Wireless Access

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:


Any solution for this? Thank you

------------------------------
AA
------------------------------

Try using the following for your google play alias:

netdestination google-play-dest
name android.clients.google.com
name *.googleapis.com
name *.gvt1.com
name *.ggpht.com
name *.googleusercontent.com
name *.gstatic.com
name clients.l.google.com
name accounts.google.com
name accounts.youtube.com
name connectivitycheck.android.com
name connectivitycheck.gstatic.com
name www.google.com



------------------------------
Dustin Burns
------------------------------

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

I tried that. Didnt work. The captive portal successfully pops up, but i cannot download the quickconnect

@Victor Fabian i don't quite get what you mean?​

------------------------------
AA
------------------------------

Original Message:
Sent: Nov 23, 2020 08:23 AM
From: Dustin Burns
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Try using the following for your google play alias:

netdestination google-play-dest
name android.clients.google.com
name *.googleapis.com
name *.gvt1.com
name *.ggpht.com
name *.googleusercontent.com
name *.gstatic.com
name clients.l.google.com
name accounts.google.com
name accounts.youtube.com
name connectivitycheck.android.com
name connectivitycheck.gstatic.com
name www.google.com



------------------------------
Dustin Burns

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

When the pop up happens , the mobile device brings up the mini-browser and the OnBoarding process will not work

------------------------------
Victor Fabian, ACEX#8
Mobility Architect @ WEI
------------------------------

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
------------------------------

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

I already use the portal for guest and onboard with a link to do the onboarding process, as shown in this picture:


------------------------------
AA
------------------------------

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

Update: The captive portal pop up works on windows 10 laptops, but doesnt seem to work on mobile devices. Any idea for this?

------------------------------
AA
------------------------------

Original Message:
Sent: Nov 24, 2020 04:51 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

I already use the portal for guest and onboard with a link to do the onboarding process, as shown in this picture:

For guest user, after doing the self registration and logging in, they will get the guest role.
For onboard user (employee), after the onboarding process, they will use the 2nd SSID for boarded user.

------------------------------
AA

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

Some mobile devices will switch to cellular/mobile data when they think that is better for you, but that breaks the captive portal or onboard. You can try disabling mobile data temporarily and see if it works then.

That is really hard to tell from just the information 'doesn't work for mobile devices'. If you can, work with your Aruba partner or Aruba Support so you can show what is going on, and troubleshoot the client traffic while it is happening.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
------------------------------

Original Message:
Sent: Nov 27, 2020 04:23 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Update: The captive portal pop up works on windows 10 laptops, but doesnt seem to work on mobile devices. Any idea for this?

------------------------------
AA

Original Message:
Sent: Nov 24, 2020 04:51 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

I already use the portal for guest and onboard with a link to do the onboarding process, as shown in this picture:

For guest user, after doing the self registration and logging in, they will get the guest role.
For onboard user (employee), after the onboarding process, they will use the 2nd SSID for boarded user.

------------------------------
AA

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

Hello Herman,

how are you,

how can i switch role through web login clearpass guest, so i can get role that have whitelist google play ?

thankyou

------------------------------
BR,

Hudaya
------------------------------

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

Simplest to explain is to put a link/form with 'known guest credentials' (can be in your local user database) that does a normal login and switches the role to one that has the allow listed google play, Apple, etc, and then redirect to another portal that continues the onboard process.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 06, 2021 10:51 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Hello Herman,

how are you,

how can i switch role through web login clearpass guest, so i can get role that have whitelist google play ?

thankyou

------------------------------
BR,

Hudaya

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

Dear Herman,

now we have redirected to download quickconnect and network config,

but stuck in here, 


we try with different android device, still same issue

any idea sir ?

------------------------------
BR,

Hudaya
------------------------------

Original Message:
Sent: Dec 07, 2021 04:46 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Simplest to explain is to put a link/form with 'known guest credentials' (can be in your local user database) that does a normal login and switches the role to one that has the allow listed google play, Apple, etc, and then redirect to another portal that continues the onboard process.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 06, 2021 10:51 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Hello Herman,

how are you,

how can i switch role through web login clearpass guest, so i can get role that have whitelist google play ?

thankyou

------------------------------
BR,

Hudaya

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

What does that exclamation sign ( /!\ ) tell? It looks like one of the download pages is intercepted by the captive portal instead of passed through. What role is the user in at this point? And what are the rules?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 08, 2021 10:56 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Dear Herman,

now we have redirected to download quickconnect and network config,

but stuck in here, 


we try with different android device, still same issue

any idea sir ?

