LATEST VERSION: 1.9 - CHANGELOG
Push Notification Services v1.8

Network Setup Guide

APNS / iOS Push

Server and Device Settings

The push-api backend needs to have persistent sockets open to the Apple APNs servers.

Information from the Apple Support site

To use Apple Push Notification service (APNs) you need a direct and persistent connection to Apple’s servers. Your device connects to APNs using cellular data if it’s available. If there’s no viable cellular connection the device switches to Wi-Fi.

If you use Wi-Fi behind a firewall or a private Access Point Name (APN) for cellular data then you’ll need a direct unproxied connection to the APNs servers on these ports:

  • TCP port 5223: For communicating with Apple Push Notification services (APNs).
  • TCP port 2195: For sending notifications to APNs.
  • TCP port 2196: For the APNs feedback service.
  • TCP port 443: For a fallback on Wi-Fi only when devices can’t reach APNs on port 5223.

The APNs servers use load balancing so your devices won’t always connect to the same public IP address for notifications. It’s best to allow access to these ports on the entire 17.0.0.0/8 address block which is assigned to Apple.

GCM / Android Push

Server and Device Settings

The push-api backend needs to send requests to “https://gcm-http.googleapis.com/gcm/send” (port 443).

Devices will need direct unproxied connections to Google servers on port 5228. Android 4.3 and up have fallback capabilities to use port 443.

FCM / Android Push

Server and Device Settings

The push-api backend needs to send requests to “https://fcm.googleapis.com/fcm/send” (port 443).

Devices will need direct unproxied connections to Google servers on port 5228, 5229, and 5230. FCM typically only uses 5228, but it sometimes uses 5229 and 5230. FCM doesn’t provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google’s ASN of 15169.

Android 4.3 and up have fallback capabilities to use port 443.

Push API & Mobile Devices

Mobile devices require access to push-api backend in order to register and unregister themselves. For example, if the Push API backend is behind a firewall, it should allow incomming connections to the IP address and port of the Push API backend.

Push API & Server Applications

Server applications (or any applications) require access to the push-api backend in order to send pushes to registered devices. For example, if the Push API backend is behind a firewall, it should allow incomming connections to the IP address and port of the Push API backend.

Create a pull request or raise an issue on the source for this page in GitHub