Wireless Access

Contributor I

Google Play Whitelist URLs

I have a stateful firewall rules that allows access to a list of names and networks in order to allow users to access the Google Play store from a captive role. The list seems overly-exhaustive compared to suggested names found on other Airhead posts, but nonetheless we're continuing to see access problems from Android devices. If the device switches to cellular data, it connects and downloads Google Play applications with no problem. When connected to the wireless network and in a captive role, the store is inaccessible.


Below is the list of names/networks allowed to no avail:


  name android.clients.google.com
  name *.gvt1.com
  name *.ggpht.com
  name *.clients.google.com
  name *.play.google.com
  name *.googleusercontent.com
  name *.cloud.google.com                         
  name mst-ext.amazon.com                         
  name mas-ext.amazon.com                         
  name images-amazon.com                          
  name amzadsi-a.akamaihd.net                     
  name *.l.google.com                             
  name play.google.com                            
  name *.gstatic.com                              
  name *.appengine.google.com                     
  name *.googleapis.com                           
  name *.1e100.net                                
  name *.digicert.com                             
  name *.android.clients.google.com               
  name *.geotrust.com                             
  name *.settings.crashlytics.com                 
  name *.amazon.com                               
  name *.akamaiedge.net                           
  name *.akamaitechnologies.com                   
  name *.msftncsi.com                             
  name *.msftncsi.com.edgesuite.net               
  name Dig0kk115kms0.cloudfront.net               
  name *.akamaihd.net                             
  name *.cloudpath.net                            
  name android.l.google.com                       
  name photos-ugc.l.google.com                    
  name *.android.com                              

Guru Elite

Re: Google Play Whitelist URLs

You have wayyyy too many. Take a look here > https://github.com/aruba/clearpass-cloud-service-whitelists/blob/master/onboard/onboard_android.md

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Google Play Whitelist URLs

I agree - at this point I'm grasping at straws.


It appears Android v. 7 works fine with our existing captive whitelist but Android v. 8 fails with error 491 (from the Google Play store).

Contributor I

Re: Google Play Whitelist URLs

I added logging to the captive policies in our configuration and captured a single IP the device was attempting to get to: Once I added this single host to the end of the firewall destination rule set, it worked just fine. It seems strange that this single IP address would require access for the Google Play Cloudpath applet.

Search Airheads
Showing results for 
Search instead for 
Did you mean: