-
administrator
- Site Admin
- Posts: 75
- Joined: Fri Apr 26, 2019 12:14 pm
Post
by administrator » Thu Jun 20, 2019 9:07 am
Firewall Settings if Using Android
- FCM ports and your firewall
If your organization has a firewall to restrict traffic to or from the Internet, you need to configure it to allow mobile devices to connect with FCM in order for devices on your network to receive messages. FCM typically uses port 5228, but it sometimes uses 5229 and 5230.
For outgoing connections, FCM doesn't provide specific IPs because our IP range changes too frequently and your firewall rules could get out of date impacting your users' experience. Ideally, you will whitelist ports 5228-5230 with no IP restrictions. However, if you must have an IP restriction, you should whitelist all of the IP addresses in the IPv4 and IPv6 blocks listed in Google's ASN of 15169. This is a large list and you should plan to update your rules monthly. Problems caused by firewall IP restrictions are often intermittent and difficult to diagnose.
Ports to open for incoming messages:
• 5228
• 5229
• 5230
Ports to allow outgoing connections:
One of these (option #1 is preferred):
1. No IP restrictions
2. All IP addresses contained in the IP blocks listed in Google's ASN of 15169. Don't forget to update this at least once a month.
Network Address Translation and/or Stateful Packet Inspection firewalls:
If your network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for our connections over ports 5228-5230. This enables us to provide reliable connectivity while reducing the battery consumption of your users' mobile devices.
Firewall Settings if Using iOS
- How Apple Push Notification Service connects
To use Apple Push Notification Service (APNs), your macOS and iOS clients need a direct and persistent connection to Apple's servers.
Your iPhone, iPad, or iPod touch might connect to APNs over cellular data (if capable) or Wi-Fi.
Check required ports
If you use Wi-Fi behind a firewall, or private Access Point Name for cellular data, connect to specific ports. You need a direct, unproxied connection to the APNs servers on these ports:
TCP port 5223 to communicate with APNs.
TCP port 443 or 2197 to send notifications to APNs.*
TCP port 443 is required during device activation, and afterwards for fallback (on Wi-Fi only) if devices can't reach APNs on port 5223.
The APNs servers use load balancing, so your devices don't always connect to the same public IP address for notifications. It's best to let your device access these ports on the entire 17.0.0.0/8 address block, which is assigned to Apple.
