iMessage is blocked when ever i am using Zero Trust with Team Logged in.

I setup on some mac's and noticed that all iMessages are failing, when i disconnect the all pop in. i have local IP and domains but did not realize apple traffic would be blocked how can I setup exclusion?
47 Replies
MDev
MDev3mo ago
How do your zero trust Gateway > Firewall HTTP and/or Network and/or DNS policies look? All i could think off straight away is to add the apple traffic exclusions somewhere there or everywhere on tight restricted setups.
Dudleydogg
DudleydoggOP3mo ago
yep and i looked up the IP range for imessage and tried that but Ill try again, everything was working so well i did not even realizse imessage was failing
MDev
MDev3mo ago
Make sure apple domains and or IP's are not present in any block/deny lists/categories too 😮
Dudleydogg
DudleydoggOP3mo ago
i only have the default blockmalware rule i believe
MDev
MDev3mo ago
idemditto ^^
Dudleydogg
DudleydoggOP3mo ago
so i would need to go settings warp client and add those imesssage ips to bypass
MDev
MDev3mo ago
oooh right! i thought u wanted to relay those through cloudflare aswell
Dudleydogg
DudleydoggOP3mo ago
its just odd that by default all the default settings appear to block imessages i would prefer all dns and everything go through don't want to bypass perfer to relay yes
MDev
MDev3mo ago
Little to no experience with warp client unfortunately 😮
Dudleydogg
DudleydoggOP3mo ago
i am new also deploying for a non profit in testing mode
MDev
MDev3mo ago
I mean shouldn't all traffic from and to your machine start to route through cloudflare once activated?
Dudleydogg
DudleydoggOP3mo ago
that is what i expected and all the 1.1.1.1/help shows all good then i was getting messages on my phone and realizse my mac book was not receiving so tested sending imessages fail if warp is activated was bit surprised i have 2 tunnels setup tested both and got same behavior i turn off the Firewall policies and same same
MDev
MDev3mo ago
Weird right O.o it's not like you got any access restrictions set from within imessages?
Dudleydogg
DudleydoggOP3mo ago
i think im more surprised that nothing in support docs mention imessage like im the first guy to figure this out LOL i have a few host names and apps all working great via the tunnel my network is in routes but non of that has anything to do with imessage so it kinda got me confused which brought me here.
MDev
MDev3mo ago
i'd suggest you re-activate warp client, logout of imessage log back in and try to see if it works to receive new messages maybe some security on apple's end (like suden change of IP) is blocking it login out and back in makes sure you're attempting a fresh connection from cloudflare's edge
Dudleydogg
DudleydoggOP3mo ago
i actually even switched teams to try another one and found it did on both, and they are 2 completly different teams with different configurations, i can see the dns logs where its reaching out to apple
MDev
MDev3mo ago
oooh! at least that's a good sign yes
Dudleydogg
DudleydoggOP3mo ago
granted its is probably some apple process that having a conflict but "Private Relay" does disable when you activate the warp client
MDev
MDev3mo ago
and that is? ☺️
Dudleydogg
DudleydoggOP3mo ago
private relay is apples free built in vpn
MDev
MDev3mo ago
ooh but warp is actually also kind-off like a vpn, doesn't that conflict indeed when both turned on?
Dudleydogg
DudleydoggOP3mo ago
push.apple.com.akadns.net thats why it disables it self when you turn on warp its knows your on private vpn
MDev
MDev3mo ago
oh i see, misread there
Dudleydogg
DudleydoggOP3mo ago
yea i been using this for some time now and just didn't notice that imessage was failing i would think cloudflare has to know about this some where but could not find any documenation
MDev
MDev3mo ago
yea a quick google search didn't yield much for me either besides some other unrelated issues 😮
Dudleydogg
DudleydoggOP3mo ago
if it change to gateway with DOH it works but Gateway with WARP fails
MDev
MDev3mo ago
have you tried with the firewall of your macbook turned off as well? you did try the logout imessage and back in after connecting to warp right?
Dudleydogg
DudleydoggOP3mo ago
firewall is inactive
MDev
MDev3mo ago
awh turn it back on :p
Dudleydogg
DudleydoggOP3mo ago
i did not because logging out of imessage is a long drawn out rabbit hole of despair
MDev
MDev3mo ago
srsly? hah
Dudleydogg
DudleydoggOP3mo ago
you have to login again and re sync 10 years of data LOL
MDev
MDev3mo ago
Damn O.o
Dudleydogg
DudleydoggOP3mo ago
yea when you log out of something on th e mac it like de syncs all your devices so for example
MDev
MDev3mo ago
nvm that hha 😮
Dudleydogg
DudleydoggOP3mo ago
i have 43 users with mac's if i deploy this and tell them they all have to log out of imessage to make it work that would be a deal breaker
MDev
MDev3mo ago
yea i understand!
Dudleydogg
DudleydoggOP3mo ago
i deployed with mosyle MDM and put on my mac prety easy can't auto configure the "Team" but thats easy nuff to input using Azzure AD to authenticate
MDev
MDev3mo ago
nicee
Dudleydogg
DudleydoggOP3mo ago
on PC's its really neat I pushed out via Intune MDM the app deploys, installs and prompts them to Login to their Team" so it just magically appears in their task bar so all my PC users are all set they don't have imessage LOL
Dudleydogg
DudleydoggOP3mo ago
No description
Dudleydogg
DudleydoggOP3mo ago
i configured the site to only use cloudflare dns very neat but when users leave the site i push the warp client on them very impressed with all this proxy stuff when i check logging nothing appears to be in the blocked logs so i got to the point where i need some other opinions here
MDev
MDev3mo ago
Good luck with further toubleshooting though 😮
Dudleydogg
DudleydoggOP3mo ago
ya ya this is my last hurdle before I deploy and its probaby something stupid simple i been on cloud flare for years but never leveraged this Zero trust but now i getting deeper in to it, I actually moved all my domains from namecheap to cloudflare. i have another account with 81 domains i am proposing to the manaagement team to move them all here namecheap is just blah LOL i think i figured something out
MDev
MDev3mo ago
I'm curious ^^
Dudleydogg
DudleydoggOP3mo ago
i am protecting my home network already, i am the origin of the tunnel, so when on my home wifi then connecting also to the warp client seems to be a problem i went to cellular and it works just fine
MDev
MDev3mo ago
cellular + warp = fine, Home wifi = tunnel + warp = No apple traffic? Interesting finding, have you double checked your wifi / router configuration(s)?
Want results from more Discord servers?
Add your server