Bypassing DPI for Apple Traffic in MDM Communication

What

This article explains the importance of bypassing Deep Packet Inspection (DPI) on network traffic directed to Apple's IP range (17.0.0.0/8) to ensure seamless communication between Apple devices and the FileWave Mobile Device Management (MDM) solution.

When/Why

Deep Packet Inspection is a network packet filtering technique that examines the data part (and possibly also the header) of a packet as it passes an inspection point, to determine what to do with the packet based on its content. This is often employed in firewalls, intrusion prevention systems, and content filters to scrutinize traffic for security and compliance purposes.

However, when managing Apple devices via an MDM solution like FileWave, it's crucial to ensure uninterrupted communication with Apple's network. The DPI can interfere with the SSL traffic to and from Apple's servers, thus hindering the communication between your managed devices and the MDM server. This is particularly vital for the initial device setup, software updates, and continuous management operations.

How

To prevent any interference with the communication between Apple devices and FileWave MDM, it's advised to configure your network's firewall and content filters to bypass or disable Deep Packet Inspection for traffic destined to or originating from the IP range 17.0.0.0/8. Here are general steps:

  1. Access Firewall/Content Filter Settings:

    • Log in to your firewall or content filter management interface.
  2. Create a Bypass Rule:

    • Navigate to the section where you can create rules or policies.
    • Create a new rule to bypass DPI for the IP range 17.0.0.0/8.
  3. Verify Configuration:

    • After setting the rule, verify the configuration by testing the communication between your MDM and an Apple device.
    • You can also check the logs to ensure traffic is flowing correctly without any SSL manipulation.

Digging Deeper

Understanding the technical intricacies of network traffic inspection and its implications on MDM communication is crucial for ensuring a seamless operation of managed Apple devices. Disabling DPI for specified traffic ensures that the necessary communication between your FileWave MDM server and managed Apple devices remains uninterrupted, providing a stable and reliable management infrastructure.


Revision #3
Created 31 October 2023 17:55:28 by Josh Levitsky
Updated 13 December 2023 17:50:15 by Josh Levitsky