Security

Reply
Regular Contributor I
Posts: 167
Registered: ‎04-13-2009

Downloading ClearPass Quick Connect on Android

Hi Everyone,

 

I am having issues getting the QuickConnect download from Google play to work consistantly. It was working last week, and this week it is again not working.

 

How do you guys manage your ACL to keep this working all the time?

 

I have created a policy in my OnBoard role which allows two things

user > any : App 'Google-play'

user > 'AppStores' : Service: Any

 

AppStores is a destination group i have created which contains all the following:

netdestination AppStores
  name android.clients.google.com
  name *.ggpht.com
  name *.apple.com
  name play.google.com
  name *.android.clients.google.com
  name *.googleusercontent.com
  network 74.125.0.0 255.255.0.0
  network 173.194.0.0 255.255.0.0
  network 173.227.0.0 255.255.0.0
  network 206.111.0.0 255.255.0.0
  network 64.18.0.0 255.255.240.0
  network 66.102.0.0 255.255.240.0
  network 72.14.192.0 255.255.192.0
  network 108.177.8.0 255.255.248.0
  network 207.126.144.0 255.255.240.0
  network 209.85.128.0 255.255.128.0
  network 216.58.192.0 255.255.224.0
  network 216.239.32.0 255.255.224.0
  network 172.217.0.0 255.255.224.0
  network 64.233.160.0 255.255.224.0
  network 66.249.80.0 255.255.240.0
!

 

This is a list of /16, /19, /20, /21 subnets for google which I have found on the internet. However the download still does not work...

 

I have followed the instructions here https://support.google.com/a/answer/60764?hl=en to try to add all the google IPs, and still does not work. The other issue is that when i open up all these ranges users can access a bunch of google services before they even onboard their device, such as google image search, maps, etc. Also, this causes the google 'network assistant' to fail, so users need to manually open a browser and browse to a non-google website to trigger the onboarding process. This is not ideal.

 

How can i allow access to the google play store, and download of applications? Has anyone found a solution which works, and does not need to be updated on a weekly basis?


Thanks for any advice you can provide.

 

_ELiasz

-------------------
ACDX, ACCP, CISSP, CWNA
Guru Elite
Posts: 7,991
Registered: ‎09-08-2010

Re: Downloading ClearPass Quick Connect on Android

[ Edited ]

It should work with only the 3 below.

 

(BOSTON-7010) # show netdestination ND-GOOGLEPLAY

Name: ND-GOOGLEPLAY

Position  Type  IP addr    Mask-Len/Range
--------  ----  -------    --------------
1         name  0.0.0.37   android.clients.google.com
2         name  0.0.0.38   *.gvt1.com
3         name  0.0.0.39   *.ggpht.com

 

Also, another option is to upload the APK to ClearPass and provide a link to download on the Onboard page.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor I
Posts: 167
Registered: ‎04-13-2009

Re: Downloading ClearPass Quick Connect on Android

Thanks for the quick reply Tim, i added the *.gvt1.com and that got it working.

 

Perhaps someone over at Aruba should update the page http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-permit-Google-play-store-access-for-captive-portal-guest/ta-p/181652 to reflect this. I see now that there is a comment form you there with this information as well. I need to make sure to read the comments in the future as the answers are often there.

 

Thanks again,

 

_ELiasz

-------------------
ACDX, ACCP, CISSP, CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: