續上一個Post。
pFSense加Squid Proxy已經Config 好。Proxy Pac亦已經放係Web Server。係PC Browser可以順利用到Proxy,準備工作完成。
係Apple Community入面搵到一個幾好嘅Discussion
AppProxy Provider vs Global Proxy
以自己理解,AppProxyProvider 係 MDM Vendor 嘅App Gateway或者係我哋講MDM嘅PreApp VPN Gateway,等同MobileIron 嘅 Sentry
自己嘅推斷同下面呢段Message差唔多
To start, I want to be clear about one thing: App proxy providers and the global HTTP proxy are very different things. There are lots of architectural differences (app proxy providers are plumbed in at the kernel level whereas HTTP proxies require user-level support) but an obvious behavioural difference is that an app proxy provider will see all TCP connections for a particular app, whereas a global HTTP proxy will only see HTTP[S] connections but for all apps.
AppProxy可以Handle TCP / UDP ,但係Global HTTP Proxy真係HTTP/HTTPS
真正問題黎啦,當MDM 推個Global HTTP Proxy Profile落去部iOS device。會唔會導致問題?
答案係。 會有問題,而要Reproduce 嘅方法亦好特別。
係iOS嘅Global HTTP Proxy Profile有兩類 。
1. Auto
2. Manual
Type Auto 係用PAC file
Type Manual 係傳統嘅Server 加Port
而自己發現,Proxy Type用 Manual 係無問題嘅,但係當Proxy Type由原本嘅 Manual轉去Auto。問題就出現。
iOS無辦法正常地去Apply Profile Update,亦影響都Device嘅正常Check-In。而因為咁,部iOS其他嘅Activity 亦會唔正常
現在階段解決方法係有,但係等Vendor reproduce 個Issue,確定係真都未遲
Reference URL