Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

iPhone Wifi Sync Blocked by SEP Firewall

Created: 07 Oct 2012 | 30 comments

When I fully disable my SEP firewall, wifi sync works normally (iTunes automatically recognizes the phone on the network).  When the firewall is re-enabled, the sync fails and cannot be restarted.  How can I configure the firewall to allow this communication?

Discussion Filed Under:

Comments 30 CommentsJump to latest comment

Ashish-Sharma's picture

Configure Symantec Endpoint Protection for iTunes Home Sharing

http://www.symantec.com/business/support/index?page=content&id=TECH155340

Thanks In Advance

Ashish Sharma

 

 

krista's picture

Sharing actually works, it's the wifi sync that's causing issues.  Thanks for your help!

Ashish-Sharma's picture

What components do you have installed?

System Wifi are working or not ?

Thanks In Advance

Ashish Sharma

 

 

Chetan Savade's picture

Hi,

Could you please check NTP traffic & Packet logs. Which rule is blocking connection?

If possible create a firwall rule to allow the communication.

Adding a new firewall rule

http://www.symantec.com/docs/HOWTO55404

About firewall rules

http://www.symantec.com/docs/HOWTO55261

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

alex.milford's picture

I have this exact same problem. If i disable SEP it works fine. Nothing in the packet or traffic logs showing anything blocked and if i disable the FW it allows me to initiate a sync but it fails to complete

.Brian's picture

Create a DENY_ALL rule and move it to the bottom. Than try the sync again. Something should show in the traffic log and post it here.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

Greetings,

I need more detailed advise than what is listed above. Like the other posters, I am using iTunes on my computer, and Symantec is preventing my computer from wifi syncing with my iPad.

I uses iTunes 11, SEP 12.1, Windows 7 (64-bit) on my computer. When SEP is disabled, iTunes will see my iPad through wifi and sync through wifi. With SEP enabled, iTunes will not see my iPad through wifi or wifi sync.

Kindly give step-by-step instruction on how to identify the blockage and eliminate it.

Thank you.

.Brian's picture

You need to open the SEP client and open the Traffic log under Network Threat Protection. This will show what is being blocked. You can post here as well for review.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

Thank you. I opened the SEP client, opened iTunes, turned on my iPad, and looked at the resulting traffic report. I've attached it here. I do not know how to decipher it, but I welcome your help.

Thank you.

AttachmentSize
iTunes.xlsx 153 KB
.Brian's picture

Did you try to sync right before posting the log? If not, can you try to sync, note the time than post?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

I can't sync because iTunes doesn't detect the iPad. The only way to sync would be to use the cord to connect the iPad to the computer physically. Is that what you want me to do?

By the way, is there any danger to posting my log results? Hacking, etc?

.Brian's picture

Yes but even an attempted sync should show up as a block in the traffic log. Than we can see exactly what is being blocked and create a rule to allow it.

Since your IP is 192.168.x.x you should be fine. That is a NAT'd address which is standard on home routers.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

At 20:06 p.m. on 3/13/2013 I tried to wifi sync by touching the greyed out "Sync Now" button on the iPad. But recall that iTunes doesn't even see the iPad with SEP enabled, so touching the greyed out button did nothing. I saw nothing that suggested that even an attempt at a sync occurred.

At 20:08 p.m. I connected the iPad cord to the computer.

At 20:09 p.m,I touched the now-blackened "Sync Now" button on the iPad, and the sync process lasted less than a minute.

I'm attaching the traffic log.  Does this help you?

AttachmentSize
iTunes2.xlsx 152.36 KB
imfritzy's picture

I tried something else that may help you diagnose. I disabled SEP, which allowed iTunes to detect my iPad, so that I can perform a wifi sync. Then I reenabled SEP, and since iTunes still said that it could see my iPad, I attempted a sync.

As soon as I hit sync (3/13/2013 at  20:25), iTunes looked in vain for the iPad, and then the sync failed. And then the iPad disappeared from iTunes's sidebar.

I'm am attaching the traffic log that might reflect this activity, but it just shows two activities that were "allowed"; nothing was blocked, so I'm not sure this helps.

