Posted on 03-13-2019 10:28 AM
Under all previous OSes, I've been able to access the Mac App Store when on our corporate network. I've upgraded a couple Macs to Mojave and I discovered that the Mac App Store is unreachable to them when on the corporate network. If I take a Mac home and get on my home network, I can connect to the Mac App Store just fine. Obviously there are new servers that we need to whitelist in our Firewall/proxy that are specific to Mojave. Does anyone have any idea what these new servers may be?
Posted on 03-13-2019 12:00 PM
This might be a little far fetched, but Apple is using both the 17.0.0.8/8 AND Akamai's 22.X/23.X. networks for things like Push notifications. Since is a load-balancing system i wonder if you've got the 17 network opened but maybe not the others. Check out a discussion about push issues here [https://www.jamf.com/jamf-nation/discussions/29121/dep-and-apple-redirects](link URL)
It might be worth doing a packet capture to see where your outbound traffic is headed.
Posted on 03-13-2019 12:22 PM
@AVmcclint We ran into the same issue. It turns out the Mojave App Store requires un-molested SSL traffic to *.mzstatic.com as they appear to be using certificate pinning. If you're doing SSL inspection on your network you'll need to whitelist those. If you need documentation for your network security team refer them to Apple's About macOS, iOS, and iTunes server host connections and iTunes background processes document.
Posted on 03-14-2019 04:48 PM
Just confirming that whitelisting *.mzstatic.com did the trick for us with Fortigate SSL inspection, and that nettop showed Akamai-bound 23.x.x.x traffic when hitting the retry button.