General network requirements
Basic requirements
- The internet connection must be wired. Trivec cannot guarantee stable operation if 3G, 4G, 5G, or other wireless technologies are used for internet access.
- Mobile broadband should only be used as a backup solution — in the event that a wired internet connection is not working.
- Internet speed requirements depend on the number and type of devices used. We recommend a minimum speed of 25 Mbit up/down.
- If you’re unsure of the minimum required speed in your case, have the person or company managing your network contact Trivec.
Ethernet
Each device connected via Ethernet requires an Ethernet connection, and the network outlet must be no more than 1 meter from the device's planned location.
The following devices require an Ethernet connection:
- POS systems running Domino
- Trivec GO with docking station
- Kitchen or bar printers
- Kitchen display screens
- Some types of payment terminals: Westpay C10 (via Ethernet), Nets Lane/3000
- In some cases, receipt printers
Printers require Unicast and Multicast to be enabled on the network.
Wireless Connection (Wi-Fi)
Trivec devices require a separate network used only by Trivec devices that meets the WiFi5 (802.11ac) standard and uses WPA2 password encryption.
A stable Wi-Fi signal must cover all areas where the devices will be used. A general guideline is -70 dBm at 5GHz. If you’re unsure about signal strength and interference, consult the person or company responsible for your network. Our equipment is compatible with both 2.4GHz and 5GHz Wi-Fi.
The following devices connect to Wi-Fi networks:
- Trivec Handy
- Trivec GO without docking station
- Some types of payment terminals: Westpay C100, C150, Nets Move/3000, and Adyen
Using a network that does not meet the above requirements increases the risk of security breaches, payment losses, and theft of card payment data.
DHCP or MAC reservation
To ensure stable operation and avoid IP conflicts, Trivec requires a specific range of IP addresses to be placed outside the DHCP scope. To configure the network to meet this requirement, consult the person or company managing your network.
Alternatively, a device's IP address can be reserved using MAC address reservation
Outbound Firewall rules
For Customers that configure outgoing firewall rules on their network, the following outbound rules should be added in their firewall:
Trivec software
Applies to all Trivec regions.
- Trivec Platform services:
| Domain | HTTPS |
| b2cplatformprdeurope.b2clogin.com | 443 |
| login.microsoftonline.com | 443 |
| platform.trivec.io | 443 |
- IOT HUB / Certificates / ServiceBus:
| Domain | HTTPS | MQTT | AMQP | AMQP |
| iot-platform-prd-westeurope.azure-devices.net | 443 | 8883 | ||
| global.azure-devices-provisioning.net | 443 | 8883 | ||
| sb-platform-prd-westeurope.servicebus.windows.net | 443 | 5671 | 5672 | |
| TrivecCloudSync.servicebus.windows.net | 443 | 5671 | 5672 | |
| sb-trivec-ingestion-prd-westeurope.servicebus.windows.net | 443 | 5671 | 5672 |
- NGROK:
| Domain | HTTPS | HTTP |
| api.ngrok.com | 443 | |
| eu.ngrok.io | 443 | |
| update.equinox.io | 443 | |
| connect.eu.ngrok-agent.com | 443 | |
| tunnel.eu.ngrok.com | 443 | |
| crl.ngrok.com | 80 | |
| crl.ngrok-agent.com | 80 |
- Tailscale:
| Domain | HTTPS |
| login.tailscale.com | 443 |
| controlplane.tailscale.com | 443 |
| api.tailscale.com | 443 |
| log.tailscale.com | 443 |
| log.tailscale.IO | 443 |
| derp4-all.tailscale.com | 443 |
| derp8-all.tailscale.com | 443 |
| derp14-all.tailscale.com | 443 |
| derp18-all.tailscale.com | 443 |
| derp19-all.tailscale.com | 443 |
| derp22-all.tailscale.com | 443 |
| derp26-all.tailscale.com | 443 |
More info: What firewall ports should I open to use Tailscale? · Tailscale Docs
Complete DERP servers list: https://login.tailscale.com/derpmap/default
- Domino "Internet" status
| 8.8.4.4 | ICMP |
Other functionality required by Trivec
Windows Updates
Applies to all Trivec regions.
