Search

K12USA Support Knowledge Base

Apple FaceTime & iMessage

Specific Site Issues

Summary

Apple FaceTime and iMessage on IOS devices require several changes to the Firewall and Port Access rules.  This article outlines the changes needed.

WARNING: These changes can open your network up for users using some outside proxies like Ultrasurf and P2P file sharing software like BitTorrent.  This is because the firewall rules must allow traffic to ANY IP address since the IOS devices connect directly to each other.  If you need it to work on any machine, using the source address of "0.0.0.0/0" will open your entire network up for software that can use any port (like the ones mentioned).  If you can restrict it to a particular IP address or subnet, that is better since it limits the hole to only those IP addresses or subnets.

Applies To

SecureSchool

More Information

Here are the steps needed to make FaceTime and iMessage work:

  1. Go to "Firewall" -> "Protocol Rules" and make the following rule:
    • Name: "Facetime 1"
    • Type: "Allow"
    • Protocol: "UDP"
    • Source Address: "Any" (or if you can, specify a specific subnet or IP address.  See the warning above.)
    • Destination Address: "Any"
    • Destination Port: "16384-16387"
  2. Go to "Firewall" -> "Protocol Rules" and make the following rule:
    • Name: "Facetime 2"
    • Type: "Allow"
    • Protocol: "UDP"
    • Source Address: "Any" (or if you can, specify a specific subnet or IP address.  See the warning above.)
    • Destination Address: "Any"
    • Destination Port: "3478-3497"
  3. Go to "Firewall" -> "Protocol Rules" and make the following rule:
    • Name: "Facetime 3"
    • Type: "Allow"
    • Protocol: "UDP"
    • Source Address: "Any"  (or if you can, specify a specific subnet or IP address.  See the warning above.)
    • Destination Address: "Any"
    • Destination Port: "16393-16402"
  4. Go to "Website Filtering" -> "Port Access" and add the following rule:
    • Site: "apple.com"
    • Type: "SSL/HTTPS"
    • Port: "443"
  5. Go to "Website Filtering" -> "Port Access" and add the following rule:
    • Site: "apple.com"
    • Type: "SSL/HTTPS"
    • Port: "5223"
  6. Go to "Commit Changes" and click on Restart.  FaceTime and iMessage will work now.
These instructions assume the address of the IOS device using FaceTime and iMessage is an an IP Group that is using the Advanced iPad, iPod & Android support.  If it is not, you need to also add another firewall rule (Firewall -> Protocol Rules) allowing all traffic on port 80,443, and 5223 to Apple's subnet.  Warning: This will allow ALL Apple products to work, including iTunes, iCloud, and the Mac App Store...not just FaceTime and iMessage.
  • Name: "Apple"
  • Type: "Allow"
  • Protocol: "TCP"
  • Source Address: "Any"
  • Destination Address: "17.0.0.0/8"
  • Destination Port: "80,443,5223"

References

Details
Last Modified: 10 Years Ago
Last Modified By: bmccann
Type: FAQ
Rated 3 stars based on 2 votes.
Article has been viewed 18K times.
Review Date: -
Options
Also In This Category