Network Requirements
After reading this, you can prepare a network environment where the Middleware can access the necessary resources.
Introduction
The Middleware requires a basic set of network access to perform its function. First and foremost, this includes inbound connections from your POS Systems to the Middleware. Therefore, please ensure your POS Systems have free access to your Middleware instance. For example, you need to configure the firewalls to allow connections from your POS Systems to the IP address and ports where the Middleware is running.
A fully functioning Middleware setup requires a few outbound connections (e.g., querying for changes to your CashBox configuration). Therefore, please ensure the machine where the Middleware is active has proper network access to the following hostnames.
| Hostname | Protocol | Port(s) | Description |
|---|---|---|---|
| packages.fiskaltrust.cloud | TCP | 443 | Provides the required binary packages of the CashBox components |
| helipad.fiskaltrust.cloud | TCP | 443 | Provides the CashBox configuration and the archive service |
| dc.services.visualstudio.com | TCP | 443 | Error reporting (Microsoft provides a list of IP addresses) |
In case of connectivity issues, please check out the dedicated chapter Network Troubleshooting.
Additional access permissions
This section describes external third-party endpoints that the Middleware uses in some cases. This usage is currently only the case when using cloud TSSs in Germany.
- Austria
- France
- Germany
There are no other network resources to take into account.
There are no other network resources to take into account.
If you are using a cloud TSE, please make sure the Middleware can also reach their services. Also, please note this list of hostnames and services required for each TSE type.
fiskaly TSE
| Hostname | Protocol | Port(s) | Description |
|---|---|---|---|
| kassensichv-middleware.fiskaly.com | TCP | 443 | fiskaly 2 service |
| auth.fiskaly.com | TCP | 443 | fiskaly authentication service |
fiskaly SSL certificate
In rare instances your local client might not be able to communicate with the fiskaly servers. The connection fails with the error The remote certificate is invalid according to the validation procedure or The SSL connection could not be established. This can be caused by the client not trusting the external server. Please install the fiskaly certificate manually as described on the following support articles by fiskaly:
Swissbit Cloud TSE
| Hostname | Protocol | Port(s) | Description |
|---|---|---|---|
| fiskal.cloud | TCP | 443 | Swissbit Cloud TSE service |
| downloads.fiskaltrust.cloud | TCP | 443 | FCC download |
Should you need to determine the IP addresses of these hostnames for your network policies, please use the appropriate tools on your local workstation (e.g., nslookup or dig) or an online lookup service.
The Middleware does not expect or handle any other inbound connections, apart from the receipt requests sent by your POS Systems. So you only need to ensure your POS Systems have access; you can (and should) restrict all other connections.
Proxy setups
Suppose your network requires a proxy for outbound connections. In that case, you will need to provide the Middleware with details on how to connect to the proxy (i.e., the proxy address and connection credentials).
Setting the proxy configuration
Setting the configuration parameters can be done using the Launcher's -proxy parameter. This parameter takes a semicolon-separated connection string with five arguments, specifying the address of the proxy, an optional username and password for authentication, as well as two exception settings.
| Value | Description | Required |
|---|---|---|
| address | The URL of the proxy (if only a hostname is provided, default is set to HTTP) | Yes |
| username | The user which should be used for authentication against the proxy | No |
| password | The password of the proxy user | No |
| bypass | A regular expression with host addresses and names that ought to be exempt from proxying Can be used more than once | No |
| bypasslocalhost | Indicates whether local connections require proxying as well (false or true) | No |
Example Proxy Strings
address=192.168.0.1
address=192.168.0.1;username=proxyuser;password=proxypw
address=proxy.example.com;username=proxyuser
address=192.168.0.1;bypass=192\.168\.10\.1
address=192.168.0.1;bypass=192\.168\.10\.1;bypass=scu\d+\.example\.com
Sample Call
C:\>fiskaltrust.exe -proxy="address=192.168.0.1;username=proxyuser;password=proxypw"
When you invoke the Launcher with that parameter, it will save the connection information in an encrypted value in its configuration and immediately return. You can verify if the information was added by checking for the following key in fiskaltrust.exe.config
<add key="proxy" value="[ENCRYPTED-PROXY-INFORMATION]" />
For security reasons, do not add the connection information directly to any of the two Launcher files (test.cmd and install-service.cmd). Instead, call fiskaltrust.exe once manually with -proxy and the connection information.
And please make sure there is no other -proxy parameter in your Launcher files, as this would overwrite your configuration.
Editing the proxy configuration
Should you need to edit the proxy details, please remember that you will need to run the -proxy call again and cannot edit the configuration file manually as the file encrypts the proxy details.
If you want to remove the connection information altogether, please edit fiskaltrust.exe.config manually and remove the add key="proxy" entry.
Please remember that any changes only take effect after a restart of fiskaltrust.Middleware.
third-party proxy settings
Depending on your setup, you might also need to grant access to additional network resources.
- Austria
- France
- Germany
There is no configuration for third parties to take into account.
There is no configuration for third parties to take into account.
Swissbit Cloud & Deutsche Fiskal TSE
The SCU package for these TSE types supports the following four optional SCU parameters:
- ProxyServer
- ProxyPort
- ProxyUsername
- ProxyPassword
More information is available at https://docs.fiskaltrust.cloud/docs/product-description/germany/products-and-services/caas/features/basics/tse/swissbit-cloud.