How should my network be configured to work with Cayan's services?

Home/Developers / Knowledge Base / How should my network be configured to work with Cayan's services?

As a security measure, many merchants restrict outbound communications from their networks - whitelisting traffic to just a handful of sites, such as their payment processor.

Below are all the necessary details for how a Network Administrator should configure his/her networks and firewalls to inter-operate with Cayan's services.

Hosts:

  • transport.merchantware.net
  • genius.merchantware.net
  • ps1.merchantware.net
  • s01.merchantware.net
  • logupload.merchantware.net

Production IP Addresses:

  • Cayan's Boston Data Center: 63.128.13.128 /26
  • Cayan's Chicago Data Center: 205.219.72.64 /26
Cayan is in the process of migrating to new ISPs. Please ensure that your firewalls have the following IP ranges whitelisted:
  • Boston: 144.121.15.128 /26 (expected switchover date: mid/late March, 2017)
  • Chicago: 209.249.188.192 /26 (expected switchover date: mid/late February, 2017)

Ports:

Public internet:

  • 443: SSL
  • 7622: SFTP (via SSH)

Local area network:

  • 8080: POS (or Store & Forward) communication to a Genius terminal (HTTP)
  • 8443: POS communication to a Genius terminal (HTTPS)
  • 7500: default Store & Forward for all traffic represented by transport.merchantware.net
  • 7501: default Store & Forward for all traffic represented by ps1.merchantware.net
  • 7502: default Store & Forward for all traffic represented by genius.merchantware.net
  • 7503: default Store & Forward for Rest API that can be used to communicate with Store and Forward
  • 7504: default Store & Forward that services the Administration Website

Third Parties:

Genius will reach out to our Certificate Authority (Digicert) in order to perform certificate revocation checks, and otherwise validate certificates, to prevent against "man in the middle" attacks. If you see traffic on your network to "*.digicert.com", that's what this is, and you may want to whitelist those domains.