Purpose
This article outlines all of the networking requirements that are needed to accommodate a V5 MicroMarket kiosk.
Please contact 365 Support at 888-365-6282 or support@365rm.com if you have any questions related to this document.
V5 Network Requirements
All 365 kiosks require the following:
- A persistent internet connection.
- A “persistent” network connection is always-on. This can be the local network of the business where the kiosk is located, a dedicated DSL line, or any other “always-on” type of connection.
- A “persistent” network connection is always-on. This can be the local network of the business where the kiosk is located, a dedicated DSL line, or any other “always-on” type of connection.
- A minimum network speed of 2 Mbps download and 1 Mbps upload.
- Normal kiosk data usage averages between 20-40 MB per day. Please note that usage varies significantly, influenced by many factors including other networked devices like DVRs, temperature sensors, and other connected 365 POS devices, usage volume, remote access support sessions, and the frequency in which the kiosk is updated.
- Normal kiosk data usage averages between 20-40 MB per day. Please note that usage varies significantly, influenced by many factors including other networked devices like DVRs, temperature sensors, and other connected 365 POS devices, usage volume, remote access support sessions, and the frequency in which the kiosk is updated.
- Firewall exceptions to allow both inbound and outbound connections (ports are listed below).
- To entirely avoid whitelisting our network requirements on a local firewall, the local IT team in charge of the local network can place the kiosk's secure 365 router on a DMZ or guest VLAN. This includes whitelisting our devices from any Network ACLs that may be present as well as generally avoiding packet inspection tools that can disrupt SSL/TLS communication.
- Cellular connections such as OptConnect rarely have issues with restricted traffic.
- To entirely avoid whitelisting our network requirements on a local firewall, the local IT team in charge of the local network can place the kiosk's secure 365 router on a DMZ or guest VLAN. This includes whitelisting our devices from any Network ACLs that may be present as well as generally avoiding packet inspection tools that can disrupt SSL/TLS communication.
V5 Network Configuration
Different routers in the kiosk base share the same network requirements listed below. Some Meraki routers may have VPN capabilities, while all RV routers do not support VPN.
A kiosk could have any of the following:
- Meraki routers.
- Cisco RV110w, RV130, RV215w, and similar model routers.
- V5 kiosks will utilize these models if it was a legacy kiosk converted to V5.
- V5 kiosks will utilize these models if it was a legacy kiosk converted to V5.
- Pronto Routers
White List Addresses - V5
| Service | FQDN/IP | Ports |
|---|---|---|
| Credit Card Servers |
63.241.142.183 Secondary IP: 35.211.11.79 |
TCP/UDP: 11079, 11099 |
| App Update Server(API Server) | https://smartshop365.jfrog.io/smartshop365 | |
| Identity Server | https://365pos.365smartshop.com/identityserver/.well-known/openid-configuration | |
| Identity Server Monitor | https://365pos.365smartshop.com/365PosApi/api/Pos/isonline | |
| Contents Server | https://contents.365retailmarkets.com | |
| TeamViewer | *.teamviewer.com | UDP: 5938 TCP: 5938, 443, 80 |
| Time Server | ntp.ubuntu.com *ubuntu.pool.ntp.org *centos.pool.ntp.org |
UDP:123 |
| Messaging Queue Gateway | b-46fc5d10-881e-459c-bcc6-ad3299fae303-1.mq.us-east-2.amazonaws.com b-46fc5d10-881e-459c-bcc6-ad3299fae303-2.mq.us-east-2.amazonaws.com mq1-prod.365retailmarkets.com mq2-prod.365retailmarkets.com mq.prod.365rm.us *.prod.365rm.us mq1.prod.365rm.us mq2.prod.365rm.us mq3.prod.365rm.us mq4.prod.365rm.us mq5.prod.365rm.us mq6.prod.365rm.us mq7.prod.365rm.us mq8.prod.365rm.us |
TCP/UDP: 61617, 8155 |
| OS Security & Package Repos |
http://ca.archive.ubuntu.com http://security.ubuntu.com |
TCP: 443, 80 |
| Required Websites |
https://readytouchpos.com https://adm.365retailmarkets.com https://adm.365retailmarkets.co.uk https://365mobileinventory.com |
|
| iMonnit & Monnit Temperature Sensors (Optional Service) |
sensorsgateway.com t1.sensorsgateway.com t2.sensorsgateway.com u1.sensorsgateway.com u2.sensorsgateway.com 192.41.25.11 192.41.25.12 |
TCP: 3000 UDP: 3000 |
| Adyen | *.adyenpayments.com *.adyen.com |
TCP/443 TCP/8443 |
| Castles Communication | 365retailmarkets.castlestech.net | TCP/UDP: 443 |
| Application Services Gateway |
https://tally.prod.365rm.us https://kmserver.prod.365rm.us |
|
| Recommended DNS |
8.8.8.8 Primary 1.1.1.1 Secondary |
Meraki Routers
Typically, all-new V5 kiosks have a Meraki Z3 router. There will also be the prior model, the Meraki Z1, in the field on existing V5 kiosks.
