User Profile

While working to use the iOS on an enterprise network, both the App Store and the Music app on iOS 15 do not connect to the Apple backend services if DoH access is unavailable. Restrictions were applied on a lab environment with a set of Cisco NGFW firewalls running FTD 7.0.1 and FTD 7.1. Restrictions on the DNS end, for restricting access to the iCloud Private Relay (as per "Allow for network audits" section) and to the DoH address (using the same methodology as above) were attempted, in a combination with the security appliance, to no avail. Tested on different devices running iOS 15.1, 15.1.1 and 15.2. Traffic inspection was not enabled on this lab. The test account is an active iCloud+ subscription. The security appliances were running with Snort3 IPS, however no IPS policies were present on any of the access control lists, nor configured on the appliances. While the DNS configuration at the iOS device states "DNS requests are being routed by iCloud Private Relay for this Wi-Fi network", ultimately there seems this option is not being respected. Although not thoroughly tested, it appears macOS 12.1 is also affected with at least the Music app, and a HomePod (15.1.1) is also unable to play songs with DoH restricted from the DNS view: Siri answers the request but doesn't play the requested songs.

I'm working with external firewall access control policies restrictions, and I noticed Safari is getting hung after certain firewall rules were hit. After troubleshooting it further, it looks like mojave sends an "ACK" packet after it received the "RST, ACK" packet from the network, but Safari never times out the connection. With a different web browser (Firefox), it does time out the connection after about 120 seconds, and renders the page without the blocked elements, but Safari was still trying to load the page for well over 4 hours and no page was displayed.Any chance this behavior can be reviewed, and possibly fixed? Would hate to recommend a different web browser to my end users because of this.Currently running Mojave 10.14.1 build 19B73a.[Edit] Seems this behavior is across multiple platforms, as it too happens on iOS 12.1 build 16B5089b.[Edit 2] Seems this behavior is not something introduced by the beta, as it too happens on the official Mojave 10.14 release.Thank you.