need to bypass the Software Update domains in NETransparentProxy.

Question

Created 6d

Replies 1

Boosts 0

Participants 2

Hi team,

We need to identify the domains used by macOS Software Update so they can be bypassed by our NETransparentProxy. The Apple support article below lists Software Update and several other Apple service domains.

At the moment we’re unsure whether we should only bypass the Software Update and Beta Software domains, or whether we also need to bypass domains used for certificate validation, device management (Apple Business Manager / Apple School Manager / Apple Business Essentials), network provider updates, Apple Diagnostics, etc.

We also need the specific IP ranges used exclusively by Software Update. The document shows Apple’s entire IP range; for IPv4 you can allow outbound connections to 17.0.0.0/8.

https://support.apple.com/en-in/101555

Boost

Answer 1

DTS Engineer OP

Apple

18h

This isn’t something I can help you with. There’s no API that specifically identifies a domain associated with Software Update, so you’re relying on implementation details published by Apple Support. That’s not something I can speak too. Rather, my advice is that you file an enhancement request for a specific API for identifying Software Update flows [1].

Please post your bug number, just for the record.

I’ve updated the subtopic of your thread to see if I can attract other folks to it. If not, you might have better luck asking this question over in the Apple Support Community, run by Apple Support, and specifically in the Business and Education topic area.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] There’s precedent for this, namely the various excludeXYZ properties in NEVPNProtocol.

0