If your users access Apple's various services, they may report connection failures or other issues when SSL interception is enabled in your WSS portal policy configuration. This article details the hostnames to bypass from SSL interception to prevent issues with these services.

Your users' traffic traverses the Symantec Web Security Service (WSS), and you use SSL interception policy to that traffic.

Follow these steps to bypass Apple hosts from SSL interception:

1. Log in to the WSS portal at https://portal.threatpulse.net.
2. Select Bypassed Domains and click + Add Bypass Domain(s).
3. Add each of the following, one at a time, to the list of domains to be bypassed. Click Add Bypass Domain after you add a domain entry. Alternatively, you may use the attached text file and the import from file option int he Add Bypass Domain dialog: 
   apple.com
   bag.itunes.apple.com
   gsa.apple.com
   icloud.com
   keyvalueservice.icloud.com
   mzstatic.com
   setup.icloud.com
   swscan.apple.com
   swdist.apple.com
   swcdn.apple.com
   swquery.apple.com
   swdownload.apple.com
4. Test accessing Apple services through WSS. Any connections that failed previously should now work as expected. 

Note: This action negates SSL interception, AV scanning, and many other policy functions from affecting traffic to these domains.