Using iMessage through Web Security Service

book

Article ID: 169160

calendar_today

Updated On:

Products

Web Security Service - WSS CDP Integration Server

Issue/Introduction

Apple's iMessage product uses an additional port aside from 80 and 443, so iMessage traffic sent through the Web Security Service cannot properly deliver.

Cause

Port 5223 is used by iMessage to deliver push messages. Because this port is not included in the cloud service routing, iMessage traffic is dropped.

Resolution

To allow iMessage to function, the entire subnet used by Apple for its various products must be bypassed. 

NOTE: This also allows access to FaceTime, iCloud, iTunes, and all other Apple products, as they share the subnet and interchange IP addresses regularly. 

Workaround

Add the subnet 17.0.0.0/8 to the bypass list either in the ThreatPulse portal or on your Firewall device depending on the Access Method you are using.