Home / Blog / Sequoia Network Drops
Troubleshooting 10 min read

macOS Sequoia Network Drops: Is It the Firewall or Your ISP?

Thousands of Mac users upgraded to Sequoia and immediately started experiencing random Wi-Fi drops. The culprit isn't always what you'd expect.

Healthy Network Team Network Engineers & macOS Developers

The Post-Upgrade Problem

The pattern is always the same. You upgrade to macOS Sequoia. Everything seems fine for a day or two. Then Wi-Fi starts dropping, sometimes for a few seconds, sometimes for minutes. Zoom calls cut out. SSH sessions die. Pages stop loading, then suddenly work again.

You restart the router. It works for an hour. Then it drops again. You run a speed test: 200 Mbps. "My internet is fine," you tell yourself, as Slack shows "connecting..." for the third time today.

The maddening part? Your phone, sitting right next to your Mac, connected to the same Wi-Fi, works perfectly.

This isn't your ISP. This isn't your router. This is Sequoia.

What Changed in Sequoia's Network Stack

Apple made two significant changes to networking in macOS Sequoia that affect real-world connectivity. Neither was prominently advertised:

Limit IP Address Tracking
A new privacy feature that routes certain traffic through Apple's iCloud Private Relay infrastructure, even for non-Safari traffic. Enabled by default on some networks.
Stricter Firewall Defaults
The built-in firewall now more aggressively blocks incoming connections and some UDP traffic, which can interfere with VoIP, gaming, and peer-to-peer protocols.

Both of these changes are well-intentioned. Apple is protecting user privacy and security. But the side effects on network stability are real and widespread, and Apple hasn't provided clear guidance for users experiencing issues.

The "Limit IP Address Tracking" Trap

This is the #1 cause of Sequoia network drops, and most users don't even know it exists.

Limit IP Address Tracking is a per-network setting found in System Settings → Network → Wi-Fi → Details (click the "Details..." button next to your connected network). When enabled, it routes DNS queries and some traffic through Apple's relay servers.

The problem: Apple's relay infrastructure adds a hop between you and the internet. For most browsing, the added latency (10–30ms) is invisible. But for real-time protocols like video calls, gaming, and SSH, it creates two issues:

  • Increased latency: Every packet takes a detour through Apple's servers. A direct 15ms connection becomes a 40ms connection.
  • Intermittent drops: When Apple's relay is under load or has a routing issue, your traffic stalls. Your Mac shows a Wi-Fi connection, but packets aren't getting through. This is the classic "connected but no internet" symptom.

What makes this particularly insidious is that it's enabled per-network. You might disable it at home, connect to a coffee shop Wi-Fi, and it silently enables itself on the new network. Every network gets its own setting.

How to Check

  1. Open System Settings → Network → Wi-Fi
  2. Click Details... next to your connected network name
  3. Look for "Limit IP Address Tracking"
  4. If the toggle is on, turn it off

Test your connection immediately after disabling it. If you've been experiencing intermittent drops, this single change resolves the issue for about 60% of users reporting Sequoia network problems.

Sequoia's Stricter Firewall Behavior

macOS has had a built-in firewall for years, and it's been off by default. Many users turn it on for security. Sequoia shipped with a firewall regression: when "Block all incoming connections" was enabled, the firewall began blocking UDP response packets, including DNS replies, that previous macOS versions correctly allowed through stateful packet inspection. Apple fixed the worst of this in macOS 15.0.1, but some users still report residual issues.

Why does this matter? Several common protocols rely on UDP responses:

  • Zoom/Teams/FaceTime: Video call media streams use UDP. When switching between Zoom's media servers (which happens frequently during a call), the new server's initial packets can be blocked.
  • Online gaming: Game servers send frequent UDP updates. If the firewall delays or drops the initial handshake from a new server, you experience lag spikes or disconnections.
  • DNS over UDP: Standard DNS queries use UDP port 53. Aggressive firewall rules can delay DNS resolution, making page loads feel sluggish even though your connection is fast.

