Discussion:
Can't get to Apple.com while in Quarantine
John Kaftan
2013-08-24 10:02:35 UTC
Permalink
Ran into an issue today with a Macintosh 10.8.3 Laptop. When it went to
install the persistent agent, it prompted to install Java 6 from the Apple
Website. However, it is not allowing access to the Apple Website while in
quarantine. I looked at the the configuration on the NAC, and see that it
apple.com is an allowed domain.

Not sure if this is happening both and wired and wireless. For wireless we
are doing the TOS redirect in the Quarantine policy.
--
John Kaftan
IT Infrastructure Manager
Utica College

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
Auger, Jay (IS)
2013-08-24 10:44:45 UTC
Permalink
Does the OS truly use apple.com<http://apple.com> to download or is it possible Apple may use a download/streaming service like Akamai? Firewall logs should be able to tell you.

Jay


On Aug 24, 2013, at 6:02 AM, "John Kaftan" <***@utica.edu<mailto:***@utica.edu>> wrote:

Ran into an issue today with a Macintosh 10.8.3 Laptop. When it went to install the persistent agent, it prompted to install Java 6 from the Apple Website. However, it is not allowing access to the Apple Website while in quarantine. I looked at the the configuration on the NAC, and see that it apple.com<http://apple.com/> is an allowed domain.

Not sure if this is happening both and wired and wireless. For wireless we are doing the TOS redirect in the Quarantine policy.

--
John Kaftan
IT Infrastructure Manager
Utica College


* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@umassmed.edu<mailto:***@umassmed.edu>

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
John Kaftan
2013-08-24 11:56:39 UTC
Permalink
Not sure. However, if we just try to go to apple.com directly that fails
so we know the exception is not working. Did some research and found the
Apple has the class A 17.0.0.0 so opened that up on port 80. That should
be a work around for now.
Does the OS truly use apple.com to download or is it possible Apple may
use a download/streaming service like Akamai? Firewall logs should be able
to tell you.
Jay
Ran into an issue today with a Macintosh 10.8.3 Laptop. When it went to
install the persistent agent, it prompted to install Java 6 from the Apple
Website. However, it is not allowing access to the Apple Website while in
quarantine. I looked at the the configuration on the NAC, and see that it
apple.com is an allowed domain.
Not sure if this is happening both and wired and wireless. For wireless
we are doing the TOS redirect in the Quarantine policy.
--
John Kaftan
IT Infrastructure Manager
Utica College
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
Matt Eggert
2013-08-24 12:45:33 UTC
Permalink
I'm sure you may know this, but you can buy a Mac Mini server for about $1000 and let it do all your SUS updates locally...not to mention in 10.8 it is now a caching server so you can save a ton of ISP bandwidth on your campus if you deploy this.
It will also cache ios apps and updates as well if you download the apps from the App Store in iTunes on to the server....for a school that is 1 to 1 ios it's has saved us big time! Supposedly in Mavericks it will do this without having to download the apps to the server.
Just my two cents,
Matt
Sent from my iPhone
Matt Eggert
Director of Technology
On Aug 24, 2013, at 7:57 AM, John Kaftan <<***@utica.edu>***@utica.edu> wrote:
Not sure. However, if we just try to go to<http://apple.com> apple.com directly that fails so we know the exception is not working. Did some research and found the Apple has the class A 17.0.0.0 so opened that up on port 80. That should be a work around for now.
On Aug 24, 2013 6:44 AM, "Auger, Jay (IS)" <<***@umassmed.edu>***@umassmed.edu> wrote:
Does the OS truly use<http://apple.com> apple.com to download or is it possible Apple may use a download/streaming service like Akamai? Firewall logs should be able to tell you.
Jay
On Aug 24, 2013, at 6:02 AM, "John Kaftan" <<***@utica.edu>***@utica.edu> wrote:
Ran into an issue today with a Macintosh 10.8.3 Laptop. When it went to install the persistent agent, it prompted to install Java 6 from the Apple Website. However, it is not allowing access to the Apple Website while in quarantine. I looked at the the configuration on the NAC, and see that it<http://apple.com/> apple.com is an allowed domain.
Not sure if this is happening both and wired and wireless. For wireless we are doing the TOS redirect in the Quarantine policy.
--
John Kaftan
IT Infrastructure Manager
Utica College
* --To unsubscribe from enterasys, send email to<***@unc.edu> ***@unc.edu with the body: unsubscribe enterasys<***@umassmed.edu> ***@umassmed.edu
* --To unsubscribe from enterasys, send email to<***@unc.edu> ***@unc.edu with the body: unsubscribe enterasys<***@utica.edu> ***@utica.edu
* --To unsubscribe from enterasys, send email to<***@unc.edu> ***@unc.edu with the body: unsubscribe enterasys<***@thefirstacademy.org> ***@thefirstacademy.org


