We have the same problem. I plan to give up on trying to keep track of the various things that need to be allowed.
As part of the process to have a cert generated and downloaded our users have to log into a web page. I plan to only allow access to the Internet after they have logged in to the web page. To discourage using this method to access the Internet rather than configuring WPA2 on their device we will have a short timeout so that they would have to enter their ID and password every X minutes. In addition the device we are using to redirect to our web page makes it fairly easy to block access to Facebook and Twitter etc. On May 29, 2015, at 9:25 AM, Jacob Bennefield <[email protected]> wrote: > We have been working with Ruckus and Cloudpath on this issue as well. These > are the web addresses we allow to make google play and a few other things > accessible. You basically have to open up everything to google but google.com > > 2 ocsp.digicert.com EditClone > 3 crl3.digicert.com EditClone > 4 crl4.digicert.com EditClone > 5 *.play.google.com EditClone > 6 *.ssl.gstatic.com EditClone > 7 *.android.clients.google.com EditClone > 8 *.googleusercontent.com EditClone > 9 *.ggpht.com EditClone > 10 *.geotrust.com EditClone > 11 *.appengine.google.com EditClone > 12 *.settings.crashlytics.com EditClone > 13 *.googleapis.com EditClone > 14 *.cloud.google.com EditClone > 15 *.gvt1.com EditClone > 16 *.android.com EditClone > 17 passwordreset.lamar.edu EditClone > 18 *.amazon.com EditClone > > > > Jacob Bennefield, BBA > Manager of Network Services > Lamar University > [email protected] > Phone: 409-880-7997 > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Turner, Ryan H > Sent: Friday, May 29, 2015 9:01 AM > To: [email protected] > Subject: [WIRELESS-LAN] google play ACL > > Hello all, > > I’ve asked this question in the past, got some answers, attempted to > implement some solutions, and have ultimately been disappointed with the > results… > > Our problem: We have a limited access onboarding SSID. Currently, users > must download the cloudpath agent directly from OUR server, requiring them to > configure their devices to allow non google market place applications. I am > attempting to streamline the onboarding process by allowing access to google > play directly to download the onboarding application, but am failing > miserably… I have put up the white flag and opened up most of google, but > now I am finding that through a combination of cache servers, and Samsung > devices that appear to query for their own app store first, my results work > only half the time. > > Has anyone else figured out a way to solve this madness? We are not going to > open up the SSID to everything, because people would just use it and not the > proper wireless. > > > Ryan H Turner > Senior Network Engineer > The University of North Carolina at Chapel Hill > CB 1150 Chapel Hill, NC 27599 > +1 919 445 0113 Office > +1 919 274 7926 Mobile > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found > athttp://www.educause.edu/groups/. > > > CONFIDENTIALITY: Any information contained in this e-mail > (including attachments) is the property of The State of Texas and > unauthorized disclosure or use is prohibited. Sending, receiving or > forwarding of confidential, proprietary and privileged information is > prohibited under Lamar Policy. If you received this e-mail in error, > please notify the sender and delete this e-mail from your system. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. --- Bruce Curtis [email protected] Certified NetAnalyst II 701-231-8527 North Dakota State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
