Thursday, August 21, 2008
An application based on the Commerce Toolkit for Applications will need to reach all of the following internet locations in order to configure itself and process payment transactions.
Payments Registry
FQDN: paymentsregistry.net
IP Address: 216.87.91.243
Protocol: TCP
Port(s): 443 (Current), 7443 (Legacy, only required for very old versions of CTA)
Socket Administration and Monitoring (SAM)
FQDN: sam-01.ipcommerce.com
IP Address: 165.193.56.205
Protocol: TCP
Port(s): 443
FQDN: sam-02.ipcommerce.com
IP Address: 165.193.56.206
Protocol: TCP
Port(s): 80
FQDN: sam-03.ipcommerce.com
IP Address: 165.193.56.207
Protocol: TCP
Port(s): 443
Transaction Broker
FQDN: txn-01.ipcommerce.com
IP Address: 165.193.56.200
Protocol: TCP
Port(s): 443
Sample Firewall Configuration for a Cisco PIX/ASA
Assume socket software based on the CTA is running on a machine with internal IP address of 192.168.1.1 and assume the access-list that is enforcing egress filtering is named from-inside and applied to the appropriate interface. Configuration syntax for other firewall makes/models will vary.
access-list from-inside extended permit tcp host 192.168.1.1 host 216.87.91.243 eq 443
access-list from-inside extended permit tcp host 192.168.1.1 host 216.87.91.243 eq 7443
access-list from-inside extended permit tcp host 192.168.1.1 host 165.193.56.205 eq 443
access-list from-inside extended permit tcp host 192.168.1.1 host 165.193.56.206 eq 80
access-list from-inside extended permit tcp host 192.168.1.1 host 165.193.56.207 eq 443
access-list from-inside extended permit tcp host 192.168.1.1 host 165.193.56.200 eq 443
