0

User has a Nexus 4 (running Android 4.4.2 KitKat). When an email arrives in their GMail account inbox the phone does not notify the user of the email. The user has to open the GMail app on the phone and manually refresh. We have tried opening various ports but still this doesn't work.

If disconnected from the corporate Wi-Fi and back on cell coverage it works fine, near instant notification.

What are we missing?

tonyyeb
  • 217
  • 1
  • 2
  • 11
  • What ports does the firewall allow out? – NickW Jan 24 '14 at 13:28
  • `80, 443, 465, 587, 993, 995, 110` – tonyyeb Jan 24 '14 at 13:49
  • 2
    You're going to need port 5228. – NickW Jan 24 '14 at 13:55
  • It may take until the phone sends another heartbeat (15 min on wi-fi) before it realizes the connection wasn't there.. – NickW Jan 24 '14 at 14:01
  • I was thinking the same so rebooted the phone. Lots of notifications arrived on reboot but then nothing new since (sent a few emails which appeared on the web interface of GMail but not on the phone). – tonyyeb Jan 24 '14 at 14:06
  • What sort of timeout does the firewall have on sessions? This guy wrote an app just to reduce the time of checks because many providers kill "idle" sessions before they send another heartbeat. https://play.google.com/store/apps/details?id=com.andqlimax.pushfixer&hl=en – NickW Jan 24 '14 at 14:08
  • UDP timeout is 2 minutes we think. TCP looks to be 1 hour. – tonyyeb Jan 24 '14 at 14:22
  • Can you track the session in the firewall? – NickW Jan 24 '14 at 14:25
  • Not sure how to do this (Cisco ASA Firewall) – tonyyeb Jan 24 '14 at 14:35
  • It's the connection table, this guy has a tool to analyze it.. http://itsecworks.com/2013/09/16/analysing-cisco-asa-connection-table/ – NickW Jan 24 '14 at 14:41
  • Sorry but this is getting beyond my level of ability with Firewalls. It seems far too much effort to get this to work reliably. Thanks for all your help, I'll accept your answer as technically you are correct, we were missing the correct port and firewall session is likely to be the cause of the problem. – tonyyeb Jan 24 '14 at 14:45
  • I know, it does seem like a lot of work for some push notifications :) Sorry I wasn't able to give you something more definitive.. – NickW Jan 24 '14 at 14:50
  • Not to worry Nick, you did a great job, we really appreciate your effort :) Many thanks – tonyyeb Jan 24 '14 at 14:51

1 Answers1

2

From a bit of research it looks like the port that google uses for its push service (GCM) is TCP port 5228. That is what the firewall will have to allow out for push notifications to work.

NickW
  • 10,263
  • 1
  • 20
  • 27