When we try to Onboard an Android device, the device needs to goto Google play to download the "ClearPass Quick Connect" app.
The Captive Portal profile configured on the controller which will host the Device provisioning page must be mapped to the firewall rules which allows access to google play.
Below are the steps to add the Destinations which we would need to add in the Captive Portal profile.
- Create Firewall Destination named GOOGLE-PLAY that contains android.clients.google.com and .ggpht.com (type=name)
- Add GOOGLE-PLAY to the Captive Portal Profile Whitelist
- Make sure the firewall policy ending in CP_list_operations appears at the top of the BYOD-role.
- Ensure you allow TCP 80 and TCP 5228 out to the Internet in post OnBoard role to allow Droid to "verify connectivity" correctly.