How to deal with SmartConnect download for Android clients through a proxy network:
USED CASE: The issue surrounds the downloading of the app from the Google Play store. The customer has proxy boxes filtering Internet traffic. When a user connects to the initial SSID and authenticates, the user does not have proxy settings configured and so, can’t directly access the Play store. The expectation set is to not have customers mess with proxy settings (Once the Smart Connect app is run, the proxy settings are automatically populated).
KB ARTICLE TYPE: Troubleshooting
RELATED PRODUCTS: IDM
RELATED SOFTWARE VERSIONS: 13.2, 13.6
KEYWORDS: proxy, IDM, smart connect
Smart Connect for Android, unlike the one for Windows is downloaded from the Play store. Ergo, a user who needs to download Smart Connect must be provided with Internet access. If one has restricted Internet access to this SSID, one way of bypassing this is by allowing connections to the Play store only (bypassing any proxies on the way). Unfortunately the Play store uses a wide range of IP addresses and it is not easy to locate this information so this only works intermittently.
However, the following can be done as a more permanent solution:
- IDM supports hosting of WPAD files.
- However, we
support WPAD only via DNS.
- Web Proxy Auto-Discovery (WPAD)
defines a protocol using either DHCP or DNS on how a client can obtain a
PAC (Proxy Auto-Configuration) file.
- In this case, DHCP can
be used so that the server can send a URL that the client can
automatically configure itself to access (in response to a DHCP-INFORM),
to obtain the WPAD file. The DHCP Options detail would generally be
(for Microsoft DHCP... this may vary in your
environment):
Class=Global
Type=String
Code=252
Value=http://ISAServerName:AutoDiscoveryProtocolNo/wpad.dat
-
In this way, clients that obtain an IP address can be automatically
configured to use a Proxy.
- Now, this proxy will not be
reachable until Authentication (the controller-IDM architecture will
take care of that).
- After Authentication, the client can use
its Proxy settings (received via DHCP before authentication) to access
the Internet and download SmartConnect.
- IDM SmartConnect can of course always be configured for the client to use a different Proxy Server (as you have mentioned in the ticket) once SC installs the secure SSID.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.