Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
009fe3
Explorer

Allow Google Play Store Updates

Hi there!

We have some Android Tablets in our Environment (internal network) and want the apps to be up to date. We want to ensure, that only needed things are allow outbound.

So i checked the google article Android Enterprise Network Requirements - Android Enterprise Help (https://support.google.com/work/android/answer/10513641?hl=en) and created the following Access Control rule:

 

Source: Android_Tablet (Group of IPs of the Tablets)

Destination: Listed URLs of the Google support article + as a try "Google - HTTPS bypass" Updateable Object

Service & Applications: Any

Action: Accept

 

I have also added an HTTPS Insprection Rule:

Source: Android_Tablet (Group of IPs of the Tablets)

Destination: "Google - HTTPS bypass" Updateable Object

Service: https

Action: Bypass

 

After setting this i'm able to open the Playstore and see the apps. When i want to install an app or update an app, it seems to start but failed/time out after some time.

When i check the logs, there is still some IPs blocked. (188.21.9.24 - https 443 or 188.21.9.33 - UDP/443 or 188.21.9.33 - https/443)

When i allow that ip also, updates and app install is working fine, but we are not allowed to use IP Adresses that we are not able to associate.

 

How does u guys allow android playstore app update?

 

Regards

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

The intended use of that particular object is for the HTTPS Inspection policy.
It may not contain everything that's in that Google article.
Also, our Updatable Objects come from information provided by the relevant vendor who are responsible for ensuring the information is up to date.

0 Kudos
009fe3
Explorer

Sure, as i mentioned, this was only a try because the domains alone (listed in the android support article) does also not work.

0 Kudos
PhoneBoy
Admin
Admin

Let's start with some real basic information like:

  • Version/JHF of gateway
  • The access policy rule(s) you attempted to create to achieve this with the precise results. Screenshots (with sensitive details redacted) will be exceptionally helpful.

In general, you should be able to add the relevant domains to a Custom Applications/Sites object and use that in an Access Policy rule.
This implies:

  • You have Application Control enabled/licensed
  • Categorize HTTPS Websites is enabled (believe it is enabled by default)
  • The relevant traffic is http/https (believe it is in this case)

 

0 Kudos
the_rock
Legend
Legend

This is all that is available on CP by default. If you need more, you would have to create custom sites/group or IP ranges.

Andy

 

 

 

 

 

Screenshot_1.png

 

 

 

Screenshot_2.png

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events