https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176684#M68883 <P>Sure, as i mentioned, this was only a try because the domains alone (listed in the android support article) does also not work.</P> Thu, 30 Mar 2023 04:04:45 GMT 009fe3 2023-03-30T04:04:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176530#M68881 <P>Hi there!</P><P>We have some Android Tablets in our Environment (internal network) and want the apps to be up to date. We want to ensure, that only needed things are allow outbound.</P><P>So i checked the google article Android Enterprise Network Requirements - Android Enterprise Help (<A href="https://support.google.com/work/android/answer/10513641?hl=en" target="_blank">https://support.google.com/work/android/answer/10513641?hl=en</A>) and created the following Access Control rule:</P><P>&nbsp;</P><P>Source: Android_Tablet (Group of IPs of the Tablets)</P><P>Destination: Listed URLs of the Google support article + as a try "Google - HTTPS bypass" Updateable Object</P><P>Service &amp; Applications: Any</P><P>Action: Accept</P><P>&nbsp;</P><P>I have also added an HTTPS Insprection Rule:</P><P>Source: Android_Tablet (Group of IPs of the Tablets)</P><P>Destination: "Google - HTTPS bypass" Updateable Object</P><P>Service: https</P><P>Action: Bypass</P><P>&nbsp;</P><P>After setting this i'm able to open the Playstore and see the apps. When i want to install an app or update an app, it seems to start but failed/time out after some time.</P><P>When i check the logs, there is still some IPs blocked. (188.21.9.24 - https 443 or 188.21.9.33 - UDP/443 or 188.21.9.33 - https/443)</P><P>When i allow that ip also, updates and app install is working fine, but we are not allowed to use IP Adresses that we are not able to associate.</P><P>&nbsp;</P><P>How does u guys allow android playstore app update?</P><P>&nbsp;</P><P>Regards</P> Wed, 29 Mar 2023 08:37:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176530#M68881 009fe3 2023-03-29T08:37:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176672#M68882 <P>The intended use of that particular object is for the HTTPS Inspection policy.<BR />It may not contain everything that's in that Google article.<BR />Also, our Updatable Objects come from information provided by the relevant vendor who are responsible for ensuring the information is up to date.</P> Wed, 29 Mar 2023 23:43:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176672#M68882 PhoneBoy 2023-03-29T23:43:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176684#M68883 <P>Sure, as i mentioned, this was only a try because the domains alone (listed in the android support article) does also not work.</P> Thu, 30 Mar 2023 04:04:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176684#M68883 009fe3 2023-03-30T04:04:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176763#M68884 <P>Let's start with some real basic information like:</P> <UL> <LI>Version/JHF of gateway</LI> <LI>The access policy rule(s) you attempted to create to achieve this with the precise results. Screenshots (with sensitive details redacted) will be exceptionally helpful.</LI> </UL> <P>In general, you should be able to add the relevant domains to a Custom Applications/Sites object and use that in an Access Policy rule.<BR />This implies:</P> <UL> <LI>You have Application Control enabled/licensed</LI> <LI>Categorize HTTPS Websites is enabled (believe it is enabled by default)</LI> <LI>The relevant traffic is http/https (believe it is in this case)</LI> </UL> <P>&nbsp;</P> Thu, 30 Mar 2023 14:38:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176763#M68884 PhoneBoy 2023-03-30T14:38:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176766#M68885 <P>This is all that is available on CP by default. If you need more, you would have to create custom sites/group or IP ranges.</P> <P>Andy</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/20331iC4AB527084B3EF7F/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_2.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/20332i92E7F47B3A2F191D/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_2.png" alt="Screenshot_2.png" /></span></P> <P> </P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 30 Mar 2023 14:46:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Allow-Google-Play-Store-Updates/m-p/176766#M68885 the_rock 2023-03-30T14:46:57Z