Block ALL does NOT block iMessage and FaceTime

Started by NW4FUN, December 07, 2022, 04:12:30 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
December 07, 2022, 04:12:30 PM
Hello,

I've implemented a timed scheduled BLOCK ALL policy running on my kids VLAN from 10pm to 6am every day. Needless to say, it is so straight forward that it is working as expected until I realised my daughter was able to send/receive iMessages on her iPhone to which point I tried to give her a FaceTime call and to my surprise this was going through no problems at all!!

I'm puzzled on what/why this is happening as to my understanding the BLOCK ALL TRAFFIC policy should do what it says on the tin, period.

What am I missing??

Cheers,

NW4FUN
December 07, 2022, 04:22:33 PM #1
Could the phone be off the LAN/VLAN and using mobile network?
December 07, 2022, 04:24:34 PM #2
That's not the case as testing was made while on Wi-Fi...however, even when off WLAN, it automatically initiates a VPN tunnel into the FW routing all traffic through it.
December 07, 2022, 04:25:32 PM #3
Quote from: cookiemonster on December 07, 2022, 04:22:33 PM
Could the phone be off the LAN/VLAN and using mobile network?
I had instances where WiFi Assist on the iPad thought that Zenarmor's adblocker was actually a network problem and started to load ads via mobile, so this could well be a cause.
Also iCloud relay should be kept off.
December 07, 2022, 04:35:54 PM #4
That's not the case as testing was made while on Wi-Fi...however, even when off WLAN, it automatically initiates a VPN tunnel into the FW routing all traffic through it.

All traffic is being backhauled through the FW regardless the utilized link available at the time (5G, home Wi-Fi, 3rd party Wi-Fi, HotSpot, etc..)

Also, all other traffic is being blocked as expected, it is just iCloud services going through.
December 07, 2022, 11:30:16 PM #5
Hi,

Do you see this non-blocked traffic in the live session explorer?
December 08, 2022, 10:36:16 PM #6
Yes I do
December 09, 2022, 01:56:31 PM #7
Hi,

Please share a bug report from the upper right corner of Zenarmor GUI.
December 09, 2022, 02:08:37 PM #8
Done.
December 09, 2022, 04:06:02 PM #9
Turn off the mobile data on the phone just to be sure.
December 09, 2022, 04:59:52 PM #10
Quote from: Demusman on December 09, 2022, 04:06:02 PM
Turn off the mobile data on the phone just to be sure.

Again, traffic is routed through the firewall then out to the internet. As a matter of facts, everything else is blocked but iCloud services
December 09, 2022, 09:06:22 PM #11
Quote from: NW4FUN on December 09, 2022, 04:59:52 PM
Quote from: Demusman on December 09, 2022, 04:06:02 PM
Turn off the mobile data on the phone just to be sure.

Again, traffic is routed through the firewall then out to the internet. As a matter of facts, everything else is blocked but iCloud services

Right, but if it's blocked by the firewall and cell data is on it will use cell data.
December 09, 2022, 09:15:02 PM #12
Quote from: Demusman on December 09, 2022, 09:06:22 PM
Quote from: NW4FUN on December 09, 2022, 04:59:52 PM
Quote from: Demusman on December 09, 2022, 04:06:02 PM
Turn off the mobile data on the phone just to be sure.

Again, traffic is routed through the firewall then out to the internet. As a matter of facts, everything else is blocked but iCloud services

Right, but if it's blocked by the firewall and cell data
is on it will use cell data.

In what Network design scenario that would be true??
ALL traffic is routed through the FW then out into the wild.

Cell data is just a link (which goes into the FW then out to the wild)

December 09, 2022, 09:32:44 PM #13
I for one am wondering what you mean when saying that when the mobiles are connected to the cell goes thorough your firewall.
Unless the mobiles have a permanent VPN to OPN that keeps on when in the house in range of your wifi, and then out of the building; or even if the user switches off wifi, then the normal behaviour is to only use the cellular network bypassing your FW.
If you have something like that or something else that ensures the mobile phone data is always going via OPN even when the wifi is switched off, then you're good.
You haven't stated this so it's fair imo to wonder it.
So for the purpose of the question, is the mobile phone still going through OPN when the wifi is off, and if yes, would you care to say how?
December 09, 2022, 10:49:13 PM #14
Quote from: NW4FUN on December 09, 2022, 09:15:02 PM
Quote from: Demusman on December 09, 2022, 09:06:22 PM
Quote from: NW4FUN on December 09, 2022, 04:59:52 PM
Quote from: Demusman on December 09, 2022, 04:06:02 PM
Turn off the mobile data on the phone just to be sure.

Again, traffic is routed through the firewall then out to the internet. As a matter of facts, everything else is blocked but iCloud services

Right, but if it's blocked by the firewall and cell data
is on it will use cell data.

In what Network design scenario that would be true??
ALL traffic is routed through the FW then out into the wild.

Cell data is just a link (which goes into the FW then out to the wild)

In every scenario.
Cell data goes to the towers outside, not your firewall.
Print
Go Up Pages1 2
User actions