When Paytronix products are installed on a POS system, there’s back-and-forth communication between the POS terminals, the BOH (back-of-house) machine, and Paytronix systems (PXS). Your organization’s corporate information security team may use firewalls, security software, or other products and services designed to monitor networks, detect possible intrusions, and/or block suspicious network traffic. The best way to make sure communication between your POS system and Paytronix continues uninterrupted is to explicitly allow the specific URLs, ports, hosts, services, installers, and applications required for communication. If you think you are experiencing connectivity issues related to security or URL allowance, please work with your organization’s IT Security Team. We highly recommend that you meet with your organization’s IT Security Team before installing anything on the BOH machine so they can conduct an official security review.

At a minimum you will need admin access to the BOH machine and POS terminals. Depending on your corporate setup, you may need additional permissions or access. You may also be providing the information in this document to someone who manages firewall/security operations for your organization.

If you are able, we strongly recommend implementing a domain-based allowlist. Domain-based management allows all traffic to/from Paytronix, even if specific IP ranges change over time. It ensures that if Paytronix IP ranges change, your systems will still communicate with ours, without your needing to update security settings on your end. If you are not able to use a domain-based allowlist, you will need to make sure that your allowed IPs associated with Paytronix are always current.

Below are the URLs, IP addresses, ports, connections, services, applications, and installers you will need to allowlist on the BOH machine.

Certain transactions are routed through Cloudflare for security, as such you should allowlist these IPs:
​https://www.cloudflare.com/ips/

NOTE: For any links in the URL column, you will need to choose the correct Merchant when you click into the link.
​

For the Paytronix Controller Service, you will need to allowlist one of the following applications:
​
​Paytronix Controller (PXC)
C:\Paytronix\jre\bin\java.exe
​
​Paytronix Daemon
C:\Paytronix\PxDaemonService.exe
​
​Paytronix Upgrader
C:\Paytronix\PxUpgraderService.exe

PXC Installer: controller-installer-****.exe
Note: **** = version number of the installer

Paytronix for Aloha User Program:
C:\Paytronix\pxalohaui.exe

Port: 9055 Outgoing
Port: 9090 Incoming
​
Note: Port 9090 is the default port for Aloha Kitchen Interface (AKI). It is also the default port setting for Paytronix communication between Order Entry Terminals and the Paytronix Controller (PXC). If your organization uses AKI, or plans to, you will likely need to allowlist a different port for these communications. Which port? You can identify the correct port assigned to Paytronix communications by reviewing the installation config files, on the BOH machine. Check the BUSINESS_XML_PORT setting in the config files:

Incoming and Outgoing: 9090
​
Note: If you set up a different port for these communications on the BOH machine, use the alternate port you are using on the BOH machine. You can also check the PXC_PORT setting in the pxalohaui.cfg config file for the correct port.
​
Incoming and Outgoing (Socket Listening): 9054
Incoming (Running Socket Status Thread): 9055

Allowlist these ports on both the BOH and terminals:

Allowlist port 9000 on both the BOH and terminals.

Allowlist port 22280 on both the CAPS server and service hosts (terminals).

Please work directly with Paytronix Support to discuss additional allowlist specifications for all other POS systems. You can reach them at [email protected].