FCM ports
-
Hello,
My android phone some times doesnt respond to google notifications. I am guessing that perhaps the firewall needs to be tweaked.
Googling showed up this page.
- The page suggests to have ports 5228-5230 open. I dont have any of these open on ingress side (outgoing i dont have any rules). Do i need to open these ports?
- The page has this remark, If your network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for our connections over ports 5228-5230. How do i set this in pfsense?
Thanks
-
pfSense, from the very moment you installed it, has this firewall rue on it's LAN interface :
You have this rule on the LAN interface, right ?
This will permit all devices on your LAN interface to connect to any IP on the world, ISS included.
If your network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for our connections over ports 5228-5230. How do i set this in pfsense?
TCP states do have a time out, true. These states could be removed earlier if the table becomes full, it might remove older ones.
But you'll be the first the see such a behaviour.
I assure you : no need to change anything. No "NAT" to deal with, no ports to open in any direction.
pfSense behave as any other router/firewall available on the planet : it will work out of the box, with zero exceptions.NAT isn't important here.
It isn't 'google' that connects to your phone through the firewall, its the phone that connects to google.The real issue is probably : your phone uses Wifi. If that wire, sorry : radio signal goes bad, the connections goes bad. The connection is reset, the phone has to build another one. This can happen fast, phone or google looses track and the result is the message you've seen.
-
My android phone some times doesnt respond to google notifications
The important part here is "some times"
If the firewall was blocking something - it would always be blocked.. Firewall would be pretty worthless if sometimes it allowed X, but other times blocked X..
implement a 30 minute or larger timeout for our connections over ports 5228-5230. How do i set this in pfsense?
you can see the defaults or adjust the timeouts under advanced firewall&nat
But timeout for an established tcp connection is 1 day.. Unless you have edited it from default, or set it specific in a rule?
If you were seeing session timeouts - by default they would be logged in the firewall by the default deny, and you would see them with A (ack) as the flag. This is an out of state block, if pfsense does not have a state for traffic then yes it would be blocked - ie if the state had timed out.