Blocking iOS Software Updates
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2017 05:27 AM
Hello,
I m looking for a way to block software updates for all iOS devices connected through the Wi-Fi network..
Can this be done using application denial policy?
I m looking for a way to block software updates for all iOS devices connected through the Wi-Fi network..
Can this be done using application denial policy?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2017 08:37 AM
Not in a simple tickbox way.
The iOS update packages must come from a range of webservers and if you could find those specific addresses and mask them into a deny policy and test...it might just work.
But almost certainly going to be unexpected gotchas such as other app updates being blocked.
Haven't tried it so cannot give definitive.
Ruckus will give you basic traffic throttling but not much more unless you can find some really creative way to achieve what you are asking.That's filter/firewall/traffic management stuff.
=============
Just googled ios update servers...
Hmm?
Maybe blocking swscan.apple.com might be enough.
Test, test and test, then expect the unexpected!
The iOS update packages must come from a range of webservers and if you could find those specific addresses and mask them into a deny policy and test...it might just work.
But almost certainly going to be unexpected gotchas such as other app updates being blocked.
Haven't tried it so cannot give definitive.
Ruckus will give you basic traffic throttling but not much more unless you can find some really creative way to achieve what you are asking.That's filter/firewall/traffic management stuff.
=============
Just googled ios update servers...
Software Update must communicate with Apple's update servers in order to download and install updates. Ask your network administrator to allow the following server addresses on your DNS and proxy servers.
- swcdn.apple.com
- swdownload.apple.com
- swquery.apple.com
- swscan.apple.com
Hmm?
Maybe blocking swscan.apple.com might be enough.
Test, test and test, then expect the unexpected!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2017 01:24 AM
Thanks for the reply.
i tried adding those servers into an ACL and applied it on the WLAN.. but still iOS devices were able to check the update server.
i tried
- mesu.apple.com
- appldnld.apple.com
Also didnt work..
i tried adding those servers into an ACL and applied it on the WLAN.. but still iOS devices were able to check the update server.
i tried
- mesu.apple.com
- appldnld.apple.com
Also didnt work..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2017 05:26 AM
might be worth blocking something specific first to check the denial rules gets applied
www.bmw.com
then see if you can access that site from an ipad.
Sometimes things don't always do what you expect.
www.bmw.com
then see if you can access that site from an ipad.
Sometimes things don't always do what you expect.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2017 05:13 AM
It is worth noting that some rules require sometime to be applied.. my access list looks like this and iOS devices are not able to communicate with update server
mesu.apple.com
appldnld.apple.com
swscan.apple.com
swquery.apple.com
swdownload.apple.com
swcdn.apple.com
