CrisisGo Firewall Configuration
CrisisGo App Requirements
To use the CrisisGo app and related features within your organization network, the outgoing traffic from your network to the IP addresses and corresponding domain names listed in this section must be allowed.
Please make sure all traffic to the following IP addresses and Ports are permitted within all your network security appliances, including router, firewall, etc.
|IP Address||Protocol: Port||Description|
|220.127.116.11 18.104.22.168||Tcp: 443||CrisisGo real-time app communication traffic based on XMPP. (Tip: Please also whitelist the Jabber/XMPP or Google Talk application in your firewall if applicable.)|
|22.214.171.124 126.96.36.199||Tcp: 443||HTTPS traffic|
Domain NamesPlease make sure all the essential and feature-specific Domain Names / URLs are permitted within all your network security appliances, including router, firewall, etc. (Tip: It’s recommended to whitelist all subdomains for *.crisisgo.net, *.crisisgo.com and *.crisisgoapps.com.)
|Domain Name / URL||Description|
|https://assessment.crisisgo.net||Required for Threat Assessment|
|https://report.crisisgo.net||Required for Report, Safety CheckIn, iPass|
|https://checkin.crisisgo.net||Required for Safety CheckIn|
|https://checkin-admin.crisisgo.net||Required for Safety CheckIn|
Safe2SpeakUP App Requirements
Besides the requirements listed above for using the CrisisGo app, the outgoing traffic from your network to the additional IP addresses and corresponding domain names listed below must also be allowed to use the Safe2SpeakUp app.
IP AddressesPlease make sure all traffic to the following IP addresses and Ports are permitted within all your network security appliances, including router, firewall, etc.
|IP Address||Protocol: Port||Description (Traffic)|
|188.8.131.52 184.108.40.206||Tcp: 5222||CrisisGo real-time app communication traffic based on XMPP. (Tip: Please also whitelist the Jabber/XMPP or Google Talk application in your firewall if applicable.)|
Domain NamesPlease make sure all the essential and feature-specific Domain Names / URLs are permitted within all your network security appliances, including router, firewall, etc.
|Domain Name / URL||Description|
Annex: Third-Party Service Requirements
CrisisGo uses some third-party services (e.g. Amazon S3, Apple Push Notification Services and Google/Firebase Cloud Messaging), so you will also need to whitelist those services, IP addresses and domains for the respective features to function well.
Amazon S3 Services
Please whitelist the Amazon S3 domain within all your network security appliances, including router, firewall, etc. If you are implementing IP-based firewall rules, you can get the IP address ranges used by Amazon S3 here https://aws.amazon.com/premiumsupport/knowledge-center/s3-find-ip-address-ranges/.
|Amazon Service||Domain Name||Port||How CrisisGo use it?|
|Amazon S3||s3.amazonaws.com||443||Videos in safety awareness, training center, safety news.|
Apple Push Notification service (APNs)
CrisisGo uses the APNs to push offline notifications to you when CrisisGo app is offline on your iOS/Mac device. To use Apple Push Notification service (APNs), your Mac and iOS clients need a direct and persistent connection to Apple's servers. Below are the requirements from Apple. You can also find the information by clicking here https://support.apple.com/en-us/HT203609.Your iPhone, iPad, or iPod touch might connect to APNs over cellular data (if capable) or Wi-Fi.
If you use Wi-Fi behind a firewall, or private Access Point Name for cellular data, connect to specific ports. You need a direct, unproxied connection to the APNs servers on these ports:
- TCP port 5223 to communicate with APNs.
- TCP port 2195 to send notifications to APNs.
- TCP port 2196 for the APNs feedback service.
- TCP port 443 is required during device activation, and afterwards for fallback (on Wi-Fi only) if devices can't reach APNs on port 5223.
Check with your network administrator to make sure that the ports are accessible.
The APNs servers use load balancing, so your devices don't always connect to the same public IP address for notifications. It's best to let your device access these ports on the entire 220.127.116.11/8 address block, which is assigned to Apple.
|Service Provider||Apple Address Block||Protocol: Ports|
Google/Firebase Cloud MessagingCrisisGo uses the GCM/FCM to push offline notifications to your device when the CrisisGo app is offline on your Android device. If your organization has a firewall that restricts the traffic to or from the internet, you need to configure it to allow connectivity with FCM for CrisisGo to receive messages. The ports to open are: 5228,5229,5230. FCM usually uses 5228, but it sometimes uses 5229 and 5230. FCM does not provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169.Please visit https://firebase.google.com/support/faq/ for more information.
|Service Provider||Google Address Block||Protocol: Ports|
|Google/Firebase||Google's ASN of 15169||TCP:5228,5229,5230|