In Canada, some V5 kiosks will utilize the older Cisco RV router.
The 365 Meraki router can be placed on a DMZ or guest VLAN.
Meraki Z3 Router:
Meraki Z1 Router:
Should the device utilize a Meraki Router, Meraki Cloud and Registry addresses will have to be whitelisted, as well as any above sections/requirements.
| Service | FQDN/IP | Ports |
|---|---|---|
| Meraki Cloud Communication and VPN Registry | 64.62.142.12/32 158.115.128.0/19 209.206.48.0/20 216.157.128.0/20 api.meraki.com |
UDP: 7351, 9350-9381 TCP: 80, 443 |
| IPsec VPN | 69.39.84.205/32 69.39.84.206/32 |
UDP: 32768 through 61000 |
| Continuous Router Uplink Status Checks | 8.8.8.8 8.8.4.4 |
UDP: 53 ICMP |
| Cisco Umbrella DNS for Meraki Router DHCP assignments | 208.67.222.222 208.67.220.220 |
UDP: 53 |
Pronto Router Network Requirements
The Pronto router is optimized for a direct cellular connection using the onboard SIM.
The following are the network requirements for using the wired uplink, or wired uplink with onboard cellular failover.
| Description | FQDN | Ports |
|---|---|---|
| Cloud Connectivity |
live-hb.wavespot.ai fallbacklive.wavespot.ai |
TCP: 443, 80 |
| Cloud Connectivity |
live-ohb.wavespot.ai live-hb.wavespot.ai |
UDP: 8888 |
| GEO IP Details | ip-api.com | TCP: 443, 80 |
| NTP |
0.openwrt.pool.npt.org 1.openwrt.pool.npt.org 2.openwrt.pool.npt.org |
UDP: 123 |
| DNS Resolution | 8.8.8.8 8.8.4.4 Or IPS provider or as configured on the network |
UDP: 53 |
Cisco RV Routers
Legacy kiosks that have been upgraded to V5 will not always have a Meraki router. Instead, they could use the existing Cisco RV110w router and rely on the MQTT communication protocol. This process is also known as a Legacy to V5 CPU Swap.
RV130 and RV215w Cisco routers also exist, which look very similar to the RV110w shown below.
Cisco RV110w Router:
Change Log
| Date | Author | Notes |
| 8/26/2021 | MS | Created article & verified accuracy. |
| 10/11/2021 | MS |
Updated MQ Gateway URLs. Removed SSL from beginning of entries & added the following:
|
| 2/18/2022 | CK |
Updated Messaging Gateway section, added:
|
| 3/1/2022 | CK | Added OS Security & Package Repos sections |
| 5/27/2022 | CK | Edited OS Security & Package Repos |
| 7/26/2022 | MS |
Heartland has added a new secondary IP to their FQDN. Both router's 'Credit Card Servers' sections have been updated. The primary IP is unchanged (but was previously unlisted). No action should be necessary for operators whitelisting the FQDN:
|
| 9/7/2022 | CL |
Messaging Queue Gateway, added:
Messaging Queue Gateway, removed:
Required Websites, changed:
Application Services Gateway, added:
Application Services Gateway, removed:
|
| 2/27/2025 | BM | Added FQDN and Port Info. for Castles Communications. |
| 4/14/2025 | BM | Updated port info for Meraki VPN Registry and Meraki Cloud Communication. |
| 5/1/2025 | ES | Updated port information for Meraki Cloud Communication and VPN Registry. |
| 8/14/2025 | ES | Updated to combine White List information. |
| 9/11/2025 | CL | Removed https://prodrepo.365smartshop.com/ from OS Security and Package Repos |
| 10/1/2025 | BM | Added Pronto Router Network Requirements |
| 10/8/2025 | ES | Split Meraki Requirements to their own section outside of Software requirements. |