Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Google Play Whitelist URLs

This thread has been viewed 5 times

  • 1.  Google Play Whitelist URLs

    Posted Apr 09, 2018 12:01 PM

    I have a stateful firewall rules that allows access to a list of names and networks in order to allow users to access the Google Play store from a captive role. The list seems overly-exhaustive compared to suggested names found on other Airhead posts, but nonetheless we're continuing to see access problems from Android devices. If the device switches to cellular data, it connects and downloads Google Play applications with no problem. When connected to the wireless network and in a captive role, the store is inaccessible.

     

    Below is the list of names/networks allowed to no avail:

     

      name android.clients.google.com
      name *.gvt1.com
      name *.ggpht.com
      name *.clients.google.com
      name *.play.google.com
      name *.googleusercontent.com
      name *.cloud.google.com                         
      name mst-ext.amazon.com                         
      name mas-ext.amazon.com                         
      name images-amazon.com                          
      name amzadsi-a.akamaihd.net                     
      name *.l.google.com                             
      name play.google.com                            
      name *.gstatic.com                              
      name *.appengine.google.com                     
      name *.googleapis.com                           
      name *.1e100.net                                
      name *.digicert.com                             
      name *.android.clients.google.com               
      name *.geotrust.com                             
      name *.settings.crashlytics.com                 
      name *.amazon.com                               
      name *.akamaiedge.net                           
      name *.akamaitechnologies.com                   
      name *.msftncsi.com                             
      name *.msftncsi.com.edgesuite.net               
      name Dig0kk115kms0.cloudfront.net               
      name *.akamaihd.net                             
      name *.cloudpath.net                            
      name android.l.google.com                       
      name photos-ugc.l.google.com                    
      name *.android.com                              
      network 172.217.0.0 255.255.0.0                 
      network 74.125.228.0 255.255.255.0              



  • 2.  RE: Google Play Whitelist URLs

    EMPLOYEE
    Posted Apr 13, 2018 05:41 PM
    You have wayyyy too many. Take a look here > https://github.com/aruba/clearpass-cloud-service-whitelists/blob/master/onboard/onboard_android.md


  • 3.  RE: Google Play Whitelist URLs

    Posted Apr 16, 2018 10:56 AM

    I agree - at this point I'm grasping at straws.

     

    It appears Android v. 7 works fine with our existing captive whitelist but Android v. 8 fails with error 491 (from the Google Play store).



  • 4.  RE: Google Play Whitelist URLs

    Posted Apr 16, 2018 11:39 AM

    I added logging to the captive policies in our configuration and captured a single IP the device was attempting to get to: 66.109.53.172. Once I added this single host to the end of the firewall destination rule set, it worked just fine. It seems strange that this single IP address would require access for the Google Play Cloudpath applet.