Posted on 08-24-2020 09:44 AM
So, I am tracing a bug in the iOS involving the "Allow direct connection if PAC is unreachable" checkbox.
When using it, you would assume that the iPad should check the PAC file and if the PAC is reachable, it should use it. We have the box unchecked which should essentially prevent Internet connections if the PAC is unreachable.
Taking that fact, I have confirmed the setting works as advertised in iOS versions 13.4.1 and below. It does not work as advertised in iOS versions 13.5 and above.
Before I went charging to Apple, I needed to rule out a JSS problem, so I tried a simple test. I took an iPad with iOS 13.4.1, supervised it with Apple Configurator 2 (without enrolling it in Jamf) and applied the Global HTTP Proxy payload through Configurator. Everything worked as advertised. When I take a iOS 13.5 (or above) iPad, supervise it, apply the same profile, it does not worked as advertised. Essentially I want the iPads to fail closed if they cannot resolve the PAC file. That worked in iOS 13.4.1 and below and not in iOS 13.5 or higher.
Has anyone else encountered this behavior?
Posted on 08-24-2020 06:35 PM
For all that are interested, this was escalated to Apple Engineering and bug behavior was confirmed to be present, even in iOS 14 builds.
Posted on 08-25-2020 08:53 AM
Did Apple give any idea on a timeline for a fix for this bug? This could be a big problem for us in our deployment.
Posted on 08-25-2020 11:45 AM
Probably not in iOS 13.x.x I was told. As part of my case, the engineer verified it was also present in iOS 14. beyond that I've heard nothing. I've found a workaround to our unique web filter issue that precipitated finding this bug, BUT, said workaround doesn't fix the bug really...it just tweaks our environment ever so slightly.
If you have an open AppleCare Enterprise case on this issue, tie ours to it: 101165769907
Posted on 11-11-2020 09:39 AM
Just a quick update on this issue, from our testing 14.2 seems to have fixed this. I would be interested in hearing what others are finding.