2

We have a mobile application that uses Google Cloud Messaging. This means our internal server has to communicate with Google's GCM server at android.googleapis.com on a specific port.

Our IT team is reluctant to open this outgoing port to any machine, and therefore would like to configure the firewall so we can only talk to the Google GCM server on this port.

This is where it get's tricky. In their developer docs, Google gives the following configuration advice:

"Note: If your organization has a firewall that restricts the traffic to or from the Internet, you need to configure it to allow connectivity with GCM in order for your Android devices to receive messages. The ports to open are: 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230. GCM doesn't provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169."

Is there an authoritative source of what IP Addresses make up ASN 15169? I've done a lot of searching, and have come up with some dodgy looking sites. I was hoping to fine the canonical list somewhere.

Thanks for your help.

Jeff
  • 163
  • 1
  • 2
  • 4

4 Answers4

2

Have you tried Hurricane Electric's site: http://bgp.he.net/AS15169#_asinfo

I've used their tools and resources for years and found them to be excellent.

HeXonX
  • 29
  • 2
  • I have seen that, thanks. Do you know of a Google site that lists these? It seems to me that they should be listed by Google in case they decide to add or remove IP blocks from the ASN. – Jeff Sep 04 '13 at 14:02
  • I haven't. If you find one, please share...Thanks! – HeXonX Sep 10 '13 at 16:37
0

Check the following. You will get IP address blocks listed in Google's ASN of 15169.

https://ipinfo.io/AS15169

-1

@HeXonX: Check this link: https://www.dan.me.uk/bgplookup?asn=15169

Reference: Need an IP Range for google's CDN to set up a firewall

Nira
  • 1
  • 1
    Welcome to Server Fault! Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – EEAA Jan 03 '14 at 05:05
-1

Looks a bit late. But I found this link. Tested at my own router. Works

Source: http://esupport.trendmicro.com/solution/en-us/1060693.aspx

There are two ways an Android device communicates with the SVC server. One is the Google Cloud Messaging (GCM) notification and the other is periodical polling. Android devices leverage these to receive commands, apply server configurations, and send malware logs.

Open the following ports

5228     outbound     android.apis.google.com
5229     outbound     android.apis.google.com
5230     outbound     android.apis.google.com
443      outbound     android.apis.google.com, google.com
Deer Hunter
  • 1,070
  • 7
  • 17
  • 25