Diagnosing Firewall Issues

The quickest diagnostic is to temporarily disable the firewall:

  1. Open System Settings → Network → Firewall
  2. Toggle the firewall off
  3. Test your connection for 30 minutes

If drops disappear with the firewall off, the fix isn't to leave it off permanently. Instead, re-enable it and check the Options... button. Ensure that the apps you rely on (Zoom, your game client, etc.) are listed as "Allow incoming connections." You may need to remove and re-add them after the Sequoia upgrade, as permissions can get reset.

Is It Your Mac or Your ISP? The Definitive Test

Sometimes the timing of an OS upgrade coincides with an actual ISP issue, and you blame the wrong thing. Here's how to know for certain.

The Two-Device Test

This is the simplest and most reliable method:

  1. Open Terminal on your Mac and run: ping -c 1000 1.1.1.1
  2. Simultaneously, open a ping app on your phone (any free "Ping" app works) and ping the same address on the same Wi-Fi network
  3. Let both run for 15 minutes

Compare the results:

  • Mac drops, phone doesn't: The problem is macOS. Likely the firewall or Limit IP Tracking feature.
  • Both drop at the same time: The problem is your router or ISP. Not Sequoia's fault. If drops follow a time-of-day pattern, your ISP may be throttling your connection.
  • Phone drops, Mac doesn't: Rare, but indicates a phone-side issue or Wi-Fi band differences (your phone may be on 2.4GHz while your Mac is on 5GHz).

The Continuous Monitoring Approach

Network drops are intermittent by nature. A single ping test might miss them entirely. Healthy Network runs continuously in your menu bar, recording every latency spike and packet loss event. When a drop happens, you can see exactly when it occurred and how long it lasted. No Terminal babysitting required.

The key insight is pattern recognition. Random drops with no pattern usually point to Wi-Fi interference. Drops that happen every 30–60 seconds like clockwork suggest a software process. Drops that coincide with heavy upload/download activity indicate bandwidth saturation or bufferbloat.

Correlating Drops with System Events

Open Console.app (Applications → Utilities → Console) and filter for "Wi-Fi" or "network" messages. When you experience a drop, check what macOS logged at that exact moment. Common culprits:

  • WiFiAgent messages about "channel scan": macOS is scanning for better access points, briefly disconnecting from your current one.
  • symptomsd messages about "network evaluation": macOS is testing whether your network actually has internet access. Sometimes it incorrectly concludes it doesn't and tries to switch networks.
  • mDNSResponder restarting: the DNS resolver crashed and restarted, causing a brief DNS outage.

Step-by-Step Fixes

Fix 1: Disable Limit IP Address Tracking (Most Common Fix)

  1. System Settings → Network → Wi-Fi
  2. Click Details... next to your network
  3. Toggle off "Limit IP Address Tracking"
  4. Important: You need to do this for every Wi-Fi network you join. The setting is per-network.

Fix 2: Audit Firewall App Permissions

  1. System Settings → Network → Firewall → Options...
  2. Review the list of apps. After upgrading to Sequoia, some apps lose their "Allow incoming connections" permission.
  3. Add any app that needs network access (Zoom, Slack, Discord, game clients) and set it to "Allow."
  4. Ensure "Block all incoming connections" is unchecked unless you specifically need it.

Fix 3: Reduce Wi-Fi Auto-Join Disruptions

macOS periodically scans for Wi-Fi networks and may switch between them, which can cause brief disconnections. While scanning itself can't be fully disabled (it's fundamental to how Wi-Fi works), you can reduce disruptions:

  1. System Settings → Network → Wi-Fi
  2. Set "Ask to join networks" to Off to prevent auto-joining unknown networks
  3. Remove saved networks you no longer use to prevent accidental auto-joins
  4. If you have both 2.4GHz and 5GHz networks listed separately, forget the 2.4GHz one. macOS sometimes bounces between them, causing brief disconnections each time.

