Open ports and firewall exceptions on the SendPro C, SendPro+

Products affected:
SendPro® C, SendPro®+ (2H20)
These URLs must be accessible from the device, without any obstructions. This includes being free of any SSL packet inspection, web filtering devices or software monitoring. 

Required URLs 

Distributor - main PB Server that authenticates machine for access to other PB web services
  • http://distservp1.pb.com/csd/dstproduct (Port 80)
  • https://distservp1.pb.com/csd/dstproduct (Port 443)
Funds (Funds Management & Refills) - funds are managed through a separate Funds Server 
  • https://decometlb20.pb.com (Port 443)
  • https://ukcometlb12k.pb.com (Port 443)
  • https://decometlb5.pb.com (Port 443)
Rates and Updates (Download Services) - Downloads new software, graphics, rate prices
  • Main Download Services entry 
    • https://dlsdlp1.pb.com (Port 443)
File Processing
  • https://pbdlsp1.pb.com/prdupdate.dll (Port 443)
  • https://pbdlsp1.pb.com/prdconfirm.dll (Port 443)
OS Updates
  • https://pb-ota.redbend.com (Port 443)
Manage Accounts (Accounting) - separate PB Server that manages accounting including account creation, reports etc. Accounting Web Application: 
  • https://ms1app.pb.com/ (Port 443)
Accounting Web Services:
  • https://ms1app.pb.com/ms1atweb/services/ (Port 443)
Online Help - online support website 
  • http://eureka.pitneybowes.com/sendpro-c-series/gb/SV63242-gb-help/Default.htm (Port 80)
Health Data Update - machine health Information upload
  • https://s3.amazonaws.com (Port 443)
Network Connectivity Test Site - used by tablet's Android O/S to confirm connectivity
  • http://connectivitycheck.gstatic.com/generate_204 (Port 80)
Note: Connectivity tests also use Google DNS explicitly (8.8.8.8 Port 53)

PB Web Services Support - used by several PB applications including Shipping
  • https://api.pitneybowes.com (Port 443)
  • https://pitneybowes.okta.com (Port 443)
  • http://microsoft.com/SoftwareDistribution/Server/SimpleAuthWebService (Port 80)
  • http://mail.o365.pb.com (Port 80)

Recommended URLs 

We recommend these URLs are left open, but if this presents a security issue, they can remain blocked. They are enabled by default.

Remote Access
TeamViewer is an application that lets Pitney Bowes Service access your device remotely, when you authorize it. (A TeamViewer session can only be initiated by someone on your end, therefore the system cannot be accessed without your knowledge.) There are two ways to unblock TeamViewer:
  • General unblocking of Port 5938 TCP for outgoing connections (recommended). Port 5938 is only used by a few applications and therefore there is no security risk. This traffic should be filtered or cached.
  • Unblocking URLs of the following formats (to any server) 
    • GET:/din.aspx?s=…&client=DynGate…GET
    • /dout.aspx?s=…&client=DynGate…POST
    • /dout.aspx?s=…&client=DynGate…
Note
Regardless of which method you choose to unblock TeamViewer, verify there are no content filters or anything similar blocking one of these URLs:
*.TeamViewer.com
*.dyngate.com


Device Management
  • https://smb.pitneybowes.com (Port 443)
  • https://prov.mdm.pitneybowes.com (Port 443)
  • https://api.mdm.pitneybowes.com (Port 443)
  • https://cn977.awmdm.com (Port 443)
  • https://ds977.awmdm.com (Port 443)
  • https://play.google.com (Port 443)
  • https://gate.hockeyapp.net (Port 443)
  • https://e.crashlytics.com (Port 443)
  • https://android.googleapis.com (Port 443)
  • http://mobile-gtalk.l.google.com (Port 5228)

Related Topics:
Ports and Communication Requirements
UPDATED:  23 September 2019