+ Post New Thread
Results 1 to 12 of 12
Netbooks, PDA and Phones Thread, Help with Meraki anyone :) in Technical; Hey Guys So all my iPads here are supervised now with the latest iOS on them. They are all linked ...
  1. #1

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,968
    Thank Post
    397
    Thanked 397 Times in 277 Posts
    Rep Power
    235

    Help with Meraki anyone :)

    Hey Guys

    So all my iPads here are supervised now with the latest iOS on them. They are all linked to Meraki and since Meraki now claims you can redeem VPP codes and transfer them to different clients depending on the tag they are assigned to I thought I'd give it a shot!

    The issue here is that county no longer will be doing our internet filtering and we control all our filters through Smoothwall, since Apple no longer supports NTLM authentication I have had to create an SSL page where students and staff can log into and out and then time them out after no activity around 15 minutes long. This has worked well although this also means that:

    1. I can't get rid of the SSL page as I have to make damn well sure we are monitoring what 365safe says we should.
    2. If an iPads app is 2GB big it takes longer than 15 minutes to download and stops half way and then just gives up.
    3. If the iPads aren't active (disconnected from the internet due to our SSL page as no one is logged in) how can I tell Meraki to sync next time they are active on the internet so Meraki can constantly update them?

    Cheers guys

  2. #2
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    263
    Thank Post
    43
    Thanked 26 Times in 22 Posts
    Rep Power
    43
    Welcome to the nightmare that is Apple and education. We use Meraki and Smoothwall together and the best way was to setup all the iPads to ident by location rather than get indivduals to logon via SSL or NTLM.

  3. #3

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,968
    Thank Post
    397
    Thanked 397 Times in 277 Posts
    Rep Power
    235
    But then how do you know that little timmy has been looking at naughty images all day and it wasn't jenny who were at the exact same location?! I know Apple is a nightmare check the I hate VPP post on behind the red door I have linked an email from Apple that's quite intresting! So how do you push paid apps out to them if you have an SSL page anyone??
    Quote Originally Posted by lmgtfy View Post
    Welcome to the nightmare that is Apple and education. We use Meraki and Smoothwall together and the best way was to setup all the iPads to ident by location rather than get indivduals to logon via SSL or NTLM.

  4. #4
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    263
    Thank Post
    43
    Thanked 26 Times in 22 Posts
    Rep Power
    43
    The teachers here are required to sign in and out the iPads and write an individuals name to check for any damage etc so it is up to them to put Timmy's name next to which iPad he took and that way we can say well it wasn't Jenny that went on the norty website.

    Not ideal I know but then nor are the iPad's as they are finding out. Question I got yesterday is in Popplet and Pixntell both apps that don't support the Open In button to save to SkyDrive how do we save to Skydrive? I was like I'm sorry but you don't its up to the App to support that button. I agree VPP is a nightmare too but that's a whole other story.

  5. #5
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Location
    Powys, Wales
    Posts
    687
    Thank Post
    76
    Thanked 157 Times in 122 Posts
    Rep Power
    49
    Can you setup a location group in Smoothwall, that is unauthenticated, if something naughty is went on, you can ask the teacher etc who it was - And hopefully, if they tried to go on something naughty, it would be blocked.

  6. #6
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    263
    Thank Post
    43
    Thanked 26 Times in 22 Posts
    Rep Power
    43
    Or another way which would achieve what you want but keep the SSL login is to add all of the Apple URL's and IP's, as well as Meraki's (which I'm sure you can find with a bit of Googling) to the proxy exception list in Smoothwall so that all Apple traffic including updates won't require authentication and should just go through ok.

  7. Thanks to lmgtfy from:

    abillybob (15th January 2014)

  8. #7

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,968
    Thank Post
    397
    Thanked 397 Times in 277 Posts
    Rep Power
    235
    Ah cheers mate! This would be great have you got any idea how to do this or is this contact Smoothwall time ?
    Quote Originally Posted by lmgtfy View Post
    Or another way which would achieve what you want but keep the SSL login is to add all of the Apple URL's and IP's, as well as Meraki's (which I'm sure you can find with a bit of Googling) to the proxy exception list in Smoothwall so that all Apple traffic including updates won't require authentication and should just go through ok.

  9. #8
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    263
    Thank Post
    43
    Thanked 26 Times in 22 Posts
    Rep Power
    43
    Quote Originally Posted by alexbillbridgnorth View Post
    Ah cheers mate! This would be great have you got any idea how to do this or is this contact Smoothwall time ?
    I would do roughly the following. Login to Smoothwall go to Guardian, Policy Objects, User Defined. Go to Manage category content create a new one called Apple Updates. Add the appropriate URLs and IP's of all of the Apple Stuff apple.com, meraki.com, meraki.cisco.com, ios.meraki.com would be a good start but get a new up-to-date list from their websites and then save this list.

    Then go to Web Proxy, Exceptions and then find this list in the category groups and add it to the exceptions. This way anything in that list would bypass the SSL login and go straight through to the internet. If you have any issues you can check the smoothwall logs for any addresses not caught in the list and add them where appropriate.

  10. Thanks to lmgtfy from:

    abillybob (15th January 2014)

  11. #9

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,968
    Thank Post
    397
    Thanked 397 Times in 277 Posts
    Rep Power
    235
    arghhhhhh! Cant find these lists anywhere Any chance you could point me in the right direction?

  12. #10

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,968
    Thank Post
    397
    Thanked 397 Times in 277 Posts
    Rep Power
    235
    BUMP! me so sorry just really struggling to find the list anyone???

  13. #11
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,308
    Thank Post
    53
    Thanked 170 Times in 150 Posts
    Rep Power
    49
    Taken from the user guide. Not sure if this is complete but may help you.

    Systems Manager

    Clients using Meraki Systems Manager initiate outbound management connections to the Meraki cloud using the following addresses and ports:

    Mac/Windows

    46.165.246.229, 74.50.56.176, *.amazon.com - TCP ports 80, 443, 993, 60000-61000

    iOS

    46.165.246.229, 74.50.56.176, 50.18.152.159 - TCP port 443
    * - TCP ports 2195, 2196, 5223

    Android

    46.165.246.229, 74.50.56.176 - TCP port 443
    * - TCP port 5228

  14. #12
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Location
    Powys, Wales
    Posts
    687
    Thank Post
    76
    Thanked 157 Times in 122 Posts
    Rep Power
    49
    Guardian > User defined > Custom allowed content > Add in the above URLs?

    You also require APNS open.

    push.gateway.apple.com and also the entire 17.0.0.0/16 subnet, which is reserved to Apple.

    (Ports 2195, 2196 for Feedback)

SHARE:
+ Post New Thread

Similar Threads

  1. Can anyone help with this?
    By mattmoo in forum Netbooks, PDA and Phones
    Replies: 5
    Last Post: 15th February 2009, 04:21 PM
  2. Replies: 10
    Last Post: 18th February 2006, 08:34 AM
  3. Help with Ranger
    By in forum Windows
    Replies: 13
    Last Post: 14th December 2005, 05:31 PM
  4. *CRYING* Help with a BroadBand Router and our Network
    By ninjabeaver in forum Wireless Networks
    Replies: 25
    Last Post: 2nd December 2005, 10:50 AM
  5. A Few Things I Need Help With
    By Pear in forum Windows
    Replies: 11
    Last Post: 13th October 2005, 07:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •