Special settings in case of firewall

In order to use TinyMDM on devices connected to a network protected by a firewall, some settings are necessary. Indeed, our application uses Google’s FCM notification system, like most Android apps.

Here are the different proxy settings recommended by Google to make FCM notifications work: Ports 5228, 5229, 5230 and 7275 must be added to the unrestricted IP whitelist. However, if you need to set up an IP restriction, you must also whitelist all the IP addresses of the IPv4 and IPv6 blocks listed in Google’s 15169 ASN (available here).

For more information, see this link to Google’s original documentation.

Destination HostProtocols/Ports
www.tinymdm.netTCP/443
play.google.com
android.com
google-analytics.com
googleusercontent.com
*gstatic.com
*.gvt1.com
*.ggpht.com
dl.google.com
dl-ssl.google.com
android.clients.google.com
*.gvt2.com
*.gvt3.com
TCP/443
TCP, UDP/5228-5230
*.googleapis.com
m.google.com
TCP/443
accounts.google.com
accounts.google.[country]
TCP/443
gcm-http.googleapis.com
gcm-xmpp.googleapis.com
android.googleapis.com
TCP/443,5228-5230
fcm.googleapis.com
fcm-xmpp.googleapis.com
TCP/443,5228–5230
fcm-xmpp.googleapis.com
gcm-xmpp.googleapis.com
TCP/5235,5236
pki.google.com
clients1.google.com
TCP/443
clients2.google.com
clients3.google.com
clients4.google.com
clients5.google.com
clients6.google.com
TCP/443
omahaproxy.appspot.comTCP/443
android.clients.google.comTCP/443
ota.googlezip.net
ota-cache1.googlezip.net
ota-cache2.googlezip.net
TCP/443
connectivitycheck.android.com
connectivitycheck.gstatic.com
www.google.com
TCP/443

To use the remote view/control feature:

In addition to allowing the accesses regularly used by the various Google services (mentioned above), you need to authorize the following domains/ports:

Destination HostProtocols/Ports
kinesisvideo.eu-west-1.amazonaws.comTCP/443
r-d1721414.kinesisvideo.eu-west-1.amazonaws.comTCP/443
v-45d61471.kinesisvideo.eu-west-1.amazonaws.comTCP/443
m-214cdd09.kinesisvideo.eu-west-1.amazonaws.comTCP/443
turn.tinymdm.netTCP/443
UDP/443
android.clients.google.comTCP/443
ota.googlezip.net
ota-cache1.googlezip.net
ota-cache2.googlezip.net
TCP/443