Network & Firewall Considerations

Note the following Netowrk Requirements:

Minimum Internet Speed recommendation of 5Mbps.
Most standard consumer or business firewalls permit incoming/outgoing traffic as a default, in this case no changes are required and the steps below will just work. If you have a managed firewall or enterprise firewall you need to ensure specific ports at the bottom of this page are enabled for inbound/outbound traffic.

Firewall Port Information

Proper firewall configuration is crucial for ensuring smooth transaction processing.

In this section, we provide all the necessary details to help you configure your firewalls while reducing communication errors between your network infrastructure and our payment platform.

Please note that this document assumes you have a basic understanding of configuring firewalls, routers, or other devices used to manage traffic on your network.

The table below outlines the destination ports that need to be open to enable communication between the merchant’s network and our payment gateways.

	Usage	Required/Optional?	Domain Name	Protocol/Port

	Usage	Required/Optional?	Domain Name	Protocol/Port
1	PayXpress EMV Backend Process EMV payment transactions Download remote configuration Send emails from our system to the merchant or customer.	Required	https://api-pos-default-v4.payxpert.com/ https://api-prox-default-v4.payxpert.com/ https://payxpress-soft-mpos.firebaseio.com https://dns.google/dns-query	TCP 443 (HTTPS)
2	PayXpress APM Backend Process APM payment transactions	Optional if PayXpress APM is deployed for POS.	https://connect2.payxpert.com/ https://stats.payxpert.com/matomo.php	TCP 443 (HTTPS)
3	Remote Crash & Logs Crash reports Diagnostic of PayXpress of Logs	Required	payxpress-apm.appspot.com payxpress-soft-mpos.appspot.com	TCP 443 (HTTPS)
4	PayXpress Backoffice - Central Web browsing in administration portal.	Only for PC, not for POS Devices.	*.central.payxpert.com	TCP 443 (HTTPS)
5	SUNMI - TMS/MDM Download & Upgrade new version of PayXpress Remote actions: Lock/Unblock devices & Reboot Europe Instance → *eu.sunmi.com	Only for SUNMI Devices	api.eu.sunmi.com apk.cdn.eu.sunmi.com ota.cdn.eu.sunmi.com file.cdn.eu.sunmi.com pic.cdn.eu.sunmi.com iot-mqtts.eu.sunmi.com	TCP 443 (HTTPS)
6	SUNMI - Security Used for unlocking devices under "tamper mode". China Instance (temporary) → *api.sunmi.com	Only for SUNMI Devices	api.sunmi.com	TCP 443 (HTTPS)
7	SUNMI - NTP Services NTP (Network Time Protocol), provides network timing services for devices	Only for SUNMI Devices	pool.ntp.org europe.pool.ntp.org uk.pool.ntp.org fr.pool.ntp.org it.pool.ntp.org de.pool.ntp.org at.pool.ntp.org pl.pool.ntp.org ntp1.inrim.it ntp.obspm.fr ptbtime1.ptb.de	NTP / 123
8	SUNMI - Certificate Transparency Service Certificate Transparency (CT) is an open framework that aims to monitor and prevent the mis-issuance of CA certificates and enhance the transparency and credibility of certificate authorities.	Only for SUNMI Devices	gstatic.com	TCP 443 (HTTPS)
9	SUNMI - Network Connectivity Detection Service - Identify whether the device's current network can connect to the Internet	Only for SUNMI Devices	www.qualcomm.cn www.google.com connectivitycheck.gstatic.com	HTTPS (443) HTTP (80) HTTPS (443) HTTPS (443) HTTP (80)

Important: All merchant systems communicating with our payment gateways must be able to resolve the public hostname.

Testing to confirm the ports are open

Run the following tests from Windows command prompt or Mac/Unix terminal to confirm these ports are open.

-- Command to execute per usage in the table above.
curl -vLI telnet://central.payxpert.com:443

-- You should see this response:
* Host central.payxpert.com:443 was resolved.
Trying 45.60.243.139:443...
Connected to central.payxpert.com (45.60.243.139) port 443

-- (note: the IP address may be different)