------------------------------
BR,

Hudaya

Original Message:
Sent: Dec 07, 2021 04:46 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Simplest to explain is to put a link/form with 'known guest credentials' (can be in your local user database) that does a normal login and switches the role to one that has the allow listed google play, Apple, etc, and then redirect to another portal that continues the onboard process.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 06, 2021 10:51 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Hello Herman,

how are you,

how can i switch role through web login clearpass guest, so i can get role that have whitelist google play ?

thankyou

------------------------------
BR,

Hudaya

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

nevermind sir,

android have hardening system that wont allow redirect captive portal via HTTP, but quickconnect need allow HTTP and HTTPS to playstore, so it stuck there,

we upload it to clearpass and take out the whitelist, seems work fine for us,

one more thing, can we remove icon picture for download quickconnect from playstorein clearpass page if the device is android device ?

i could only edit the text only, not the download picture

------------------------------
BR,

Hudaya
------------------------------

Original Message:
Sent: Dec 10, 2021 09:39 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

What does that exclamation sign ( /!\ ) tell? It looks like one of the download pages is intercepted by the captive portal instead of passed through. What role is the user in at this point? And what are the rules?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 08, 2021 10:56 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Dear Herman,

now we have redirected to download quickconnect and network config,

but stuck in here, 


we try with different android device, still same issue

any idea sir ?

------------------------------
BR,

Hudaya

Original Message:
Sent: Dec 07, 2021 04:46 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Simplest to explain is to put a link/form with 'known guest credentials' (can be in your local user database) that does a normal login and switches the role to one that has the allow listed google play, Apple, etc, and then redirect to another portal that continues the onboard process.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 06, 2021 10:51 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Hello Herman,

how are you,

how can i switch role through web login clearpass guest, so i can get role that have whitelist google play ?

thankyou

------------------------------
BR,

Hudaya

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

I don't think the link to Google Play is customizable. You might do something with javascript/CSS in the skin to hide the element/class that displays the icon. That is not trivial though, but if you have the skills it may be possible.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 12, 2021 11:11 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

nevermind sir,

android have hardening system that wont allow redirect captive portal via HTTP, but quickconnect need allow HTTP and HTTPS to playstore, so it stuck there,

we upload it to clearpass and take out the whitelist, seems work fine for us,

one more thing, can we remove icon picture for download quickconnect to playstore from playstore if the device is android device ?

i could only edit the text only, not the download picture

------------------------------
BR,

Hudaya

Original Message:
Sent: Dec 10, 2021 09:39 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

What does that exclamation sign ( /!\ ) tell? It looks like one of the download pages is intercepted by the captive portal instead of passed through. What role is the user in at this point? And what are the rules?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 08, 2021 10:56 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Dear Herman,

now we have redirected to download quickconnect and network config,

but stuck in here, 


we try with different android device, still same issue

any idea sir ?

------------------------------
BR,

Hudaya

Original Message:
Sent: Dec 07, 2021 04:46 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Simplest to explain is to put a link/form with 'known guest credentials' (can be in your local user database) that does a normal login and switches the role to one that has the allow listed google play, Apple, etc, and then redirect to another portal that continues the onboard process.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 06, 2021 10:51 PM
From: hudaya hudaya
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Hello Herman,

how are you,

how can i switch role through web login clearpass guest, so i can get role that have whitelist google play ?

thankyou

------------------------------
BR,

Hudaya

Original Message:
Sent: Nov 24, 2020 04:42 AM
From: Herman Robers
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

if you want to use your captive portal both for Guest and Onboarding, what you could do is initially redirect to the guest portal with no whitelists, then put a link or login button to sign in for Onboarding in the guest portal (you can use an account in the local user database for that, example username onboard with password onboard) and after login switch to a role that does what you already have with the whitelist. Users might at that point need to open the browser manually, which unfortunately is what it is.

Your requirements are contradicting: For guests you want to have the pop-up for convenience, for Onboard you cannot have the pop-up as the onboarding process will not work from there because of the client operating system security hardening. Having two different roles and switch to the onboarding role through a web-login is close to what you can get.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

Not sure if this is the best solution, but i deleted the svc-http to the google play alias, now the captive portal works, both the mobile and laptop.

------------------------------
AA
------------------------------

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------

On the logon role I added https for netdestination google-play-dest, but removed www.google.com from it. Then I added google.com as it's own netdestination and added it to ALLOW list in the captive-portal profile. That caused the auto-login feature to remain intact, but still able to download QuickConnect from Google Play.
There is some snag with this tho, where the client will have to click a "Continue in browser" link while in the auto-popup-browser, which pops Chrome and cause a second login. Most of the users doesn't need OnBoard anyways as this was only for employees which can get info of this in advance.

------------------------------
John-Egil Solberg |
ACMX | ACCX
------------------------------

Original Message:
Sent: Dec 01, 2020 10:40 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

Not sure if this is the best solution, but i deleted the svc-http to the google play alias, now the captive portal works, both the mobile and laptop.

------------------------------
AA

Original Message:
Sent: Nov 23, 2020 05:17 AM
From: Aria adhiguna
Subject: Clearpass onboard captive portal no pop up because of allow google play ACL

hello, im trying to setup clearpass onboard with dual SSID using the guidance from Aruba Solution Exchange. The captive portal successfully pops up when i use my laptop to connect, i can also successfully provision my laptop. When i tried to connect using my mobile phone, the portal doesn't pop up. After troubleshooting it, i found that after i deleted the policy to allow google play download (for quickconnect), the captive portal pops up. If i do that, i cannot download QuickConnect and therefore cannot provision my device. Here are some details of the policies:

Any solution for this? Thank you

------------------------------
AA
------------------------------