D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: globalit on July 06, 2014, 05:40:29 AM

Title: The DFL-860 filters Google Play on android Devices
Post by: globalit on July 06, 2014, 05:40:29 AM

Hello everyone,

I have a DFL-860 installed on my network every thing is correct but the problem is that Google play doesn't work from Android devices (It does work from a computer), there are no rules or filters to block it, and even if I create an IP rule to allow every thing (all protocols and services) it didn't work, Please if you have any ideas about this issue kindly share it with me.
Thank you in advance.

The diagram of my network

(http://i.imgur.com/WsBJY1A.png)

Title: Re: The DFL-860 filters Google Play on android Devices
Post by: Rara Avis on July 07, 2014, 09:41:24 AM

Let's start with the good news, I use an android behind a DFL every day, and have never had an issue, so our problems won't be insurmountable.

If you correctly set an any/all-nets/all-services rule, then we can probably factor out IP rules.  unfortunately, I suspect that this will be a HTTP ALG issue, and so we need to be doubly sure that your allow all rule was number one on the IP Rules list.

Do you get any log entries when the traffic fails?

Title: Re: The DFL-860 filters Google Play on android Devices
Post by: globalit on July 08, 2014, 02:02:00 AM

Thank you for replying,

I use allow any/allnet/all-servoces without ALG,
for the HTTP ALG I am not using the ALGs for now,
and yes my allow rule is in the top of the list.

I get the following in the log:
 

Code: [Select]

conn_close_natsat close

Code: [Select]

ttl_low drop 

Code: [Select]

conn=close connnewsrcip=172.16.1.10 connnewsrcport=3427 connnewdestip=173.194.35.97 connnewdestport=443 origsent=13245 termsent=4335
All the android apps working except Google Play

Title: Re: The DFL-860 filters Google Play on android Devices
Post by: Rara Avis on July 10, 2014, 10:26:54 AM

Sorry, the following is a little bit more "stream of consciousness" than I would like.

Is that rule "Allow" or "NAT"?  If you are supposed to be performing NAT an allow all rule could be disastrous.

Does your DFL have a public IP on it's WAN?

Looks like your log entry got butchered, is that all one line, if not is the ttl_low for your android's session?  If so it looks like we have a ttl low issue, which is usually indicative of a routing loop.

Have we ben having problems just from one android?

Is the android running DHCP?

How is DHCP served?

Do your PCs and Android using the same DHCP server?

Title: Re: The DFL-860 filters Google Play on android Devices
Post by: globalit on July 13, 2014, 01:48:59 AM

Sorry for delay and thank you for reply,

-The rule is NAT.
- The DFL doesn't have a public IP, the public IP is configured on the modem.
-Yes that was all one line for android sesion log.
- The problem from all android devices and only with "Play Store".
- Yes my PCs and android devices are using the same DHCP server , the DFL is the DHCP server (DG=LANIP,  DNS=Modem-IP)

Best Regards.

Title: Re: The DFL-860 filters Google Play on android Devices
Post by: Rara Avis on July 14, 2014, 09:30:52 AM

Call your ISP, ask them to bridge your modem.

Once we are finished clearing up the double NAT then we can move on, but HTTPS difficulty is incredibly common with double NAT issues.

Title: Re: The DFL-860 filters Google Play on android Devices
Post by: globalit on July 17, 2014, 06:51:02 AM

Thank you Mr Rara for your help