IP range of google GCM push notification server?

Question

Wonder if anyone here happen to know the ip range of google\'s gcm server (for android push notification)?

I need the information so that our network team can open t

Answer 1

To add to what Shobhit Puri already said, I've also tried to find the answer to this question to be able to poke the appropriate holes in my firewall and am extremely disappointed with Google after concluding that the IP address used for Google Cloud Messaging is not obtained using a DNS request, or are obtained using DNS requests that subvert the Always On VPN functionality in Android.

By using the Always On VPN function in later versions of Android, I made sure that all traffic went through one of my servers. This also allowed me to use that server as a DNS Resolver and by activating query logging and rebooting the phone I was able to get a list of all of the DNS requests that it makes. Then, with some scripting magic I checked all of them, but none of them resolved to the IP address(es) that show up in my firewall logs with outbound port 5228 drops.

This leads me to conclude that the IP addresses used for GCM are obtained using a method other than DNS, such as Google Play Store web traffic.

Edit (Solution?): After running a script through all of my firewall logs going back as far as I have them and pulling out all of the dstport 5228 entries, I've been able to compile a list of IP addresses that GCM has tried to connect to. I can't say that this is a complete list, it will likely change based on geographic location, but notice the pattern...

74.125.28.188
74.125.129.188
74.125.20.188
173.194.79.188
74.125.142.188
74.125.192.188
74.125.140.188
74.125.139.188
74.125.137.188
74.125.134.188
74.125.130.188
173.194.68.188
173.194.76.188

I've created a group for all of those IP addresses and have configured my firewall to use that for my GCM whitelist. I have also setup a report to check for any dstport 5228 drops to let me know if I ever need to revisit this.

Answer 2

I think there is an existing question IP address for Google Cloud Messaging server and the person found out that those are not published by Google. I also tried to look for it once but couldn't find. I might be wrong but I am pretty sure they don't publish that. Maybe instead of using corporate wifi, you can use direct 3G or 4G data plan.

In a comment on why GCM is not giving push notification in android device? question someone has mentioned that He opened the ports 5258,29,30 and then he was able to receive the regId from GCM server behind firewall.

Also I think the answer by @Eran on Which port and protocol does Google Cloud Messaging (GCM) use? will be of help. It says:

The device accesses the GCM servers on ports 5228-5230. If your organization has a firewall that restricts the traffic to or from the Internet, you'll need to configure it to allow connectivity with GCM. The ports to open are: 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230. GCM doesn't provide specific IPs. It changes IPs frequently. We recommend against using ACLs but if you must use them, take a broad approach such as the method suggested in this support link.

This is relevant if your device is connected to the internet via WiFi.

Hope this helps a bit.

Update:

As per Mark Whitaker answer to a similar question here, he mentions that:

Newer versions of Android also fall back to port 443 if ports 5228-5230 are blocked by a firewall.

Although there doesn't seem to be an official list still.