Cloudflare for Teams: TLS decryption blocks IOS "FindMy" feature

Hi, I have configured CF teams and enrolled both win & OSX computers.
last up I’ve started to enrol IOS devices. everything works as except the IOS feature “Find my” iphone/ipad/iwhatever.

As soon as I enable “TLS decryption” the devices stop reporting into the service.
I cannot search for them, I cannot “ping” them or get any info about the device.

I have added the whole Apple address block to the “Split Tunnel” without any success.
(Use Apple products on enterprise networks - Apple Support)

Does anyone have any suggestion on how to fix this?

To disable decryption on known apps that don’t like packet inspection, follow the steps here (WARP blocking Android app access - #3 by neuronbutter)

If you’re interested, TLS Decryption essentially means that Cloudflare will decrypt all the packets that you’re sending, read them according to your policies (set in HTTP policies, virus scanning etc), and then re-encrypt them with Cloudflare’s certificate (hence why you should install the Cloudflare for Teams certificate if you haven’t already).

Some apps force you to disable decryption of these packets (also known as packet inspection), like it mentions below (on the link you provided before):

You can use Apple services through a proxy if you disable packet inspection and authentication for traffic to and from the listed hosts. Exceptions to this are noted above. Attempts to perform content inspection on encrypted communications between Apple devices and services will result in a dropped connection to preserve platform security and user privacy.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.