For future searchers, to follow up on koma's response here is the config for an nginx combination reverse proxy and forward proxy that should do the trick. The devices send all their traffic to it on port 80 which gets reverse proxied to App Engine. Oppositely App Engine sends requests to the firewalled devices using the forward proxy on port 8080 so that all GAE traffic appears to come from the same IP. The remote ip and remote port are added as headers of the proxied requests.
worker_processes 2;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 8080;
location / {
resolver 8.8.8.8;
proxy_pass http://$http_host$uri$is_args$args;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
location / {
proxy_pass http://something.appspot.com;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host something.appspot.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}