Client Limitations on macOS for Cloud Firewall
Legends Used
|
Supported |
This section details the Client behaviour for the following actions:
- Policy Default Action: Bypass (Non-web traffic to bypass as Default Action)
- Bypass Action for Custom Rules (Under bypass/network section for non-web traffic)
- Proxy Bypass (Web traffic to send to network/cloud firewall)
Policy Default Action: Bypass (Non-web traffic to bypass as Default Action)
- If the default action is set to Bypass and no rules under Network section match, traffic still routes through the Cloud Firewall.
- If the default action is set to Block, the firewall will drop the traffic.
Bypass Action for Custom Rules (Under bypass/network section for non-web traffic)
The following table describes the supported rule criterion on macOS (under bypass/network section for non-web traffic):
| Action | Supported on macOS | Notes/Workaround |
|---|---|---|
| All Traffic |  |
Workaround: Disable Cloud Firewall under the client profile. |
| Client IP | |
|
| Client Process Name | |
|
| Client Ready | |
|
| Destination IP | .png?revision=1&size=bestfit&width=22&height=22) |
Supported only when IP lists is configured. |
| Destination Port | |
|
| DNS Query For Private Application | |
DNS Query For Private Application gets resolved to 100.64.x.x by SC. |
| Domains | |
Supported only when domain list is configured. |
| IP Protocol | |
|
| IP Protocol Version | |
|
| Private Application | |
UDP-based Private Applications will go through Cloud Firewall and TCP based Private Applications will go through web gateways. |
| Windows OS Core Traffics | |
Proxy Bypass (Web traffic to send to network/cloud firewall)
This limitation applies only to web traffic, i.e., ports 80, 443, and other redirected HTTP/HTTPS, and does not apply to non-web traffic.
The following table describes each criterion's support on macOS regarding bypassing proxy for web traffic only:
| Action | macOS Supported | Notes/Workaround |
|---|---|---|
| All Traffic | |
There should not be any other criteria along with this. |
| Client IP | |
|
| Client Process Name | |
|
| Client Ready | |
|
| Destination IP | |
Supported only when IP list is configured. |
| Destination Port | |
Port 80/443/additional HTTP ports can not be forwarded to Cloud Firewall. |
| DNS Query For Private Application | |
DNS Query For Private Application gets resolved to 100.64.x.x by SC. |
| Domains | |
Supported only when domain list is configured. |
| IP Protocol | |
Limited to TCP protocol for 80/443/additional HTTP ports. |
| IP Protocol Version | |
Limited to TCP protocol for 80/443/additional HTTP ports. |
| Private Application | |
UDP-based Private Applications will go through Cloud Firewall, and TCP-based Private Applications will go through web gateways. |
| Windows OS Core Traffics | |