How to configure special settings?
In order to use TinyMDM on devices connected to a network protected by a firewall, some settings are necessary. Indeed, our application uses Google’s FCM notification system, like most Android apps.
Here are the different proxy settings recommended by Google to make FCM notifications work: Ports 5228, 5229, 5230 and 7275 must be added to the unrestricted IP whitelist. However, if you need to set up an IP restriction, you must also whitelist all the IP addresses of the IPv4 and IPv6 blocks listed in Google’s 15169 ASN (available here).
For more information, see this link to Google’s original documentation.
| Destination Host | Protocols/Ports |
|---|---|
| www.tinymdm.net | TCP/443 |
| play.google.com android.com google-analytics.com googleusercontent.com *gstatic.com *.gvt1.com *.ggpht.com dl.google.com dl-ssl.google.com android.clients.google.com *.gvt2.com *.gvt3.com | TCP/443 TCP, UDP/5228-5230 |
| *.googleapis.com m.google.com | TCP/443 |
| accounts.google.com accounts.google.[country] | TCP/443 |
| gcm-http.googleapis.com gcm-xmpp.googleapis.com android.googleapis.com | TCP/443,5228-5230 |
| fcm.googleapis.com fcm-xmpp.googleapis.com | TCP/443,5228–5230 |
| fcm-xmpp.googleapis.com gcm-xmpp.googleapis.com | TCP/5235,5236 |
| pki.google.com clients1.google.com | TCP/443 |
| clients2.google.com clients3.google.com clients4.google.com clients5.google.com clients6.google.com | TCP/443 |
| android.clients.google.com | TCP/443 |
| ota.googlezip.net ota-cache1.googlezip.net ota-cache2.googlezip.net | TCP/443 |
| connectivitycheck.android.com connectivitycheck.gstatic.com www.google.com | TCP/443 |
To use the remote view/control feature:
In addition to allowing the accesses regularly used by the various Google services (mentioned above), you need to authorize the following domains/ports:
| Destination Host | Protocols/Ports |
|---|---|
| kinesisvideo.eu-west-1.amazonaws.com | TCP/443 |
| r-d1721414.kinesisvideo.eu-west-1.amazonaws.com | TCP/443 |
| v-45d61471.kinesisvideo.eu-west-1.amazonaws.com | TCP/443 |
| m-214cdd09.kinesisvideo.eu-west-1.amazonaws.com | TCP/443 |
| turn.tinymdm.net | TCP/443 UDP/443 |
| android.clients.google.com | TCP/443 |
| ota.googlezip.net ota-cache1.googlezip.net ota-cache2.googlezip.net | TCP/443 |