Making Connections
Making ConnectionsThanks for the reply. I do block QUIC which makes it stop working but doesn't alert the user. In most cases, they need to manually turn it off to work. And our support folks get a call as to why their wifi is not working. My goal is to block it cleanly so that their phone or macbook lets them know what is going on. According to Apple, the proper way is to return NXDOMAIN to the DNS queries. But the DNS queries are not blocked, only their access once the device tries to enable the icloud private relay.
I think that if the DNS filtering offered custom rules, I could block the two DNS records they use to enable it and that would trigger the device to gracefully alert the user. Although the DNS query needs a NXDOMAIN reply and the DNS filtering may only offer to drop the request.
Making ConnectionsThat's odd because we block Apple private relay without any complaints. We do this by blocking the Anonymizers category, and we also block QUIC as a service.
Making ConnectionsCato_Fan_2024,
Do you know if your users are being alerted on their Apple devices? We are blocking Apple private relay, but users are confused, and our support desk has to tell them to turn off Apple private relay. Apple's documentation indicates that they should be alerted on their device that they need to disable it.
your network can block access to Private Relay in these cases. The user will be alerted that they need to either disable Private Relay for your network or choose another network.
Making ConnectionsNo one has every complained about that, and my iPhone certainly has not shown me any such prompt.
