We have a web server running Yii2 (PHP) and are trying to send push notifications using the aksafan/yii2-fcm-both-api https://packagist.org/packages/aksafan/yii2-fcm-both-api
Sending push notifications works fine locally, so it's not a programming issue, but on the staging server in the corporate environment the push notifications aren't working. The sending fails because some of the Firebase domains are being firewalled.
We sent the Network Engineers the information about firewalling https://firebase.google.com/docs/cloud-messaging/concept-options#ports_and_your_firewall
All IP addresses contained in the IP blocks listed in Google's ASN of 15169. Don't forget to update this at least once a month.
But they can't do that. We then asked them to allow *.googleapis.com
Unfortunately their response is:
We need a list of the Fully Qualified Domain Names as a wildcard firewall rule is not possible.
The FQDN must begin and end with a digit or letter. Only letters, digits, and hyphens are allowed as internal characters. Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/f2.html#pgfId-2058089
We've asked them to enable fcm.googleapis.com and after lots of debugging discovered connection issues trying to call oauth2.googleapis.com
So the question is:
What is the list of Fully Qualified Domain Names needed in order to send (no need to receive) Firebase Push Notifications (FCM) using the v1 API?
FCM send msg through firewall using firebase-admin library wasn't nearly exhuastive enough.
The current list I've got which it could possibly be includes:
- iid.googleapis.com
- fcm.googleapis.com
- www.googleapis.com
- oauth2.googleapis.com
- accounts.google.com
- identitytoolkit.googleapis.com
Are there ones we are missing? Are there ones on there we don't need?
Thank you
