Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

FCM firewall restriction

Tags:

android

google-cloud-messaging

push-notification

We are using FCM for our android app.

But our customer has a firewall restriction on their network. They gave port (5228, 5229, 5230) permission for geting message from FCM, but we can't get token at the init state.

We connect to an other network to get token, then connect again restricted network and send notification succesfuly.

Is there an other permission have to be given for the token registration for FCM service?

like image 294
A.kadir olmez Avatar asked Oct 22 '25 17:10

A.kadir olmez

1 Answers

Here's what Firebase documentation stated about firewall and network restriction:

If your organization has a firewall to restrict traffic to or from the Internet, you need to configure it to allow mobile devices to connect with FCM in order for devices on your network to receive messages. FCM typically uses port 5228, but it sometimes uses 5229 and 5230.

For outgoing connections, FCM doesn't provide specific IPs because our IP range changes too frequently and your firewall rules could get out of date impacting your users' experience. Ideally, you will whitelist ports 5228-5230 with no IP restrictions. However, if you must have an IP restriction, you should whitelist all of the IP addresses in the IPv4 and IPv6 blocks listed in Google's ASN of 15169. This is a large list and you should plan to update your rules monthly. Problems caused by firewall IP restrictions are often intermittent and difficult to diagnose.

Ports to open for incoming messages:

  • 5228
  • 5229
  • 5230

Ports to allow outgoing connections:

One of these (option #1 is preferred):

  • No IP restrictions
  • All IP addresses contained in the IP blocks listed in Google's ASN of 15169. Don't forget to update this at least once a month.

Network Address Translation and/or Stateful Packet Inspection firewalls:

If your network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for our connections over ports 5228-5230. This enables us to provide reliable connectivity while reducing the battery consumption of your users' mobile devices.

like image 149
looptheloop88 Avatar answered Oct 24 '25 07:10

looptheloop88
Sign in to Comment

Related questions

Firestore - Facebook Invalid OAuth access token signature code 190
Unable to scroll pdf file in android app used react-native-pdf
How to prevent screen rotation with android development in delphi xe5 Firemonkey
Android Text-To-Speech throws ActivityNotFoundException
Convert Unicode to escaped Unicode programmatically
Android canvas line strokeCap round larger than simple line
How to handle multiple NavHosts/NavControllers?
Difference between topic messaging and device token cloud function push notification?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!