---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
Scott Getz
2013-08-24 12:59:39 UTC
Permalink
We are working with Enterasys here at Utica College now as we think this
issue may be bigger than the Apple.com redirect, we are now noticing all of
our Quarantine allowed web sites are not working for wireless, so we are
looking at this with the Enterasys team to see what might be up. The
biggest thing for us here at Utica College is that we just updated to
5.0.0.232 from our old 4.4.0.106, so we are unsure if something got mixed
up in the update.

Scott Getz
Systems Administrator
Utica College
Post by Matt Eggert
I'm sure you may know this, but you can buy a Mac Mini server for about
$1000 and let it do all your SUS updates locally...not to mention in 10.8
it is now a caching server so you can save a ton of ISP bandwidth on your
campus if you deploy this.
It will also cache ios apps and updates as well if you download the apps
from the App Store in iTunes on to the server....for a school that is 1 to
1 ios it's has saved us big time! Supposedly in Mavericks it will do this
without having to download the apps to the server.
Just my two cents,
Matt
Sent from my iPhone
Matt Eggert
Director of Technology
Not sure. However, if we just try to go to apple.com directly that fails
so we know the exception is not working. Did some research and found the
Apple has the class A 17.0.0.0 so opened that up on port 80. That should
be a work around for now.
Does the OS truly use apple.com to download or is it possible Apple may
use a download/streaming service like Akamai? Firewall logs should be able
to tell you.
Jay
Ran into an issue today with a Macintosh 10.8.3 Laptop. When it went
to install the persistent agent, it prompted to install Java 6 from the
Apple Website. However, it is not allowing access to the Apple Website
while in quarantine. I looked at the the configuration on the NAC, and see
that it apple.com is an allowed domain.
Not sure if this is happening both and wired and wireless. For
wireless we are doing the TOS redirect in the Quarantine policy.
--
John Kaftan
IT Infrastructure Manager
Utica College
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
John Kaftan
2013-08-25 15:31:15 UTC
Permalink
We had multiple engineers GTAC working on this with us on this yesterday
for multiple hours. GTAC is amazing.
Post by Scott Getz
We are working with Enterasys here at Utica College now as we think this
issue may be bigger than the Apple.com redirect, we are now noticing all of
our Quarantine allowed web sites are not working for wireless, so we are
looking at this with the Enterasys team to see what might be up. The
biggest thing for us here at Utica College is that we just updated to
5.0.0.232 from our old 4.4.0.106, so we are unsure if something got mixed
up in the update.
Scott Getz
Systems Administrator
Utica College
On Sat, Aug 24, 2013 at 8:45 AM, Matt Eggert <
Post by Matt Eggert
I'm sure you may know this, but you can buy a Mac Mini server for about
$1000 and let it do all your SUS updates locally...not to mention in 10.8
it is now a caching server so you can save a ton of ISP bandwidth on your
campus if you deploy this.
It will also cache ios apps and updates as well if you download the apps
from the App Store in iTunes on to the server....for a school that is 1 to
1 ios it's has saved us big time! Supposedly in Mavericks it will do this
without having to download the apps to the server.
Just my two cents,
Matt
Sent from my iPhone
Matt Eggert
Director of Technology
Not sure. However, if we just try to go to apple.com directly that
fails so we know the exception is not working. Did some research and found
the Apple has the class A 17.0.0.0 so opened that up on port 80. That
should be a work around for now.
Does the OS truly use apple.com to download or is it possible Apple
may use a download/streaming service like Akamai? Firewall logs should be
able to tell you.
Jay
Ran into an issue today with a Macintosh 10.8.3 Laptop. When it went
to install the persistent agent, it prompted to install Java 6 from the
Apple Website. However, it is not allowing access to the Apple Website
while in quarantine. I looked at the the configuration on the NAC, and see
that it apple.com is an allowed domain.
Not sure if this is happening both and wired and wireless. For
wireless we are doing the TOS redirect in the Quarantine policy.
--
John Kaftan
IT Infrastructure Manager
Utica College
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
Loading...