Network Topology and Firewall Rules
The Payment Engine Gateway facilitates all communication between the point of sale software and the payment terminal. No direct communication happens between the point of sale and the terminal, and the terminal can be on a different network segment than the point of sale.
Payment Engine SDK
The point of sale software will need to be able to communicate with the payment gateway on port 443. This is an outbound connection and the ip address will depend on which URL is being used. Using the default url:
| Host | Direction | IP | Port |
|---|---|---|---|
| www.EBizCharge.com | Outbound | 209.239.233.7 | 443 |
| www.EBizCharge.com | Outbound | 64.0.146.7 | 443 |
| www.EBizCharge.com | Outbound | 209.220.191.7 | 443 |
| www.EBizCharge.com | Outbound | 65.132.197.7 | 443 |
If using the sandbox test environment:
| Host | Direction | IP | Port |
|---|---|---|---|
| sandbox.EBizCharge.com | Outbound | 64.0.146.129 | 443 |
For a full list of all urls and associated ips, see the high availability guide.
Stand Alone Payment Terminals
Stand alone payment terminals, such as the Castles MP200, establish a persistent outbound connection to the payment gateway. No incoming firewall rules are required.
| Host | Direction | IP | Port |
|---|---|---|---|
| pos.EBizCharge.com | Outbound | 209.239.233.90 | 443 and 9011 |
| pos.EBizCharge.com | Outbound | 64.0.146.90 | 443 and 9011 |
| pos.EBizCharge.com | Outbound | 209.220.191.90 | 443 and 9011 |
| pos.EBizCharge.com | Outbound | 65.132.197.90 | 443 and 9011 |
If using the sandbox test environment:
| Host | Direction | IP | Port |
|---|---|---|---|
| pos.sb.EBizCharge.com | Outbound | 64.0.146.60 | 443 and 9011 |
Basic network services required:
- DNS Port 53
- NTP Port 123
Note: Currently, the payment engine software for stand alone terminals does not support static ip address assignment. DHCP is required.
Connection Manager
For some Ingenico and Verifone terminals, either Connection Manager or the Connection Manager Virtual Appliance is required to facilitate the connection to the terminal. Connection Manager is not required for standalone terminals such as the Castles MP200. The connection manager software or appliance will need to be able to make the following outbound connections:
| Host | Direction | IP | Port |
|---|---|---|---|
| pos.EBizCharge.com | Outbound | 209.239.233.90 | 443 and 9011 |
| pos.EBizCharge.com | Outbound | 64.0.146.90 | 443 and 9011 |
| pos.EBizCharge.com | Outbound | 209.220.191.90 | 443 and 9011 |
| pos.EBizCharge.com | Outbound | 65.132.197.90 | 443 and 9011 |
If using the sandbox test environment:
| Host | Direction | IP | Port |
|---|---|---|---|
| pos.sb.EBizCharge.com | Outbound | 64.0.146.60 | 443 and 9011 |
Additionally, the appliance will need the following for software updates:
| Host | Direction | IP | Port |
|---|---|---|---|
| downloads.paymentengine.io | Outbound | 209.239.233.186 | 443 |
The appliance also requires these basic network services: - DNS Port 53 - NTP Port 123
Ingenico iSC
By default the Ingenico terminals listen on port 12000. Configure firewall rules to allow the connection manager to connect to the terminal on this port.
Verifone MX
By default the Verifone mx terminals listen on port 9001. Configure firewall rules to allow the connection manager to connect to the terminal on this port.