07-19-13 Expert Day

Reply
Frequent Contributor I
Posts: 78
Registered: ‎03-24-2013

Allowing android.clients.google.com

For clearpass quick connect app for android we must allow android.clients.google.com which also allows android apps like youtube to work, anyway to allow only play market without allowing the rest of android apps ?
Aruba Employee
Posts: 30
Registered: ‎07-12-2010

Re: Allowing android.clients.google.com

Allowing android.clients.google.com should allow you to download anything on Google Play but it shouldn't allow network access from the downloaded apps themselves.  I tested the YouTube app on my Android device while in a Captive Portal role w/ HTTP/HTTPS access to android.clients.google.com and I was not able to search or watch a video.  I get the error "There was a problem starting up.  Check your network connection and system time".

 

Aruba controllers can't offer access control restrictions to only allow the URL's necessary to access the QuickConnect app and download only that (not allow anything else on the Play store).  It might be possible to do so with an application level firewall but my suspicion is that the URL's Google Play uses would rotate enough times to make this approach troubling to say the least.

 

 

Frequent Contributor I
Posts: 78
Registered: ‎03-24-2013

Re: Allowing android.clients.google.com

In my setup I have whitelisted android.clients.google.com and youtube is allowed after that for android devices only, the android.clients thing from its name would allow all the clients thst android use for google services and as far as I know they use the same ip addresses so when thr controller resolves android market the same ip is used later for youtube.. is that right ?
Aruba Employee
Posts: 30
Registered: ‎07-12-2010

Re: Allowing android.clients.google.com

That's very strange.  I wouldn't expect android.clients.google.com to serve YouTube videos.  Google has multiple /16 networks and their services are usually scattered around on those.  I tested with a Nexus 7 tablet and couldn't reproduce.   The YouTube app wouldn't let me do anything.  Which device and version are you using?  Do you have another Android device to test with?  Are there any other ACL's in your logon role that would give clients access to youtube?  Maybe try disabling the android.clients.google.com from the whitelist and confirm that the youtube access is removed (to eliminate the theory that there is some other reason for youtube access).
 
Since this forum is closed, you can PM me directly for follow ups.
Search Airheads
Showing results for 
Search instead for 
Did you mean: