Jump to content

Recommended Posts

Posted

Hi All, I'm trying to receive notifications to my desktop machine running Internet Security v16.2.13.0 and can't get it to work.

I've confirmed the notifications are being successfully sent to my machine.

The firewall isn't showing anything as blocked during the time they are sent.

I've setup firewall rules:

To allow bidirectional traffic for https://fcm.googleapis.com and fcm.googleapis.com.

To open ports 5228, 5229, and 3230 for inbound notifications.

But the notifications are still being blocked. Any ideas as to what the problems are? The desktop does receive other notifications such as from slack.

 

  • Administrators
Posted

Did you try to allow the communication via this option?

image.png

Posted

Nothing is showing up there are being blocked.

  • Administrators
Posted

Does temporarily pausing the firewall, protection or temporarily disable Network traffic scanner actually make a difference?

image.png

Posted

Trying that, am waiting for the next notification.

  • Administrators
Posted
1 hour ago, AlanF said:

It does not.

What about temporarily uninstalling ESET?

Posted
2 hours ago, AlanF said:

I've setup firewall rules:

To allow bidirectional traffic for https://fcm.googleapis.com and fcm.googleapis.com.

To open ports 5228, 5229, and 3230 for inbound notifications.

Ensure logging level for that rule is set warning level.

Afterwords, check Eset Network protection log for entries related to this rule. If no log entries exist, it means the firewall rule is never being executed. This would also explain why you are not receiving any notifications from the rule.

Posted

They were not set to warning, will see what happens now...

Posted

Nothing has changed. Does any of this direction from the notification service create a new idea?

 

if you did not get it, something is still blocking on your end


For receiving notifications
If your organization has a firewall that restricts the traffic to or from the Internet, you need to configure it to allow connectivity with FCM in order for your client apps to receive messages.


FCM (Google Android and Chrome Push Notifications)
The ports to open are: 5228, 5229, and 5230. FCM typically only uses 5228, but it sometimes uses 5229 and 5230. FCM doesn't provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169. From the "Firewall" note:
https://firebase.google.com/docs/cloud-messaging/concept-options

Posted

First, you also need to allow port 443;

Quote

TCP ports to open:

  • 5228
  • 5229
  • 5230
  • 443

 

Next is your Eset firewall is allowing inbound traffic to these local ports. However this wording;

23 minutes ago, AlanF said:

so you should allow your firewall to accept outgoing connections

leads me to believe the above ports should be specified as remote ports. You need to clarify this with Google.

Finally, you state;

23 hours ago, AlanF said:

To allow bidirectional traffic for https://fcm.googleapis.com and fcm.googleapis.com.

Eset firewall requires IP addresses only; not domain names. You therefore have to code as remote IP addresses all those noted here;

30 minutes ago, AlanF said:

to all IP addresses contained in the IP blocks listed in Google's ASN of 15169.

  • Administrators
Posted

Please answer my previous question if temporarily uninstalling ESET makes a difference.

You have already confirmed that pausing the firewall didn't help so any changes to the firewall configuration won't resolve the issue either.

Posted
2 hours ago, Marcos said:

You have already confirmed that pausing the firewall didn't help so any changes to the firewall configuration won't resolve the issue either.

I should have posted this comment first.

It appears this Google FCM notification network traffic is inbound only?

Most current routers/gateways today employ a stateful firewall. This means that the router/gateway is going to block any inbound TCP network traffic unless it's a result of a prior outbound network request. Therefore, it is very possible this inbound Google FCM notification network traffic is never reaching the LAN side of the router/gateway where it would be then processed by the Eset firewall. If this is the case, a "pinhole" or router/gateway firewall rule must be created to allow this unstateful inbound network traffic.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...