Configuring your network
To configure your network for point-of-sale communications:
1. If you need to allowlist IP addresses, add Adyen's domains to your firewall's allowlist. Configure your firewall to allow outgoing HTTPS traffic from the IP addresses of your POS apps and terminals to:
- *.adyen.com
- *.adyenpayments.com
Allowlisting should be based on the DNS name of these URLs. Your firewall should dynamically check for IP address updates, at least every 60 seconds.
Important: Do not hard-code Adyen's IP addresses, as these can change over time. Adyen does not share a list of their IP addresses publicly.
2. Open the ports:
- TCP/443 to the internet.
- TCP/8443 on your LAN.
Configuring the terminal IP address
To send payments for online authorization, the terminal must have a valid IP address. There are several ways to assign an IP address to a terminal:
- Dynamic IP: your DHCP server issues an IP address to the terminal on the fly.
- DHCP reservation: on the DHCP server, you bind an IP address to the terminal's MAC address. The DHCP server then assigns the exact same IP address to the terminal each time. This is an alternative to using static IP addresses, especially if you're dealing with a large number of terminals.
- Static IP: you enter the IP address and other network configuration details manually on the terminal.
You can't use a mix of dynamic and static IPs. The IP address of the terminal and the IP addresses of the DNS server and router must be either all dynamic or all static.
By default, DHCP is enabled on the payment terminal. With this setting, your DHCP server issues an IP address to the terminal, either dynamically or through DHCP reservation (if you've set that up). If you are using a V400m with a Bluetooth base station, the base station too has DHCP enabled and receives an IP address from your DHCP server.
Recommendations
- If it is possible to set the DHCP lease time on the DHCP server, set this to 24 hours or more. The lease time is the time that the terminal keeps an IP address before the DHCP server renews the terminal's lease on the IP address.
- In integration with cloud communications, you should use dynamic IP addresses without DHCP reservation.
General networking recommendations
To prevent network issues from interfering with your point-of-sale transactions, we recommend that you:
- Use a segmented network, dedicated to point-of-sale communications.
- Make a DNS server accessible from your local network. This should be able to resolve *.adyen.com and *.adyenpayments.com.
Note: If you use a caching name server, the Time to Live (TTL) set by Adyen must be honored (60 seconds for Disaster Recovery).
- If you use intrusion detection (IDS) and prevention systems (IPS), ensure they are using up-to-date firmware and signatures. If these are out of date, the encrypted communications used by your integration may be disrupted.
- Connect the whole POS system, including the terminals, to an uninterrupted power supply (UPS).
- Use a cellular backup connection by:
- Having an automatic cellular failover on your main router.
- Using a terminal that has a built-in cellular connection - v400m
Wi-Fi recommendations
To connect your payment terminals over Wi-Fi, your access point needs to support:
- WPA/WPA2-Enterprise encryption, or WPA/WPA2-Personal encryption.
- 2.4Ghz or 5Ghz frequencies.
In addition, we recommend that you:
- Use a dedicated private wireless network.
Note that when the terminal indicates it is connected to your Wi-Fi network, this doesn't necessarily mean that it is connected to the Internet. There can be issues with the connection from your Wi-Fi network to the internet.
Network failover to cellular connectivity - v400m
Network failover occurs when the payment terminal can't access the internet over the primary network connection (usually Wi-Fi or Ethernet), and switches to a cellular connection (3G or 4G). This enables you to continue making transactions when there is a problem with internet access.
There is a difference between network connectivity and internet connectivity. To process a transaction, the terminal must have internet access. The terminal uses its primary network connection (Wi-Fi or Ethernet) to reach the internet. There are two ways this can go wrong:
- The terminal can't access the internet because it has lost the connection to your network.
- The terminal is connected to your network but can't access the internet.
The v400m has built-in 3G or 4G hardware and a pre-installed, activated SIM card. This allows the terminal to send and receive payment messages as packets over the internet through General Packet Radio Service (GPRS, which is an extension to cellular communication).
If the terminal can't reach the internet through its primary network connection, it automatically switches to processing payments using its cellular connection. It will also switch back to using the primary connection when this is available again.
Note that our terminals only support SIM cards supplied by us.
Enabling or disabling Cellular connectivity can be done through the Admin menu->Network->Cellular.
Using a cellular router
If your terminals don't have built-in cellular hardware, you can install a router with a 3G/4G network failover. When the terminal can't reach the internet through its primary network connection, the terminal switches to an internet connection over GPRS. The terminal also switches back to the primary connection when this is available again.
To ensure you get the best cellular reception, you should also install external 3G/4G antennas.