"Facetime unavailable" message appears trying to make call via WSS
search cancel

"Facetime unavailable" message appears trying to make call via WSS


Article ID: 207182


Updated On:


Cloud Secure Web Gateway - Cloud SWG


*This document should be used for UPE/Management Center policy source.*

IPSEC tunnel into WSS

Guest users in environment connect to a WiFI access point, and traffic is then tunneled into WSS via IPSEC tunnels

All Web traffic works fine but Facetime and iMessage appears to fail

iMessages are never delivered to the recipient

Facetime calls start but receiver never sees call

"Facetime unavailable" message eventually appears on transmitter side


Apple uses both TCP 443 (control path) and TCP 5223 (data path) when using either of these two applications

TCP 5223 expects a successful mutual x509 authentication by both parties

When going through WSS, this x509 authentication does not complete successfully


1. Need to make sure the following CPL is applied for the tenant

condition=Non_standard_ports detect_protocol(none)

define condition Non_standard_ports

2. Need to make sure that the HTTP Port and protocol restrictions do not only apply to Web protocols.

Additional Information

PCAPs on the requests will show that the server cert returned to the IOS device is the WSS certificate and not Apples

PCAPs will also show that the SSL mutual x509 handshake failed to complete successfully