Controlling iTunes streaming radio

• FortiGate 2.8 - all units
• iTunes

Apple iTunes includes an Internet radio tuner which streams live Internet radio streams. These streams may slow network speeds and Internet access. You can control the access to these streams by blocking the ports the streams use.

The radio tuner streams use in the 8000 range and in the 42000 range.

For details on the ports iTunes uses, see the Apple Support article iTunes: Using the Radio Tuner Behind a Firewall.

To control iTunes radio stream access, add a new Service entry to the FortiGate unit and add a firewall policy to deny the service.

To create iTunes services

1. Go to Firewall>Service>Custom.
2. Select Create New.
3. Enter the name of the service.
4. Select the protocol of TCP.
5. Specify the Source Port number range by entering the low and high port numbers. For a single port number, enter this number in both the low and high fields.
6. Specify the Destination Port number range by entering the low and high port numbers. For a single port number, enter this number in both the low and high fields.
7. Select OK

Because iTunes uses two port ranges, create a Service Group, and include all iTunes services for the various ports.

To create a service group

1. Go to Firewall>Service>Group.
2. Select Create New.
3. Enter the group name
4. Add the iTunes services from the Available Services and move them to the Members column.
5. Select OK.

Add a firewall policy for the iTunes service group to control communications through this service.

To add a firewall policy

1. Go to Firewall>Policy.
2. Select Create New.
3. Configure the Source, Destination and Schedule.
4. Select the iTunes service group.
5. Select the Action as Deny.
6. Select OK.

For more information on Firewall policies, see the FortiGate Administration Guide.