Useful Tidbits (1) - Uploading Crashlytics Mapping File in an Air-Gapped Network

Because of the Air-Gapped Network..

The company I work for develops in an air-gapped (closed) network.

External network access is completely impossible from PCs, and only the minimum services needed for development are opened in the server zone.

It's extremely inconvenient whenever introducing something new, but there's no choice for their so-called security policies.

In this post, I'll organize the tasks needed to upload Firebase Crashlytics Mapping Files in an air-gapped network.

TMI: I Absolutely Hate Repetitive Tasks

I've always had an aversion to repetitive work, so I love automation.

One day, someone leading the Android team was doing manual work that I really hate..

When I mentioned automation, they said they didn't know where to open what and how, so I decided to help.

Please Check Network Connectivity and try again :(

WARN - Crashlytics had a problem uploading the deobs file. Please check network connectivity and try again.

Of course, since connections are allowed in a whitelist format, it doesn't connect.

List of Firewall Domains That Need to Be Opened

I searched the internet, but all I could find was 'Open *.crashlytics.com'.

Of course, opening it that way would work, but since company policy doesn't allow such broad openings, I organized the list every time an error log appeared.

Domain Port

api.crashlytics.com 443

cm.crashlytics.com 443

*This data is the list as of May 7, 2020. *If there are additions, please leave a comment.

Our Firewall Only Opens by IP

Sometimes when I talk about air-gapped networks, people say this.

Our firewall doesn't support domain opening... Do you have an IP list?

Unfortunately, even if you ask this, there's nothing I can do..

Since Firebase itself operates on a cloud basis, it's difficult to open by IP..

One trick I can tell you is as follows:

Ping api.crashlytics.com
Open the firewall for the IP that comes up.
Hardcode that IP in the hosts file and build.
When it stops working, the IP has changed :(

The company I currently work for also could only open by IP before the next-generation firewall work.

So I remember server developers wrote scripts to automatically open cases when IPs changed.

Wrapping Up

It's short, but I think this category will be filled with posts that organize necessary information.

Recording is better than remembering because it helps me more later.

Anyway, I hope this post brings some comfort to those suffering in air-gapped networks.

Hang in there, air-gapped network developers..

Because of the Air-Gapped Network..

The company I work for develops in an air-gapped (closed) network.

External network access is completely impossible from PCs, and only the minimum services needed for development are opened in the server zone.

It's extremely inconvenient whenever introducing something new, but there's no choice for their so-called security policies.

In this post, I'll organize the tasks needed to upload Firebase Crashlytics Mapping Files in an air-gapped network.

TMI: I Absolutely Hate Repetitive Tasks

I've always had an aversion to repetitive work, so I love automation.

One day, someone leading the Android team was doing manual work that I really hate..

When I mentioned automation, they said they didn't know where to open what and how, so I decided to help.

Please Check Network Connectivity and try again :(

WARN - Crashlytics had a problem uploading the deobs file. Please check network connectivity and try again.

Of course, since connections are allowed in a whitelist format, it doesn't connect.

List of Firewall Domains That Need to Be Opened

I searched the internet, but all I could find was 'Open *.crashlytics.com'.

Of course, opening it that way would work, but since company policy doesn't allow such broad openings, I organized the list every time an error log appeared.

Domain Port

api.crashlytics.com 443

cm.crashlytics.com 443

*This data is the list as of May 7, 2020. *If there are additions, please leave a comment.

Our Firewall Only Opens by IP

Sometimes when I talk about air-gapped networks, people say this.

Our firewall doesn't support domain opening... Do you have an IP list?

Unfortunately, even if you ask this, there's nothing I can do..

Since Firebase itself operates on a cloud basis, it's difficult to open by IP..

One trick I can tell you is as follows:

Ping api.crashlytics.com
Open the firewall for the IP that comes up.
Hardcode that IP in the hosts file and build.
When it stops working, the IP has changed :(

The company I currently work for also could only open by IP before the next-generation firewall work.

So I remember server developers wrote scripts to automatically open cases when IPs changed.

Wrapping Up

It's short, but I think this category will be filled with posts that organize necessary information.

Recording is better than remembering because it helps me more later.

Anyway, I hope this post brings some comfort to those suffering in air-gapped networks.

Hang in there, air-gapped network developers..

#Because of the Air-Gapped Network..

#TMI: I Absolutely Hate Repetitive Tasks

#List of Firewall Domains That Need to Be Opened

#Our Firewall Only Opens by IP

#Wrapping Up

#Because of the Air-Gapped Network..

#TMI: I Absolutely Hate Repetitive Tasks

#List of Firewall Domains That Need to Be Opened

#Our Firewall Only Opens by IP

#Wrapping Up

Because of the Air-Gapped Network..

TMI: I Absolutely Hate Repetitive Tasks

List of Firewall Domains That Need to Be Opened

Our Firewall Only Opens by IP

Wrapping Up

Because of the Air-Gapped Network..

TMI: I Absolutely Hate Repetitive Tasks

List of Firewall Domains That Need to Be Opened

Our Firewall Only Opens by IP

Wrapping Up