Posted on 01-24-2018 08:37 AM
Looking at opening up Internet Recovery. According to the Apple article https://support.apple.com/en-us/HT202481, we need these two rules allowed:
Resolve DNS for host osrecovery.apple.com and contact it on port 80 (HTTP) and port 443 (HTTPS)
Resolve DNS for host oscdn.apple.com and contact it on port 80 (HTTP) and port 443 (HTTPS)
osrecovery.apple.com ends up resolving to a 17.0.0.0/8 address, so we're good there.
oscdn.apple.com seems to resolve to a 23.0.0.0/8 address (Akamai)
we don't do DNS resolution on our FW, so we can't just allow oscdn.apple.com out, we'd have to do an IP or range. Is anyone else aware of a way to handle this (besides the obvious)?
Thanks
Posted on 01-24-2018 09:36 PM
@jason - I’m working on the same exact issue at my company. If we come up with a solution I’ll ask to share it.
Posted on 10-28-2019 07:23 AM
Did you ever get this figured out? I have been trying to get this open, but keep getting a 2105 error when starting Internet Recovery using Commad-Option-R. The MacBook is connected to the network using a Thunderbolt-Ethernet dongle. I even tried adding the 23.0.0.0/8 range, just to see if it would work, but still get the error.
Thanks for any insight that can be shared,
Tim
Posted on 10-28-2019 07:26 AM
For us we had to open up the firewalls and disable any SSL inspections, packet inspection or anything that could break TLS