| http://windowsupdate.microsoft.com | 80, 443, 49152-65535 |
| http://*.windowsupdate.microsoft.com | 80, 443, 49152-65535 |
| https://*.windowsupdate.microsoft.com | 80, 443, 49152-65535 |
| http://*.update.microsoft.com | 80, 443, 49152-65535 |
| https://*.update.microsoft.com | 80, 443, 49152-65535 |
| http://*.windowsupdate.com | 80, 443, 49152-65535 |
| http://download.windowsupdate.com | 80, 443, 49152-65535 |
| http://download.microsoft.com | 80, 443, 49152-65535 |
| http://*.download.windowsupdate.com | 80, 443, 49152-65535 |
| http://wustat.windows.com | 80, 443, 49152-65535 |
| http://ntservicepack.microsoft.com | 80, 443, 49152-65535 |
| http://go.microsoft.com | 80, 443, 49152-65535 |
| http://dl.delivery.mp.microsoft.com | 80, 443, 49152-65535 |
| https://dl.delivery.mp.microsoft.com | 80, 443, 49152-65535 |
| http://*.delivery.mp.microsoft.com | 80, 443, 49152-65535 |
| https://*.delivery.mp.microsoft.com | 80, 443, 49152-65535 |
Source: Step 2 - Configure WSUS | Microsoft Learn
Atera
Applies to all Trivec regions.
| pubsub.atera.com | 443 |
| pubsub.pubnub.com | 443 |
| app.atera.com | 443 |
| agenthb.atera.com | 443 |
| packagesstore.blob.core.windows.net | 443 |
| ps.pndsn.com | 443 |
| agent-api.atera.com | 443 |
| cacerts.thawte.com | 443 |
| agentreportingstore.blob.core.windows.net | 443 |
| atera-agent-heartbeat.servicebus.windows.net | 443 |
| ps.atera.com | 443 |
| atera.pubnubapi.com | 443 |
| appcdn.atera.com | 443 |
| atera-agent-heartbeat-cus.servicebus.windows.net | 443 |
| ticketingitemsstoreeu.blob.core.windows.net | 443 |
| download.visualstudio.microsoft.com | 443 |
| a32dl55qcodech-ats.iot.eu-west-1.amazonaws.com | 443 |
| agentspoliciesprod.blob.core.windows.net | 443 |
Source: Firewall settings for Atera's integrations – Atera Support
ScreenConnect
Applies to all Trivec regions.
Trivec uses the cloud ScreenConnect solution. ScreenConnect requires two outbound HTTPS requests over port 443:
license.screenconnect.com – Required for the server to validate the ScreenConnect license
check.screenconnect.com – Strongly recommended but optional. It is used to complete the server or URL checks on the Administration > Status page within the ScreenConnect website.
We have also observed that ScreenConnect outbound on TCP 443 does not use standard web/HTTPS traffic. Firewalls or proxies performing HTTPS inspection or ALG on port 443 will block the connection. Traffic to *.screenconnect.com and *.connectwise.com must be allowed (no HTTPS-inspection/ALG etc), using FQDN-based wildcard rules, and support long-lived connections.
Source: System requirements - ConnectWise
Splashtop
Applies to all Trivec regions.
- Allow access to Splashtop servers
- (For both Global and EU regions) *.api.splashtop.com
- (For EU region) *.api.splashtop.eu
- (For both) *.relay.splashtop.com
- (For both) update-g3.splashtop.com / update.splashtop.com (for endpoints auto-update)
- Allow outbound TCP connections over port 443 for both HTTP over TLS and non-HTTP over TLS
- Disable/bypass Deep Packet Inspection (DPI) (also may be called SSL Inspection) for Splashtop traffic
- Port 443: Allow outbound TCP connections over port 443 for both HTTP over TLS and non-HTTP over TLS.
- Ports 9527-9528: To ensure Splashtop operates properly, TCP ports 9527, 9528 must be allowed internally, for streamer and SOS agent respectively.
- Port 6783: For local connections on the same network, communications are point-to-point via TCP port 6783(default setting). For tight firewalls, you need to allow the TCP port internally (not externally).
- IP Addresses of Splashtop Servers:
- Global region:
- nslookup st-v3.api.splashtop.com
- nslookup st-v3-g3.api.splashtop.com
- nslookup st-v3-src.api.splashtop.com
- nslookup st-v3-src-g3.api.splashtop.com
- nslookup st-relay-v3.api.splashtop.com
- nslookup st-relay-v3-g3.api.splashtop.com
- nslookup st-lookup-v1.api.splashtop.com
- nslookup st-lookup-v1-g3.api.splashtop.com
- nslookup st-premium-v3.api.splashtop.com
- nslookup st-premium-v3-g3.api.splashtop.com
- nslookup st-premium-v3.api.splashtop.eu
- nslookup st-premium-v3-g3.api.splashtop.eu
- EU region:
- nslookup st-v3.api.splashtop.eu
- nslookup st-v3-g3.api.splashtop.eu
- nslookup st-v3-src.api.splashtop.eu
- nslookup st-v3-src-g3.api.splashtop.eu
- nslookup st-relay-v3.api.splashtop.eu
- nslookup st-relay-v3-g3.api.splashtop.eu
- nslookup st-premium-v3.api.splashtop.eu
- nslookup st-premium-v3-g3.api.splashtop.eu
- nslookup st-lookup-v1.api.splashtop.com
- nslookup st-lookup-v1-g3.api.splashtop.com
- IP Addresses of download and auto-update servers for Splashtop endpoints
- Splashtop takes advantage of Cloudfront service hosted by AWS (Amazon Web Services) to host Splashtop Business and Splashtop Streamer installers. Please follow below instruction provided by AWS to find IP addresses: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html
- Port 80 needs to be open, for downloading new version installers from Cloudfront service.
- Global region:
Teamviewer
Applies to Trivec Belgium & France only.
- *.teamviewer.com
- www.recaptcha.net
- www.gstatic.com
- cdn.cookielaw.org
- TCP/UDP port 5938
- TCP port 443
- TCP port 80
Source: Ports and URLs used by TeamViewer
Miradore
Applies to all Trivec regions.
These requirements apply in case Customer is using Unitech EA510 Handy device. For more info, check out Handy devices – Help Center.
Miradore services are currently behind the following addresses on HTTPS port 443:
- gateway.miradore.com (online-production-d5cbbrbxc0dqbkcn.z01.azurefd.net)
- mdmcontent.miradore.com (online-production-d5cbbrbxc0dqbkcn.z01.azurefd.net)
- onlineproduploads.blob.core.windows.net
Source: Firewall openings needed to manage devices with Miradore | Miradore
Android
Applies to all Trivec regions.
Note: Most of these endpoints are not browsable. Thus, you can safely block port 80 for these URLs since they’re all behind SSL. Different apps and services require specific mandatory endpoints. A direct connection is required to reach all the endpoints successfully. If the devices are connected behind a proxy, direct communication is not possible and certain functions will fail.
Note: OEMs often have their own hosts that need to be reached for their devices to function properly. Please contact your device manufacturer for any extra ports that may be required.
|
play.google.com android.com google-analytics.com *.gvt1.com *.ggpht.com dl.google.com dl-ssl.google.com android.apis.google.com |
TCP/443 TCP, UDP/5228-5230 |
| *.googleapis.com m.google.com |
TCP/443 |
|
accounts.google.com accounts.google.[country] |
TCP/443 |
|
gcm-http.googleapis.com gcm-xmpp.googleapis.com android.googleapis.com |
TCP/443,5228-5230 |
|
fcm-xmpp.googleapis.com gcm-xmpp.googleapis.com |
TCP/5235,5236 |
|
pki.google.com clients1.google.com |
TCP/443 |
|
clients2.google.com clients3.google.com clients4.google.com clients5.google.com clients6.google.com |
TCP/443 |
| connectivitycheck.android.com connectivitycheck.gstatic.com www.google.com |
TCP/443 |
|
ota.googlezip.net ota-cache1.googlezip.net ota-cache2.googlezip.net |
TCP/443 |
|
mtalk.google.com mtalk4.google.com mtalk-staging.google.com mtalk-dev.google.com alt1-mtalk.google.com alt2-mtalk.google.com alt3-mtalk.google.com alt4-mtalk.google.com alt5-mtalk.google.com alt6-mtalk.google.com alt7-mtalk.google.com alt8-mtalk.google.com android.apis.google.com device-provisioning.googleapis.com |
TCP/443,5228–5230 |
| time.google.com | UDP/123 |
|
android-safebrowsing.google.com safebrowsing.google.com |
TCP/443 |
Source: Android Enterprise Network Requirements - Android Enterprise Help
Integrations
The following requirements apply only in case an integration is used. If unsure what applies to your case, contact Trivec support.
