Apple services domains that need to be whitelisted

[#Michael]

I have a very weird question and not sure if anyone here knows it. I am trying to gather the complete list of Apple services domains so they can be whitelisted on our firewall and proxy. So far I have:

*.phobos.itunes-apple.com.akadns.net
*.gateway.push-apple.com.akadns.net
*.ax.itunes.apple.com
*.mesu.apple.com
*.phobos.apple.com
*.albert.gcsis-apple.com.akadns.net
*.ax.init.itunes.apple.com
*.init.itunes.apple.com
*.oscp.apple.com
*.deploy.static.akamaitechnologies.com
*.itunes.apple.com.edgekey.net
*.swcdn.apple.com
*.swdownload.apple.com
*.swquery.apple.com
*.swscan.apple.com

The reason for the wildcard is because they all go through akamai before they get routed over to Apple's IP.

Is there any other domains I am missing?

[neufuse Veteran]

I know there are a few for Apple OS restore... because our Barracuda web filter stops us from doing any restores... it always comes back with a contact apple error if you don't white list the IP of the device... yet it logs nothing as blocked if you look in the logs...

 

if anyone knows what it's blocking there add that to the list too, because I've never figured it out by looking at the logs, only fixed it by IP white list at the Baracudda level during the OS restore...

[#Michael]

I know that blocking mesu.apple.com will prevent iOS devices from checking for any updates.  And blocking albert.apple.com prevents iOS restores from re-activating (??).

[#Michael]

In case anyone else is interested, after spending some additional time with wireshark, here are a few additional domains I found:

 

*.appldnld.apple.com

*.suconfig.apple.com

*.serverstatus.apple.com