Security

Hi,

 

I've been trying to configure IAP to allow access to google play.

 

I've this:

 

wlan walled-garden
white-list "android.clients.google.com"
white-list ".ggpht.com"
white-list "play.google.com"

 

and this:

 

wlan access-rule BYOD-Provision
index 7
captive-portal external profile BYOD
rule XXXXXXXXXXX 255.255.255.255 match tcp 80 80 permit
rule XXXXXXXXXXX 255.255.255.255 match tcp 443 443 permit
rule XXXXXXXXXXX 255.255.255.255 match udp 53 53 permit
rule alias *.android.clients.google.com match any any any permit
rule alias *.ggpht.com match any any any permit
rule alias *.play.google.com match any any any permit
rule any any match any any any deny

 

But it seams that I'm not able to download the Quick Connect Client.

 

Any help Please?

Try adding these:

Hi!

 

This was abandoned for a while so I'm trying this again.

 

I can access play store (search for apps and everything) but can't download apps...

Have you run a packet capture to identify which domains are being hit when you try and download?
May i suggest using either F12 on Chrome to see which domains are being hit or install Firebug on Firefox which will allow you to see domains being hit.
If all your domains are whitelisted and you still cannot download, you may need to run a pcap to identify further what is going on

Following are the rules for onboarding android devices on IAP:

 

Please note the ".*"

 

wlan access-rule ONBOARD-PREAUTH

index 10

captive-portal external profile ONBOARD_CP

rule alias gw.symcb.com match any any any permit

rule alias android.clients.google.com match any any any permit

rule alias .*ggpht.com match any any any permit

rule alias .*googleapis.com match any any any permit

rule alias .*gvt1.com match any any any permit

rule alias .*googleusercontent.com match any any any permit

rule any any match any any any deny