iOS 15 impact to Symantec products

book

Article ID: 223857

calendar_today

Updated On:

Products

Web Security Service - WSS Endpoint Protection Mobile Web Isolation Web Isolation Cloud

Issue/Introduction

Changes in iOS 15 may impact the effect of Symantec products policy. The following table highlights the known Symantec product issues currently triggered by the iOS 15 upgrade.

Product

Impact

WSS

  • If you are currently using the browser User-Agent string for your WSS policy it will no longer be evaluated in any decision that requires the browser User-Agent string
  • HTTP logs will show up as blank entries for the User-Agent field for any CONNECT requests generated by iOS 15 endpoints

Web Isolation

  • Traffic originating from iOS 15 browsers could not be isolated because it is not identified as ‘Browsers’ traffic.
  • Unless defined otherwise, the default matching rule for ‘Applications’ will be ‘Default Rule for Applications’.
    • The supported verdicts to apply to ‘Applications’ rules are: ‘Pass, ‘Block’, ‘Inspect’.
  • Activity logs will show up blank entries for the User-Agent field for any CONNECT requests generated by iOS 15 endpoints

 

Cause

Starting with the new Apple iOS version 15.x, iOS endpoints will no longer send the User-Agent string on CONNECT HTTP requests.

Given that no User-Agent HTTP header is available, Symantec products will not be able to correctly identify iOS 15 endpoints.

Environment

iOS 15 endpoints connecting to WSS via explicit, trans-proxy, SEP Mobile and SEP WTR Access methods.

iOS 15 endpoints connecting to Web Isolation Cloud.

iOS 15 endpoints connecting to Web Isolation On-prem servers.

Resolution

Customers planning on running iOS version 15.x and later, will need to change their Symantec policies to no longer use the browser User-agent string within your policy.

For Web Isolation customers, no solution currently exists. The product team is evaluating the change and trying to come up with mitigation steps.