Security

Reply
MVP
Posts: 1,380
Registered: ‎05-28-2008

enable to users only to go to googleplay/appstore.

Hi Guys

I have upcoming big deployment – and one of the major client demands are to enable to users only to go to googleplay/appstore.

Now here is the issue:

 

APPLE & Google keep changing address (ip address) so I can’t build a normal access role.

 

Please advise, or give me tip how to overcome this limitations in Aruba controller( I can see that I can add only IP HOST)

 

Thanks

 

Me.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 19,946
Registered: ‎03-29-2007

Re: enable to users only to go to googleplay/appstore.

[ Edited ]

If this is controller-based, you need to be running the latest ArubaOs 6.1.3.x and turn on DNS name resolution:

 

config t

ip name-server 8.8.8.8

ip domain-name company.com

ip domain lookup

netdestination android-market

  name android.clients.google.com

  name *.ggpht.com

  name *.apple.com

 

When you create your firewall policy you can permit traffic to the alias android-market

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 1,380
Registered: ‎05-28-2008

Thanks on the info - and that should work and allow only GooglePlay/Appstore

Thanks on the info - and that should work and allow only GooglePlay/Appstore (If i'm not allowing other port 80 services)

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 19,946
Registered: ‎03-29-2007

Re: Thanks on the info - and that should work and allow only GooglePlay/Appstore


kdisc98 wrote:

Thanks on the info - and that should work and allow only GooglePlay/Appstore (If i'm not allowing other port 80 services)


The apple store restricts only to the apple domain.  Have not found a way to just allow it to the store.  The android portion should work, however.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba
Posts: 1,279
Registered: ‎08-29-2007

Re: Thanks on the info - and that should work and allow only GooglePlay/Appstore

I can't see that as an option,

 

(Controller) (config) #ip d?
default-gateway         Specify default gateway (if not routing IP)
dhcp                    Configure DHCP Server
domain                  IP DNS Resolver
domain-name             Define the default domain name

(Controller) (config) #ip dns-server 8.8.8.8
                                              ^
% Invalid input detected at '^' marker.

(Controller) (config) #show version
Aruba Operating System Software.
ArubaOS (MODEL: Aruba620), Version 6.1.3.4

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 19,946
Registered: ‎03-29-2007

Re: Thanks on the info - and that should work and allow only GooglePlay/Appstore

supposed to be ip name-server.  I changed the original.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba
Posts: 1,279
Registered: ‎08-29-2007

Re: Thanks on the info - and that should work and allow only GooglePlay/Appstore

perfect for allowing through that annoying ocsp behaviour as well.

 

:smileyhappy:


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Aruba
Posts: 1,279
Registered: ‎08-29-2007

Re: Thanks on the info - and that should work and allow only GooglePlay/Appstore

so when I enter both the

 

ip name-server 8.8.8.8

ip domain-lookup

 

commands, it says I may need to reload the controller.  Is that really necessary?  I'd rather not have to schedule an outage with the customer.

 

Is this a command that is pushed down from the Master or done on the each local?

 

When a lookup is done, is it cached, or done each time a user hits the acl?

 

Thanks


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 19,946
Registered: ‎03-29-2007

Re: Thanks on the info - and that should work and allow only GooglePlay/Appstore


Michael_Clarke wrote:

so when I enter both the

 

ip name-server 8.8.8.8

ip domain-lookup

 

commands, it says I may need to reload the controller.  Is that really necessary?  I'd rather not have to schedule an outage with the customer.

 

Is this a command that is pushed down from the Master or done on the each local?

 

When a lookup is done, is it cached, or done each time a user hits the acl?

 

Thanks


No need to reload...usually.  Try it without doing that.

 

Lookup is cached.  If you type "show firewall dns-names" it will tell you what is resolved.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 1,380
Registered: ‎05-28-2008

i'am using 6.1.3.4 and there is no "ip domain-lookup" command... i'am getting invalid input

i'am using 6.1.3.4 and there is no "ip domain-lookup" command... i'am getting invalid input

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: