Apple iTunes and App Store does not load when Client DPI-SSL is enabled
Description
After enabling Client DPI-SSL, Apple iTune and Apple App Store does not load. The SonicWall Client DPI-SSL CA certificate has been imported into the iOS device.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
iTunes and App Store, like many other such applications, use certificate pinning and due to this when SonicWall Client DPI-SSL is enabled, they will fail to connect.
The solution is to exclude it from DPI-SSL Client Inspection.
To do so, follow these steps:
1. Navigate to Manage | Deep Packet Inspection | SSL Client deplyment | Common Name.
On the Client DPI-SSL page, add the certificate Common Name (CN) itunes.apple.com under Common Name Exclusions.
2. Click on Accept at the bottom to save the changes.
NOTE: After excluding iTunes and App Store from DPI-SSL Client Inspection, SonicWall will not be able inspect the contents of the traffic between the client and the server.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
iTunes and App Store, like many other such applications, use certificate pinning and due to this when SonicWall Client DPI-SSL is enabled, they will fail to connect.
The solution is to exclude it from DPI-SSL Client Inspection.
To do so, follow these steps:
1. On the Client DPI-SSL page, add the certificate Common Name (CN) itunes.apple.com under Common Name Exclusions.
2. Click on Accept at the top to save the changes.
NOTE: After excluding iTunes and App Store from DPI-SSL Client Inspection, SonicWall will not be able inspect the contents of the traffic between the client and the server.