Security

Reply
fm
Contributor II

[IAP] Allow access to Google Play for Android Onboarding devices

Hi,

 

I've been trying to configure IAP to allow access to google play.

 

I've this:

 

wlan walled-garden
white-list "android.clients.google.com"
white-list ".ggpht.com"
white-list "play.google.com"

 

and this:

 

wlan access-rule BYOD-Provision
index 7
captive-portal external profile BYOD
rule XXXXXXXXXXX 255.255.255.255 match tcp 80 80 permit
rule XXXXXXXXXXX 255.255.255.255 match tcp 443 443 permit
rule XXXXXXXXXXX 255.255.255.255 match udp 53 53 permit
rule alias *.android.clients.google.com match any any any permit
rule alias *.ggpht.com match any any any permit
rule alias *.play.google.com match any any any permit
rule any any match any any any deny

 

But it seams that I'm not able to download the Quick Connect Client.

 

Any help Please?

Re: [IAP] Allow access to Google Play for Android Onboarding devices

Try adding these:

2015-02-02 11_46_29-Switch General Configuration.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
fm
Contributor II

Re: [IAP] Allow access to Google Play for Android Onboarding devices

Hi!

 

This was abandoned for a while so I'm trying this again.

 

I can access play store (search for apps and everything) but can't download apps...

Re: [IAP] Allow access to Google Play for Android Onboarding devices

Have you run a packet capture to identify which domains are being hit when you try and download?
May i suggest using either F12 on Chrome to see which domains are being hit or install Firebug on Firefox which will allow you to see domains being hit.
If all your domains are whitelisted and you still cannot download, you may need to run a pcap to identify further what is going on
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Aruba Employee

Re: [IAP] Allow access to Google Play for Android Onboarding devices

Following are the rules for onboarding android devices on IAP:

 

Please note the ".*"

 

wlan access-rule ONBOARD-PREAUTH

index 10

captive-portal external profile ONBOARD_CP

rule alias gw.symcb.com match any any any permit

rule alias android.clients.google.com match any any any permit

rule alias .*ggpht.com match any any any permit

rule alias .*googleapis.com match any any any permit

rule alias .*gvt1.com match any any any permit

rule alias .*googleusercontent.com match any any any permit

rule any any match any any any deny

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: