This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow Google Play Store App

Hi All,

in our Web Appliance we have a default policiy that block all the internet traffic. Then with additional policy we enable the navigation for a subset of our user.

I want to allow the usage of Play Store App for all our Android devices, so they can download updates of apps.

At the moment i'm able to use Play Store App only if i put the IP of the device in a policy where all the internet navigation is allowed.

I need to know which sites Play Store App use and add them to local site list with "Globally Allow" tag. But i was unable to find any official google documentation about this.

I alredy add as "Globally Allowed"all the sites that are normally referred to Google like:

google.com

googleusercontent.com

android.clients.google.com

play.google.com

ggpht.com

 

But the Play Store doesn't work (impossible to download the apps) with our default policy.


Any suggestions?

Thanks



This thread was automatically locked due to age.
Parents
  • Hi Marco.

    A default deny policy is generally not a great way to police traffic, as in this case the problem you are having is that sites like google will make direct ip calls to sites with no regard to "get" requests.  Without HTTPS scanning it may further complicate the matter because content may be hosted by a 3rd party site. 

    You may wish to review this set up.

    https://community.sophos.com/products/web-appliance/f/web-appliance-hardware-or-virtual/89809/duplicating-policy/326069#326069

    The idea here is that if your not authenticated, your automatically blocked.

     

    Then create policy for your users/groups .. In your case you would allow the infrastructure category.  

    Also you can try adding the following to your LSL.  Use the add multiple sites and apply the ALLOW tag as described in the above policy example.   (that will tage them all at once)

    google

    google.com
    googleapis.com
    gstatic.com
    googleusercontent.com
    accounts.google.com
    drive.google.com
    docs.google.com
    www.gmail.com

    Youtube

    google.com
    googlevideo.com
    ytimg.com
    youtube.be

Reply
  • Hi Marco.

    A default deny policy is generally not a great way to police traffic, as in this case the problem you are having is that sites like google will make direct ip calls to sites with no regard to "get" requests.  Without HTTPS scanning it may further complicate the matter because content may be hosted by a 3rd party site. 

    You may wish to review this set up.

    https://community.sophos.com/products/web-appliance/f/web-appliance-hardware-or-virtual/89809/duplicating-policy/326069#326069

    The idea here is that if your not authenticated, your automatically blocked.

     

    Then create policy for your users/groups .. In your case you would allow the infrastructure category.  

    Also you can try adding the following to your LSL.  Use the add multiple sites and apply the ALLOW tag as described in the above policy example.   (that will tage them all at once)

    google

    google.com
    googleapis.com
    gstatic.com
    googleusercontent.com
    accounts.google.com
    drive.google.com
    docs.google.com
    www.gmail.com

    Youtube

    google.com
    googlevideo.com
    ytimg.com
    youtube.be

Children
No Data