I have a problem when I try to install iOS or whatOS Updates from my home network.
It always stops after the verification process, and tells me that the verification failed, and I should check my internet connection. So I did that
My Firewall is a pfsense box with two internet connections.
ISP_1 is DSL connected
IPS_2 is LTE connected
When I disable ISP_1 OR make the update over my local Internet connection on my phone, the update works.
So It seems to be an issue with ISP_1, but i'm out of ideas what might be the problem?
Updating an iPhone is possible without WLAN, but updating the apple watch is impossible.
May be a network or Firewall guy can help
Additional Information:When Updating over ISP_1 line I see a lot of RetransmitsFROM my phone to an Apple owned IP (17.x.x.x/8)
This NOT the case when I do the update over ISP_2!
All those connections are IPv4 only, and all outgoing traffic is allowed without any modifications.
For now I helped myself with a simple rule which sends out all Traffic directed to 17.0.0.0/8 over ISP_2. But that's only a workaround, not a solution...
EDIT
As the Rules where to be questioned on a statefull Firewall, the rule in question that allowes the trafic looks as folowing
pass in quick on igb1 route-to (igb0 37.186.x.y) inet from 192.168.1.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule"
the following rule inserted above the allow LAN to any fixes my issue
pass in quick on igb1 route-to (igb2 192.168.254.254) inet from any to <Apple> flags S/SA keep state label "USER_RULE"
<Apple> is a table containing the 17.0.0.0/8 Subnet block