Fix 4: Reset DNS Configuration

Sequoia's upgrade can sometimes corrupt DNS settings. Force a clean DNS configuration:

sudo dscacheutil -flushcache sudo killall -HUP mDNSResponder

Then manually set your DNS servers to prevent macOS from using your ISP's (often slow) defaults:

  1. System Settings → Network → Wi-Fi → Details → DNS
  2. Remove any existing entries
  3. Add 1.1.1.1 and 1.0.0.1 (Cloudflare) or 8.8.8.8 and 8.8.4.4 (Google)

Fix 5: Disable AWDL (AirDrop Interference)

Apple Wireless Direct Link (AWDL) powers AirDrop, AirPlay, and Sidecar. It forces your Wi-Fi radio to periodically hop between your access point's channel and AWDL's "social channels" (channels 6, 44, and 149), causing micro packet loss. Sequoia adds new wireless features like iPhone Mirroring that likely increase AWDL activity further.

# Disable AWDL temporarily sudo ifconfig awdl0 down # Verify it's down ifconfig awdl0 | grep status

Important: This is not persistent. macOS will re-enable AWDL after a sleep/wake cycle, a reboot, or when any app requests AirDrop or AirPlay. If disabling AWDL fixes your drops, the more lasting fix is to disable AirDrop: System Settings → General → AirDrop & Handoff → AirDrop: "No One." Alternatively, switching to Ethernet bypasses AWDL interference entirely.

The Nuclear Option: Network Configuration Reset

If none of the targeted fixes work, a full network configuration reset often resolves deep issues introduced by the Sequoia upgrade. This resets all network interfaces, Wi-Fi passwords, VPN configurations, and custom DNS settings.

Warning: This will erase all saved Wi-Fi passwords and custom network settings. Make sure you know your Wi-Fi password before proceeding.
# Back up current network config (just in case) sudo cp -r /Library/Preferences/SystemConfiguration ~/Desktop/NetworkBackup # Remove network configuration files sudo rm /Library/Preferences/SystemConfiguration/preferences.plist sudo rm /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist # Reboot sudo shutdown -r now

After rebooting, macOS will rebuild its network configuration from scratch. Reconnect to your Wi-Fi network and test. This effectively gives you a "clean" network stack without the accumulated settings from pre-Sequoia versions.

After the Reset

Once reconnected, go through the checklist:

  • Verify "Limit IP Address Tracking" is off (it may default back to on)
  • Set your preferred DNS servers manually
  • Re-configure your firewall app permissions if the firewall is enabled
  • Test with a continuous ping or monitoring tool for at least an hour to confirm stability

Frequently Asked Questions

Does macOS Sequoia cause Wi-Fi drops?

Yes. macOS Sequoia shipped with a firewall regression that caused the "Block all incoming connections" mode to inadvertently block DNS response packets and other UDP traffic. Apple partially fixed this in 15.0.1. Additionally, the "Limit IP Address Tracking" feature routes traffic through Apple's iCloud Private Relay servers, adding latency and sometimes dropping packets used by real-time apps.

How do I fix Sequoia network issues?

Start by disabling "Limit IP Address Tracking" in System Settings → Network → Wi-Fi → Details. If that doesn't help, check the firewall settings in System Settings → Network → Firewall and try toggling it off temporarily to see if connections improve. You can also reset your network configuration by deleting the preferences files in /Library/Preferences/SystemConfiguration/ and rebooting.

How do I tell if network drops are from my Mac or my ISP?

Test from two devices simultaneously. If your Mac drops but your phone on the same Wi-Fi doesn't, the issue is macOS. If both drop at the same time, it's your router or ISP. You can also monitor continuously with a tool like Healthy Network to correlate drop times with specific macOS events.

Should I turn off the macOS firewall?

The macOS firewall is off by default, and most home users behind a router don't strictly need it. If you suspect it's causing network drops, temporarily disabling it is a safe diagnostic step. If connectivity improves, you can re-enable it and add specific app exceptions rather than leaving it off permanently.

Is Sequoia killing your Wi-Fi? Prove it.

Healthy Network monitors latency, jitter, and packet loss continuously from your Mac menu bar. See exactly when drops happen and how long they last.

Download for Mac

Continue Reading

Remote Work

Why Zoom Says 'Unstable Connection' on Mac

5 common causes and how to fix each one.

 Troubleshooting

Is Your ISP Throttling You? How to Test on Mac

Detect ISP throttling with continuous monitoring and know when to call your provider.
All articles