Purpose
This article outlines the networking requirements that are needed to accommodate a ReadyTouch kiosk that utilizes a Meraki Z1/Z3 router.
This article also discusses the requirements for MM6 Mini Dining devices. These units will have device IDs (also known as device names) that start with either KSK or KSKM.
To view the network requirements for other products, please see the list of all Network Requirements.
Basic Networking Requirements
All 365 Kiosks Require:
- A persistent internet connection
- A "persistent" network connection is always on. This can be the local network of the business where the kiosk is located, a dedicated DSL line, or any other "always on" type connection.
- A minimum speed of 1 Mbps up and 2 Mbps down
- Firewall exceptions to allow both inbound and outbound connections (ports listed below).
The router creates a secure network connection between the devices plugged into the router and the 365 server. All traffic initiated from the kiosks travels through this secure, private connection.
This connection is called a "VPN tunnel" (Virtual Private Network) and uses a communication protocol called IPSec with IKE in order to create a private connection over public data pathways. The data is encrypted with two complex ciphers known as 3DES and AES.
ReadyTouch Network Configuration
All new ReadyTouch POS have a Meraki VPN router. This can be either the Meraki Z1 or Meraki Z3 router.
Contact your local network administrator or 365's Support department at 888-365-6282 or support@365smartshop.com with any questions related network configuration.
Meraki Routers (VPN)
Typically, all newer ReadyTouch devices have a Meraki Z3 router. There will also be the prior model, the Meraki Z1, in the field on older ReadyTouch devices. Both Meraki router models facilitate a VPN connection.
The Meraki router creates a secure network connection between the devices plugged into the router and the 365 server. This connection is called a “VPN tunnel” (Virtual Private Network) and uses a communication protocol called IPsec with IKE in order to create a private connection over public data pathways. The data is encrypted with two complex ciphers known as AES and 3DES.
Router Setup and Installation
- Using an operator-provided network cable, connect the "Internet" port to your local internet connection jack. The maximum cable length is 100ft.
- Using the included network cable, connect one of the LAN ports to the kiosk.
- Using the included power adapter, plug the “Power” port into a nearby power outlet.
White List Addresses
Below is a brief summary of what needs to be opened for the system to function properly.
Description | FQDN/IP | Ports |
Meraki Cloud Communication | 108.161.147.0/24 199.231.78.0/24 64.62.142.12/32 54.193.207.248/32 209.206.48.0/20 216.157.128.0/20 158.115.128.0/19 |
UDP: 7351 |
Meraki VPN Registry | 199.231.78.0/24 64.156.192.245/32 108.161.147.0/24 209.206.48.0/20 |
UDP: 9350 |
IPsec VPN | 69.39.84.205/32 69.39.84.206/32 |
UDP: 32768 through 61000 |
Cisco Umbrella DNS for Meraki Router DHCP assignments |
208.67.222.222 208.67.220.220 |
|
Credit Card Servers | 63.241.142.183 63.241.142.205 64.255.204.170 api.apriva.com t.apriva.com |
UDP/TCP: 11079, 11099 (if Split-Tunneling) |
TeamViewer | *.teamviewer.com | UDP: 5938 TCP: 5938, 443, 80 |
Messaging Queue Gateway | ssl://b-46fc5d10-881e-459c-bcc6-ad3299fae303-1.mq.us-east-2.amazonaws.com:61617 ssl://b-46fc5d10-881e-459c-bcc6-ad3299fae303-2.mq.us-east-2.amazonaws.com:61617 ssl://mq1-prod.365rm.com:61617 ssl://mq2-prod.365rm.com:61617 prodrepo.365smartshop.com |
TCP/UDP: 61617, 8155 |
Order Ahead mobile app authentication service | *.365rm.us | TCP: 443, 80 |
OS Security & Package Repos | prodrepo.365smartshop.com http://ca.archive.ubuntu.com http://security.ubuntu.com |
TCP: 443, 80 |
Operator using POS WiFi for inventory or sales on-site | https://readytouchpos.com https://adm.365retailmarkets.com https://adm.365retailmarkets.co.uk https://365mobileinventory.com/login |
Change Log
Date | Author | Notes |
8-26-2021 | CK | Created article from existing PDF. |
2-15-2022 | CK | Added note regarding PoE capability |
2-18-2022 | CK | Updated Messaging Gateway section, added:
|
3-1-2022 | CK | Added "OS Security & Package Repos" row |
5-27-2022 | CK | Edited OS Security & Package Repos |