Home > General Administration > Other Topics > Whitelisting Apple iCloud services on a restrictive firewall

Whitelisting Apple iCloud services on a restrictive firewall

Table of contents
No headers

When using restrictive Layer 3 Firewall Rules for outbound traffic on the MX Security Appliance, services such as Apple iCloud can sometimes be inadvertently blocked. The purpose of this KB is to discuss the ports Apple iCloud needs access to perform backups and access data stored on iCloud.


Figure 1. Explicit deny rule blocking iCloud traffic. 



The firewall configuration shown in Figure 1 will block all outbound traffic except TCP 80 amd TCP 443 (http and https).  A user trying to use another protocol, like UDP, or another port, like 25, will be blocked by the firewall. With these rules in place many other features will not work.


To allow iCloud to function, Apple has a list of ports which need to be allowed for iCloud to function on your client devices. The ports used by iCloud are:

TCP 25

TCP 80

TCP 443

TCP 587

TCP 993

TCP 5223

To allow the connection on these ports, use the following configuration.

Figure 2. iCloud firewall config.

Once the connections are allowed, iCloud will function and users will be able to back up their devices or pull information they have stored in iCloud.
You must to post a comment.
Last modified
08:16, 3 Feb 2015

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1688

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case