Internet Recovery Firewall Rules

Contributor II

Looking at opening up Internet Recovery. According to the Apple article, we need these two rules allowed:

Resolve DNS for host and contact it on port 80 (HTTP) and port 443 (HTTPS)
Resolve DNS for host and contact it on port 80 (HTTP) and port 443 (HTTPS) ends up resolving to a address, so we're good there. seems to resolve to a address (Akamai)

we don't do DNS resolution on our FW, so we can't just allow out, we'd have to do an IP or range. Is anyone else aware of a way to handle this (besides the obvious)?



Contributor II

@jason - I’m working on the same exact issue at my company. If we come up with a solution I’ll ask to share it.

Contributor III

Did you ever get this figured out? I have been trying to get this open, but keep getting a 2105 error when starting Internet Recovery using Commad-Option-R. The MacBook is connected to the network using a Thunderbolt-Ethernet dongle. I even tried adding the range, just to see if it would work, but still get the error.
Thanks for any insight that can be shared,

Release Candidate Programs Tester

For us we had to open up the firewalls and disable any SSL inspections, packet inspection or anything that could break TLS