This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
009fe3
Explorer
‎2023-03-29 01:37 AM

Allow Google Play Store Updates

Hi there!

We have some Android Tablets in our Environment (internal network) and want the apps to be up to date. We want to ensure, that only needed things are allow outbound.

So i checked the google article Android Enterprise Network Requirements - Android Enterprise Help (https://support.google.com/work/android/answer/10513641?hl=en) and created the following Access Control rule:

 

Source: Android_Tablet (Group of IPs of the Tablets)

Destination: Listed URLs of the Google support article + as a try "Google - HTTPS bypass" Updateable Object

Service & Applications: Any

Action: Accept

 

I have also added an HTTPS Insprection Rule:

Source: Android_Tablet (Group of IPs of the Tablets)

Destination: "Google - HTTPS bypass" Updateable Object

Service: https

Action: Bypass

 

After setting this i'm able to open the Playstore and see the apps. When i want to install an app or update an app, it seems to start but failed/time out after some time.

When i check the logs, there is still some IPs blocked. (188.21.9.24 - https 443 or 188.21.9.33 - UDP/443 or 188.21.9.33 - https/443)

When i allow that ip also, updates and app install is working fine, but we are not allowed to use IP Adresses that we are not able to associate.

 

How does u guys allow android playstore app update?

 

Regards

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-03-29 04:43 PM

The intended use of that particular object is for the HTTPS Inspection policy.
It may not contain everything that's in that Google article.
Also, our Updatable Objects come from information provided by the relevant vendor who are responsible for ensuring the information is up to date.

0 Kudos
009fe3
Explorer
‎2023-03-29 09:04 PM
In response to PhoneBoy

Sure, as i mentioned, this was only a try because the domains alone (listed in the android support article) does also not work.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-30 07:38 AM
In response to 009fe3

Let's start with some real basic information like:

  • Version/JHF of gateway
  • The access policy rule(s) you attempted to create to achieve this with the precise results. Screenshots (with sensitive details redacted) will be exceptionally helpful.

In general, you should be able to add the relevant domains to a Custom Applications/Sites object and use that in an Access Policy rule.
This implies:

  • You have Application Control enabled/licensed
  • Categorize HTTPS Websites is enabled (believe it is enabled by default)
  • The relevant traffic is http/https (believe it is in this case)

 

0 Kudos
the_rock
Legend
Legend
‎2023-03-30 07:46 AM

This is all that is available on CP by default. If you need more, you would have to create custom sites/group or IP ranges.

Andy

 

 

 

 

 

Screenshot_1.png

 

 

 

Screenshot_2.png

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events