1. Introduction

Setting up firewalls correctly is important in ensuring that transactions are processed successfully.

In this section, we provide you all you need to know about how to configure your firewalls while minimising communication errors between your network infrastructure and our payment platform.

Please note that this document presumes that you are already familiar with configuring firewalls, routers or any other device used to block traffic on your network.

2. Firewall Port Information

The following table lists the destination ports that must be open to allow communication between the merchant’s network infrastructure and our payment gateways.

Usage *
  • Transaction feedback requests
  • Dynamic template page
  • XML page
  • Push reports via HTTP(S)
  • Transaction confirmation e-mails
  • emails from our system to the merchant
  • Web browsing in the back office
  • Application-specific connections to the back office (DirectLink, automated file uploads, AFTP, Fidelio, etc.)
Flow from the merchant system’s perspective Incoming Incoming Outgoing
Protocol/port TCP 80 (HTTP)
TCP 443 (HTTPS)**
TCP 25 (SMTP) TCP 443 (HTTPS)
Source

CIDR
185.139.244.0/22
91.208.214.0/24
185.8.52.0/22

CIDR
185.139.244.0/22
91.208.214.0/24
185.8.52.0/22

Merchant system(s) IP address(es)

Destination Merchant system(s) IP address(es) Merchant mail server(s) IP address(es)**** *.secure.payengine.de

Important: All merchant systems communicating with our payment gateways must be able to resolve the public hostname.

* The lists are non-exhaustive.
** Depending on protocols supported by the merchant’s application servers and the merchant configuration in the back office and/or hidden parameters (HTTPS recommended).
*** If the merchant maintains a list of IP addresses authorised to send emails on his behalf, our IP ranges should be added to this list. As the owner of a public domain, a merchant could use SPF records, for example, to prevent sender-address spoofing. Please refer to http://www.openspf.org for more information or check with the merchant’s DNS and/or mail server administrator if any action is required.
**** Depending on the merchant’s email system architecture, the server could be hosted by the merchant ISP or inside the merchant's network.