 

 

AttachmentSize
iTunes3.xlsx 151.17 KB
.Brian's picture

Create a fw rule to allow port 5355. See if this fixes it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

Thank you. I will reveal my ignorance here. How do I create a firewall rule like that? If you don't mind giving me a step-by-step explanation, I would be grateful.

 

imfritzy's picture

Just to follow-up:  I think I see how to get started:

Status->Network Threat Protection->Options->Configure Firewall Ruels->Add

Then I get stuck. I assume I should click "Allow" traffic in the General tab, but I don't know what to do under the other tabs, particular the Ports tab (which protocol, remote port, local port, traffic direction etc.)

Chetan Savade's picture

Hi,

Check this thread: https://www-secure.symantec.com/connect/forums/sep...

Specially Solved comment " I had created an "allow all" rule for iTunes.exe prior to starting this post. It did not suffice. After our chatter exchange, I created 2 rules for ports UDP 5353 and TCP 3689 and disabled the previously created iTunes rule. All seems to be well now."

Check this article as well:

http://support.apple.com/kb/TS1629

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

imfritzy's picture

Thank you. I've read the threads and would like to try create "2 rules for ports UDP 5353 and TCP 3689" but I do not know the steps to take. I've tried to navigate around the settings but I am still perplexed. Can you assist me?

Thank you again.

.Brian's picture

Open the SEP and under NTP options select configure firewall rules

Click Add, give the rule a name and set the Action to Allow this traffic

On the Hosts tab either add the IP of your ipad or your internal subnet

On the Ports and Protocols tab select the UDP protocol and set the remote port to 5353

You can leave Applications and Scheduling tab alone if you wish

Click OK and move rule to the top

Repeat for same steps for second rule

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

Thank you for the detail. I will try this.

However, after reading the article you posted, http://support.apple.com/kb/TS1629, I noticed that the two ports you mention, UDP 5353 and TCP 3689, do not correspond to iTunes "wifi sync" or something like that. They correspond to iTunes Music Sharing, Airplay, Bonjour, and related iTunes programs. In the thread that you directed me to, https://www-secure.symantec.com/connect/forums/sep..., the problem was using Airplay. I don't know if that matters, but my problem is that SEP is blocking wifi sync with iTunes.

Anyway, I will try this and report back.

imfritzy's picture

Unfortunately, aftter creating FW rules to allow UDP 5353, TCP 3689, and even TCP 3004, iTunes still does not "see" my iPad and will not sync with it over wifi. I'd be grateful if you had any other ideas.

imfritzy's picture

I double-checked the FW settings, and they are as you told me to set them. I left blank the option for "local port"--hope that was correct.

.Brian's picture

Than something is still being missed especially if you disable the firewall and it works.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

Well, oddly enough, after I rebooted and opened and closed iTunes a few times, it's now working! According to the Apple Support Forums, many people have problems with wifi sync, and many of the fixes work for onloy a brief period, so I may encounter problems again. Many people think that the problem is inherent in iOs6 and iTunes 11. But at least for now it is working for me.

Thank you again for your patient help!

.Brian's picture

Glad it is working.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

One last (I hope) question, though: With those ports now open in the firewall, what risks to I create for my computer?

.Brian's picture

If you get infected and malware uses those ports for communication, it would be allowed out.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

imfritzy's picture

Just a quick update. Five days later, and I have found that most of the time iTunes will recognize the iPad through wifi and sync through wifi.

Here is what I've done that seems to enable wifi detection and syncing on my computer (note that I use Windows 7, iTunes 11, Symantec Endpoint Protection 12.1; iPad II iOS 6):

For the iPad, I created an "allow" firewall rule on Symantec. On the Host tab I used the IP address of my iPad. For the port, I set both local and remote ports to keep open UDP port 5353.

To enable iTunes on my computer see another, shared library residing on another computer on my home network, I created another "allow" firewall rule. On the Host tab I used the IP address of the other computer (On the other computer, go to Start, enter "cmd", then enter "ipconfig", then look for IPv4). For the port, I set local and remote to UDP port 5353. This works great.

iTunes doesn't always see the iPad, even with Symanteic End Protection entirely disabled, so part of the problem is Apple's, not SEP. But "most of the time" is a lot better than "never." And sometimes to get iTunes to see my iPad, I have to restart the service "Apple Mobile Device."