This article describes which ports and addresses need to be opend on you firewall for both the Fiscal Middleware, and further below country-specific communication-processes e.g. with fiscal authorities and others.
RetailForce Cloud
Open the following addresses and ports to enable Cloud-communication of the fiscal client. This is used for:
- downloading configuration objects from the cloud
- archiving of (fiscal-) data
- usage / issuing of "Digital Receipts"
- upload support-gackages
- and other
The following URLs must be accessible:
Host | Port | Description |
https://api.retailforce.cloud/* | 443 | Retailforce cloud api - Programming interface |
https://functions.retailforce.cloud/* | 443 | Retailforce cloud api - Functions for uploading/downloading files |
https://archive.retailforce.cloud/* | 443 | Archiv-Data |
https://data.retailforce.cloud/* | 443 | Export data and data other client-specific data held for 30 days only. |
The use of a proxy server is described in the following article: Using Proxy Server on FiscalClient
Test cloud availability
You can use the following calls in the browser for the API and the function library to test if these addresses are reachable for you:
Typ | Address |
API |
https://api.retailforce.cloud/api/v1.0/information/version Expected return: version in the format "1.3.0.0" (example) |
Function |
https://functions.retailforce.cloud/api/GetVersion Expected return: version in the format "1.3.0.0" (example) (Available from version 1.3.0). |
Azure IP address ranges
The Azure Content Delivery Network (CDN) is used for all services (Front Door and CDN profile).
Services
The following services are provided:
Service | Type | Azure region | Domain |
Portal and Portal API | AppService | Germany West Central | api.retailforce.cloud |
Archive | Storage Account | Primary: Germany West Central | archive.retailforce.cloud |
Secondary: Germany North | |||
DocumentStorage | Storage Account | Primary: Germany West Central | document.retailforce.cloud |
Secondary: Germany North | |||
Backup | Storage Account | Primary: Germany West Central | backup.retailforce.cloud |
Secondary: Germany North | |||
Data (Temp for DataExport) | Storage Account | Primary: Germany West Central | data.retailforce.cloud |
Secondary: Germany North | |||
DigitalReceipt | Storage Account | Primary: Germany West Central | receipt.retailforce.cloud |
Secondary: Germany North | |||
Function App | Function App | Germany West Central | functions.retailforce.cloud |
Cloud Fiscalization | Function App | Germany West Central | fiscalisation.retailforce.cloud |
Firewall settings
The corresponding IP address ranges, which are located behind the services, are available as a download (JSON file) on the following page: Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center
Austria
When using signature- or seal creation devices in the cloud, the following addresses must be enabled on the firewall:
Cloud Signature Provider | Host | Port | Description |
a-trust no longer supported since 1st August 2022. |
443 | a.sign RK HSM - produktive system | |
a-trust (available from RF 1.3) |
443 | a.sign RK HSM - produktive system | |
PrimeSign |
https://rs-1f9e614c.ps.prime-sign.com/ |
443 | PrimeSign Remote Signing - test system |
PrimeSign |
<base-URL> |
443 | PrimeSign Remote Signing - productive system |
Germany
When using a cloud TSE (technical security device) within the scope of the Cash Security Ordinance (KassenSichV), the following addresses must be accessible:
Cloud TSE Provider | Host | Port | Description |
fiskaly Cloud TSE | 443 | fiskaly Cloud TSE V2 - productive system | |
swissbit Cloud TSE | https://fiskal.cloud | 443 | On the system where the Fiscal Cloud Connector (FCC) is installed, port 80 must be blocked. |
Italy
RT devices (Registratore Telematico) must be able to connect to the Internet.
The following services must be accessible:
- Services of the Agenzia delle Entrate (Revenue Agency - "AdE")
- Transmission of daily closing
- Code download for Instant Lottery (Lotteria Istantanea)
- Time service - for time synchronisation of the printer (mandatory since the introduction of the Instant Lottery)
No packet size or SSL certificate restrictions should be set on the firewall.
Host | Port | Description |
0.it.pool.ntp.org |
Standard time service for time synchronisation as of firmware 10.0 |
|
URL: apid-ivaservizi.agenziaentrate.gov.it IP: 217.175.50.83 |
443 |
Server Agenzia delle Entrate (AdE) |
https://apid-ivaservizi.agenziaentrate.gov.it/v1/dispositivi/ | 443 |
Activations and deactivations (AdE) |
https://apid-ivaservizi.agenziaentrate.gov.it/v1/dispositivi/corrispettivi/ | 443 |
Daily takings (AdE) |
https://apid-ivaservizi.agenziaentrate.gov.it/v1/evento/ | 443 |
Events, e.g. interventions (AdE) |
https://apid-ivaservizi.agenziaentrate.gov.it/v1/dispositivi/lotteria/corrispettivi | 443 |
Deferred Lottery Receipts |
https://apid-ivaservizi.agenziaentrate.gov.it/v1/dispositivi/lotteria/rilascioCodici | 443 |
Instant Lottery Codes |
Slovenia
The Fiscalisation Act in Slovenia requires that POS systems register all sales transactions in the Information System of the Financial Administration (ISFU - Informacijski sistem finančne uprave). For this purpose, the URLs of both the production and test environments must be accessible from the POS system or the system on which the RetailForce Fiscal Middleware is installed.
Host | Port | Description |
https://blagajne.fu.gov.si | 9003 | PRODUCTION-Environment |
https://blagajne-test.fu.gov.si | 9002 | TEST-Environment |
Comments
0 comments
Please sign in to leave a comment.