Security

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Frequent Contributor I

Up to date Android/Google captive portal links

I'm trying to setup a pre-auth role for a captive portal that will launch the captive portal but will still allow access to the google playstore. I have not had much luck with this. I know I need to block access to connectivitycheck.gstatic.com but I have not been able to do this successfully.

 

I have a netdestination with URLs and subnets as well as a netdestination with *.gstatic.com. They are both added to associated access lists and added to the pre-auth role. I have the gstatic deny before the google playstore permit but no dice.  I can't just remove 172.217/16 because that breaks the access to the playstore.

 

show netdestination google-playstore

Name: google-playstore
Destination ID: 39


Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
1 name 0.0.0.9 android.clients.google.com
2 name 0.0.0.10 *.ggpht.com
3 name 0.0.0.11 *.gvt1.com
4 name 0.0.0.12 play.google.com
5 name 0.0.0.13 *.l.googleusercontent.com
6 network 64.18.0.0 255.255.240.0
7 network 66.102.0.0 255.255.240.0
8 network 64.233.160.0 255.255.224.0
9 network 66.249.80.0 255.255.240.0
10 network 72.14.192.0 255.255.192.0
11 network 74.125.0.0 255.255.0.0
12 network 108.177.0.0 255.255.128.0
13 network 173.194.0.0 255.255.0.0
14 network 207.126.144.0 255.255.240.0
15 network 209.85.128.0 255.255.128.0
16 network 216.58.192.0 255.255.224.0
17 network 216.239.32.0 255.255.224.0
18 network 172.217.0.0 255.255.0.0

 

Any idea how I can get this to work?

 

I've run into so many problems with the captive portal lately along with trying to redirect. Not to mention I can't get safari to work at ALL when I use a CNA bypass. It's a nightmare.

Highlighted
Guru Elite

Re: Up to date Android/Google captive portal links

Highlighted
Frequent Contributor I

Re: Up to date Android/Google captive portal links

Never saw that but thanks. However I would still have to blacklist connectivitycheck.gstatic in order to trigger the redirect yeah?

 

We're trying to implement onboarding with SecureW2 but how to construct the onboard SSID or merging that with our existing guest is proving difficult.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: