HelpCenter

Explore
Network Requirements - US/Canada - V5 MicroMarket Kiosks
Updated

Purpose

This article outlines all of the networking requirements that are needed to accommodate a V5 MicroMarket kiosk that utilizes a Meraki Z1/Z3 router.

Please contact 365 Support at 888-365-6282 or support@365smartshop.com if you have any questions related to this document.

To view more network requirements for our various products, see Master Article - US & Canada Network Requirements.

 

V5 Network Requirements

All 365 kiosks require the following:

  • A persistent internet connection.
    • A “persistent” network connection is always-on. This can be the local network of the business where the kiosk is located, a dedicated DSL line, or any other “always-on” type of connection.

  • A minimum network speed of 2 Mbps download and 1 Mbps upload.
    • Normal kiosk data usage averages between 20-40 MB per day. Please note that usage varies significantly, influenced by many factors including other networked devices like DVRs, temperature sensors, and other connected 365 POS devices, usage volume, remote access support sessions, and the frequency in which the kiosk is updated. 

  • Firewall exceptions to allow both inbound and outbound connections (ports are listed below).
    • To entirely avoid whitelisting our network requirements on a local firewall, the local IT team in charge of the local network can place the kiosk's secure 365 router on a DMZ or guest VLAN. This includes whitelisting our devices from any Network ACLs that may be present as well as generally avoiding packet inspection tools that can disrupt SSL/TLS communication.
    • Cellular connections such as OptConnect rarely have issues with restricted traffic.

 

V5 Network Configuration

A V5 kiosk can function with or without a hardware VPN. There are different network requirements depending on the router enclosed in the kiosk base:

  • Meraki routers facilitate the VPN connection.

  • Cisco RV110w, RV130, RV215w, and similar model routers do not use a VPN.
    • V5 kiosks will utilize these models if it was a legacy kiosk converted to V5.

 

V5 Kiosks on Meraki Routers (VPN)

NOTE: Meraki routers support PoE. It is auto-sensing, limited to 1 PoE device, and is 802.3af capable.

Typically, all-new V5 kiosks have a Meraki Z3 router which facilitates the VPN connection. There will also be the prior model, the Meraki Z1, in the field on existing V5 kiosks.

  • In Canada, some V5 kiosks will utilize our older Cisco RV router. Please confirm the type of router that the kiosk is utilizing before making any changes to your firewall.

 

Meraki Z3 Router:

z3_final.png

Meraki Z1 Router:

meraki_final.png

 

The Meraki router creates a secure network connection between the devices plugged into the router and the 365 server. This connection is called a “VPN tunnel” (Virtual Private Network) and uses a communication protocol called IPsec with IKE to create a private connection over public data pathways. The data is encrypted with two complex ciphers known as AES and 3DES.

 

The majority of our traffic traverses over the VPN. However, certain traffic will still be sent over WAN straight to the internet. If you do not want to whitelist everything required, it does not need to be behind the local IT firewall. The 365 router can be placed on a DMZ or guest VLAN.

 

White List Addresses - Meraki Routers

Service FQDN/IP Ports
Meraki Cloud Communication 108.161.147.0/24
199.231.78.0/24
64.62.142.12/32
209.206.48.0/20
216.157.128.0/20
158.115.128.0/19
UDP: 7351
Meraki VPN Registry 199.231.78.0/24
108.161.147.0/24
209.206.48.0/20
UDP: 9350
IPsec VPN 69.39.84.205/32
69.39.84.206/32
UDP: 32768 through 65535
Continuous Router Uplink Status Checks 8.8.8.8
8.8.4.4
 
Cisco Umbrella DNS for Meraki Router DHCP assignments 208.67.222.222
208.67.220.220
 
Credit Card Servers 63.241.142.183
63.241.142.205
64.255.204.170
api.apriva.com
https://api2.heartlandportico.com/Hps.Exchange.PosGateway/PosGatewayService.asmx
  • Primary IP: 65.118.49.55
  • Secondary IP: 35.211.11.79
TCP/UDP: 11079, 11099
App Update Server(API Server) https://smartshop365.jfrog.io/smartshop365   
Identity Server https://365pos.365smartshop.com/identityserver/.well-known/openid-configuration   
Identity Server Monitor https://365pos.365smartshop.com/365PosApi/api/Pos/isonline   
TeamViewer *.teamviewer.com UDP: 5938 
TCP: 5938,
443, 80
Time Server ntp.ubuntu.com 
*ubuntu.pool.ntp.org 
*centos.pool.ntp.org
UDP:123
Messaging Queue Gateway b-46fc5d10-881e-459c-bcc6-ad3299fae303-1.mq.us-east-2.amazonaws.com
b-46fc5d10-881e-459c-bcc6-ad3299fae303-2.mq.us-east-2.amazonaws.com
mq1-prod.365retailmarkets.com
mq2-prod.365retailmarkets.com 
mq.prod.365rm.us
*.prod.365rm.us
mq1.prod.365rm.us
mq2.prod.365rm.us
mq3.prod.365rm.us
mq4.prod.365rm.us
TCP/UDP: 61617, 8155
OS Security & Package Repos https://prodrepo.365smartshop.com 
http://ca.archive.ubuntu.com 
http://security.ubuntu.com 
TCP: 443, 80
Required Websites https://readytouchpos.com 
https://adm.365retailmarkets.com 
https://adm.365retailmarkets.co.uk 
https://365mobileinventory.com 
 
