Security

Reply
Contributor II

Up to date Android/Google captive portal links

I'm trying to setup a pre-auth role for a captive portal that will launch the captive portal but will still allow access to the google playstore. I have not had much luck with this. I know I need to block access to connectivitycheck.gstatic.com but I have not been able to do this successfully.

 

I have a netdestination with URLs and subnets as well as a netdestination with *.gstatic.com. They are both added to associated access lists and added to the pre-auth role. I have the gstatic deny before the google playstore permit but no dice.  I can't just remove 172.217/16 because that breaks the access to the playstore.

 

show netdestination google-playstore

Name: google-playstore
Destination ID: 39


Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
1 name 0.0.0.9 android.clients.google.com
2 name 0.0.0.10 *.ggpht.com
3 name 0.0.0.11 *.gvt1.com
4 name 0.0.0.12 play.google.com
5 name 0.0.0.13 *.l.googleusercontent.com
6 network 64.18.0.0 255.255.240.0
7 network 66.102.0.0 255.255.240.0
8 network 64.233.160.0 255.255.224.0
9 network 66.249.80.0 255.255.240.0
10 network 72.14.192.0 255.255.192.0
11 network 74.125.0.0 255.255.0.0
12 network 108.177.0.0 255.255.128.0
13 network 173.194.0.0 255.255.0.0
14 network 207.126.144.0 255.255.240.0
15 network 209.85.128.0 255.255.128.0
16 network 216.58.192.0 255.255.224.0
17 network 216.239.32.0 255.255.224.0
18 network 172.217.0.0 255.255.0.0

 

Any idea how I can get this to work?

 

I've run into so many problems with the captive portal lately along with trying to redirect. Not to mention I can't get safari to work at ALL when I use a CNA bypass. It's a nightmare.

Guru Elite

Re: Up to date Android/Google captive portal links

Have you tried here?  https://github.com/aruba/clearpass-cloud-service-whitelists


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: Up to date Android/Google captive portal links

Never saw that but thanks. However I would still have to blacklist connectivitycheck.gstatic in order to trigger the redirect yeah?

 

We're trying to implement onboarding with SecureW2 but how to construct the onboard SSID or merging that with our existing guest is proving difficult.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: