Firewall Configuration
1. Introduction
Setting up firewalls correctly is important in ensuring that transactions are processed successfully.
In this section, we provide you all you need to know about how to configure your firewalls while minimising communication errors between your network infrastructure and our payment platform.
Please note that this document presumes that you are already familiar with configuring firewalls, routers or any other device used to block traffic on your network.
2. Firewall Port Information
The following table lists the destination ports that must be open to allow communication between the merchant’s network infrastructure and our payment gateways.
| Usage * |
|
|
|
| Flow from the merchant system’s perspective | Incoming | Incoming | Outgoing |
| Protocol/port | TCP 80 (HTTP) TCP 443 (HTTPS)** |
TCP 25 (SMTP) | TCP 443 (HTTPS) |
| Source |
CIDR |
CIDR |
Merchant system(s) IP address(es) |
| Destination | Merchant system(s) IP address(es) | Merchant mail server(s) IP address(es)**** | *.secure.payengine.de |
Important: All merchant systems communicating with our payment gateways must be able to resolve the public hostname.
* The lists are non-exhaustive.
** Depending on protocols supported by the merchant’s application servers and the merchant configuration in the back office and/or hidden parameters (HTTPS recommended).
*** If the merchant maintains a list of IP addresses authorised to send emails on his behalf, our IP ranges should be added to this list. As the owner of a public domain, a merchant could use SPF records, for example, to prevent sender-address spoofing. Please refer to http://www.openspf.org for more information or check with the merchant’s DNS and/or mail server administrator if any action is required.
**** Depending on the merchant’s email system architecture, the server could be hosted by the merchant ISP or inside the merchant's network.