iMonnit & Monnit Temperature
Sensors (Optional Service)
sensorsgateway.com 
t1.sensorsgateway.com 
t2.sensorsgateway.com
u1.sensorsgateway.com
u2.sensorsgateway.com
192.41.25.11
192.41.25.12
TCP: 3000
UDP: 3000
Adyen *.adyenpayments.com
*.adyen.com
TCP/443
TCP/8443
Application Services Gateway https://tally.prod.365rm.us/  

 

V5 Kiosks on Cisco RV Routers (No VPN)

Legacy kiosks that have been upgraded to V5 will not have a hardware VPN from a Meraki router. Instead, they will use the existing Cisco RV110w router and rely on the MQTT communication protocol. This process is also known as a Legacy to V5 CPU Swap.

We also carry RV130 and RV215w Cisco routers which look very similar to the RV110w shown below.

 

Cisco RV110w Router:

cisco_final.png

 

White List Addresses - Cisco RV Routers

Service FQDN/IP Ports
Credit Card Servers 63.241.142.183
63.241.142.205
64.255.204.170
api.apriva.com
https://api2.heartlandportico.com/Hps.Exchange.PosGateway/PosGatewayService.asmx
  • Primary IP: 65.118.49.55
  • Secondary IP: 35.211.11.79
TCP/UDP: 11079, 11099
App Update Server (API Server) https://smartshop365.jfrog.io/smartshop365   
Identity Server https://365pos.365smartshop.com/identityserver/.well-known/openid-configuration   
Identity Server Monitor https://365pos.365smartshop.com/365PosApi/api/Pos/isonline   
Messaging Queue Gateway b-46fc5d10-881e-459c-bcc6-ad3299fae303-1.mq.us-east-2.amazonaws.com
b-46fc5d10-881e-459c-bcc6-ad3299fae303-2.mq.us-east-2.amazonaws.com
mq1-prod.365retailmarkets.com
mq2-prod.365retailmarkets.com
mq.prod.365rm.us
*.prod.365rm.us
mq1.prod.365rm.us
mq2.prod.365rm.us
mq3.prod.365rm.us
mq4.prod.365rm.us
TCP/UDP: 61617
OS Security & Package Repos https://prodrepo.365smartshop.com 
http://ca.archive.ubuntu.com 
http://security.ubuntu.com 
TCP: 443, 80
Contents Server https://contents.365retailmarkets.com   
Time Server ntp.ubuntu.com
*ubuntu.pool.ntp.org
*centos.pool.ntp.org
UDP:123
Suggested DNS 8.8.8.8 Primary
1.1.1.1 Secondary
 
TeamViewer *.teamviewer.com TCP: 5938,
443, 80
UDP: 5938 
Application Services Gateway https://tally.prod.365rm.us 
https://kmserver.prod.365rm.us 
 
Required Websites https://365mobileinventory.com 
https://readytouchpos.com 
https://adm.365retailmarkets.com 
https://adm.365retailmarkets.co.uk 
 
iMonnit & Monnit Temperature
Sensors (Optional Service)
sensorsgateway.com 
t1.sensorsgateway.com
t2.sensorsgateway.com
u1.sensorsgateway.com
u2.sensorsgateway.com
192.41.25.11
192.41.25.12
TCP: 3000
UDP: 3000

 

Change Log
Date Author Notes
8/26/2021 MS Created article & verified accuracy.
10/11/2021 MS Updated MQ Gateway URLs. Removed SSL from beginning of entries & added the following:
  • mq.prod.365rm.us

  • *.prod.365rm.us

2/18/2022 CK Updated Messaging Gateway section, added:
  • prodrepo.365smartshop.com
  • port 8155
3/1/2022 CK Added OS Security & Package Repos sections
5/27/2022 CK Edited OS Security & Package Repos
7/26/2022 MS Heartland has added a new secondary IP to their FQDN. Both router's 'Credit Card Servers' sections have been updated. The primary IP is unchanged (but was previously unlisted). No action should be necessary for operators whitelisting the FQDN:
  • Primary IP: 65.118.49.55
  • Secondary IP: 35.211.11.79
9/7/2022 CL Messaging Queue Gateway, added:
  • mq1.prod.365rm.us
  • mq2.prod.365rm.us
  • mq3.prod.365rm.us
  • mq4.prod.365rm.us

Messaging Queue Gateway, removed:

  • prodrepo.365smartshop.com

Required Websites, changed:

  • removed /login from https://365mobileinventory.com

Application Services Gateway, added:

  • https://kmserver.prod.365rm.us

Application Services Gateway, removed:

  • https://tally.test3.365rm.us
  • https://tally.test4.365rm.us