Adyen
Applies to all Trivec regions.
Add Adyen's domains to your firewall's allowlist. Configure your firewall to allow outgoing HTTPS traffic from the IP addresses of your cash registers and PEDs to:
- *.adyen.com
- *.adyenpayments.com
Allowlisting should be based on the DNS name of these URLs. Your firewall should dynamically check for IP address updates, at least every 60 seconds. Do not hard-code Adyen's IP addresses, because these can change over time. We do not share a list of our IP addresses publicly.
Open the ports:
- tcp/443 to the internet.
- tcp/8443 on your LAN.
For a complete instruction on how to set up the network, check out Network configuration | Adyen Docs.
Westpay
Applies to Trivec Nordics only.
The following outbound rules should be added for Westpay functionality in their firewall (valid until July 2026):
| Destination | Port | Incoming/Outgoing |
| 31.15.40.250 | 21 (Passive FTP) | YES/YES |
| https:\logs.westpay.se | 443 | X/YES |
| 185.27.171.151 | 55101 (Passive FTP) | YES/YES |
| 185.27.171.151 | 55102 (TCP) | YES/YES |
| 185.27.171.152 | 55102 (TCP) | YES/YES |
NOTE: Westpay is using a passive ftp, meaning connection is established on random ports.
From May 2026:
| Destination | Port | Incoming/Outgoing |
| 195.67.13.87 | 9944 (SPDH) | YES/YES |
| 195.67.13.87 | 40044 (FTP - PPL Server) | YES/YES |
| https:\logs.westpay.se | 443 | X/YES |
| 176.124.250.93 | 36598 (SPDH) | YES/YES |
| 176.124.250.93 | 11050 (FTP - PPL Server) | YES/YES |
The change of network requirements will will be complete on 30th June 2026. During the period, both new and old network requirements apply.
After 30th June 2026, old network settings no longer apply, and those rules can safely be removed (except https:\logs.westpay.se / 443 / outgoing, which is unchanged).
Source: NETWORK: Networking requisites [Westpay] – Westpay Helpdesk.
Nets
Applies to Trivec Nordics only.
We recommend using DNS names where possible:
- slave1.screenway.com
- slave2.screenway.com
- update.screenway.com
- varma1.manison.fi
- varma2.manison.fi
- varma3.manison.fi
Or, alternatively, opening the entire Nets Internet address book to the firewall:
- 217.30.183.119/32
- 80.95.130.83/32
- 83.150.127.3/32
- 212.226.157.224/27
- 194.136.8.64/27
- 194.100.153.224/27
If these cannot be used, the mandatory IP addresses to which access must be allowed
are listed below:
- 217.30.183.119 – transfer of transactions, verifications and software downloads
- 80.95.130.83 – transfer of transactions, verifications and software downloads
- 83.150.127.3 – transfer of transactions, verifications and software downloads
- 212.226.157.252 – transfer of transactions, verifications and software downloads
- 212.226.157.253 – transfer of transactions, verifications and software downloads
- 194.136.8.94 – transfer of transactions, verifications and software downloads
- 194.100.153.254 – transfer of transactions, verifications and software downloads
- TCP port: 8892 (allow only outbound)
- TCP port: 80 (allow only outbound)
- TCP port: 443 (allow only outbound)
For a complete instruction on how to set up the network, check out: Support Payment terminal instructions
Sunday
Applies to Trivec France only.
Wan/HTTP: 80 and 443
LAN: 5000 and 8888
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article