issues 😮
if it change to gateway with DOH it works but Gateway with WARP fails
have you tried with the firewall of your macbook turned off as well?
you did try the logout imessage and back in after connecting to warp right?
firewall is inactive
awh turn it back on :p
i did not because logging out of imessage is a long drawn out rabbit hole of despair
srsly? hah
you have to login again and re sync 10 years of data LOL
Damn O.o
yea when you log out of something on th e mac it like de syncs all your devices
so for example
nvm that hha 😮
i have 43 users with mac's if i deploy this and tell them they all have to log out of imessage to make it work
that would be a deal breaker
yea i understand!
i deployed with mosyle MDM and put on my mac prety easy
can't auto configure the "Team" but thats easy nuff to input
using Azzure AD to authenticate
nicee
on PC's its really neat I pushed out via Intune MDM the app deploys, installs and prompts them to Login to their Team"
so it just magically appears in their task bar
so all my PC users are all set
they don't have imessage LOL
i configured the site to only use cloudflare dns
very neat but when users leave the site i push the warp client on them
very impressed with all this proxy stuff
when i check logging nothing appears to be in the blocked logs
so i got to the point where i need some other opinions here
Good luck with further toubleshooting though 😮
ya ya this is my last hurdle before I deploy and its probaby something stupid simple
i been on cloud flare for years but never leveraged this Zero trust but now i getting deeper in to it, I actually moved all my domains from namecheap to cloudflare.
i have another account with 81 domains i am proposing to the manaagement team to move them all here
namecheap is just blah LOL
i think i figured something out
I'm curious ^^
i am protecting my home network already, i am the origin of the tunnel, so when on my home wifi then connecting also to the warp client seems to be a problem i went to cellular and it works just fine
cellular + warp = fine, Home wifi = tunnel + warp = No apple traffic? Interesting finding, have you double checked your wifi / router configuration(s)?