Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Downloading ClearPass Quick Connect on Android

This thread has been viewed 7 times

  • 1.  Downloading ClearPass Quick Connect on Android

    Posted Mar 02, 2016 12:32 PM

    Hi Everyone,

     

    I am having issues getting the QuickConnect download from Google play to work consistantly. It was working last week, and this week it is again not working.

     

    How do you guys manage your ACL to keep this working all the time?

     

    I have created a policy in my OnBoard role which allows two things

    user > any : App 'Google-play'

    user > 'AppStores' : Service: Any

     

    AppStores is a destination group i have created which contains all the following:

    netdestination AppStores
      name android.clients.google.com
      name *.ggpht.com
      name *.apple.com
      name play.google.com
      name *.android.clients.google.com
      name *.googleusercontent.com
      network 74.125.0.0 255.255.0.0
      network 173.194.0.0 255.255.0.0
      network 173.227.0.0 255.255.0.0
      network 206.111.0.0 255.255.0.0
      network 64.18.0.0 255.255.240.0
      network 66.102.0.0 255.255.240.0
      network 72.14.192.0 255.255.192.0
      network 108.177.8.0 255.255.248.0
      network 207.126.144.0 255.255.240.0
      network 209.85.128.0 255.255.128.0
      network 216.58.192.0 255.255.224.0
      network 216.239.32.0 255.255.224.0
      network 172.217.0.0 255.255.224.0
      network 64.233.160.0 255.255.224.0
      network 66.249.80.0 255.255.240.0
    !

     

    This is a list of /16, /19, /20, /21 subnets for google which I have found on the internet. However the download still does not work...

     

    I have followed the instructions here https://support.google.com/a/answer/60764?hl=en to try to add all the google IPs, and still does not work. The other issue is that when i open up all these ranges users can access a bunch of google services before they even onboard their device, such as google image search, maps, etc. Also, this causes the google 'network assistant' to fail, so users need to manually open a browser and browse to a non-google website to trigger the onboarding process. This is not ideal.

     

    How can i allow access to the google play store, and download of applications? Has anyone found a solution which works, and does not need to be updated on a weekly basis?


    Thanks for any advice you can provide.

     

    _ELiasz



  • 2.  RE: Downloading ClearPass Quick Connect on Android
    Best Answer

    EMPLOYEE
    Posted Mar 02, 2016 12:35 PM

    It should work with only the 3 below.

     

    (BOSTON-7010) # show netdestination ND-GOOGLEPLAY

Name: ND-GOOGLEPLAY

Position  Type  IP addr    Mask-Len/Range
--------  ----  -------    --------------
1         name  0.0.0.37   android.clients.google.com
2         name  0.0.0.38   *.gvt1.com
3         name  0.0.0.39   *.ggpht.com

     

    Also, another option is to upload the APK to ClearPass and provide a link to download on the Onboard page.



  • 3.  RE: Downloading ClearPass Quick Connect on Android

    Posted Mar 02, 2016 12:43 PM

    Thanks for the quick reply Tim, i added the *.gvt1.com and that got it working.

     

    Perhaps someone over at Aruba should update the page http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-permit-Google-play-store-access-for-captive-portal-guest/ta-p/181652 to reflect this. I see now that there is a comment form you there with this information as well. I need to make sure to read the comments in the future as the answers are often there.

     

    Thanks again,

     

    _ELiasz