Fieldpine Retail uses a mixture of TCP and UDP to communicate between systems over allocated port numbers. You may need to alter network equipment and/or firewalls to enable this. Fieldpine are unable to help directly with how to configure individual pieces of network and security equipment as we are not trained all makes/models of gear and they are all different.

Summary

	Historic	Mesh (after Sep 2014) Any Fieldpine system must be able to connect to any other Fieldpine system. Access to Fieldpine ports from the internet generally is not typically required, except under special circumstances
Point of Sale Client Systems (checkout lanes, management lanes etc)	TCP port 8095 incoming. Optional but recommended UDP port 8095 recommended Multicast address 239.192.6.xx Recommended	TCP port 8095 and 8310 incoming. Optional highly but recommended UDP port 8095 and 8310 recommended Multicast address 239.192.6.xx Recommended
Point of Sale Servers Systems (Head Office, Store Servers, etc)	TCP port 8095 and 8310 incoming. Required. UDP port 8095 and 8310. Recommended. Multicast address 239.192.6.xx Recommended
Global Data Server	TCP port 8310 incoming. Required. TCP port 80, optional Multicast address 239.192.6.xx Recommended	TCP port 8310 incoming. Required. TCP port 80, optional

Notes:

1. Ports can be changed to differnet port numbers if required, but this requires every machine to be changed.

Quick Notes

• Remote Store lanes will communicate to Head Office on a fixed IP address on a fixed port. This is normally port 8095. You need to enable port forwarding for port 8095 to the correct machine/port. (Don't forget that target machine will need a fixed IP address also)

• (Historic, not mesh configurations) Remote Stores only communicate out, they do not need inbound ports. Only head office requires an inbound port.

• If the customer is using Global Data Server functionality (GDS) then they may also need port 8310 to be enabled for port forwarding. Not all customers require this port opened.

• Do not enable stateful packet inspection on these ports, or if enabled do not break connections. Traffic that flows over these ports is a variety of different protocols and encryption. Equally, do not install HTTP caches, or anything that changes the data stream in any way. HTTP is not the primary protocol used over these ports.

• You may configure a secure VPN between stores if you and the retailer wish to do so. This is generally invisible to the software.

• Remote stores can test the configuration with a "Bis Sync" operation. This will force an attempt to communciate to Head Office. If the network does not connect, the status screen displays a range of error messages, and includes the underlying WinSock error codes.

• You can display a test web page on the server by connecting a browser to Http://a.b.c.d:8095/fdlmgmt/default.htm. This will work within the Head Office LAN, and should also be reachable from remote stores.

• All systems commonly use dynamically assigned ports for outbound connections. Filtering by outbound port number is not an option.

Example

A retailer has two stores, one main store and a remote store.

1. The "main" store will be running a service (Generally called PosService.exe) listening on port 8095.

2. When the remote store wishes to communicate, it will open a TCP socket to IP address A.B.C.D on port 8095. It will use a random soure port.

3. Head Office cannot connect "out" to remote stores, it must wait for the store to call home.

4. If the retailer is using GDS, all the above also holds true for port 8310.

You are welcome to contact us directly for clarification of the above points, but we cannot help with instructions on exactly how this is implemented.

Mesh / P2P Systems

Starting in early 2014 many sites are being transitioned to use a distributed database rather than a point to point model. This is NOT using file sharing or external torrents, rather it changes the internal networking layer to utilise multiple IP endpoints. Generally, there is no specific setup required for this to work beyond steps detailed above.

The details below are for advanced sites that have IGMP routers inside their networks.

1. Each system may try and communicate directly to other machines in the network. ie Two store checkouts may communicate even if they are in different stores. (this is done for redundancy purposes)

2. Systems on a ethernet segment will enable UDP multicast (not broadcast) to communicate directly to peers. This uses the multicast address 239.192.6.xx This is inside the administrively scoped range and should be blocked by your edge routers or your ISP routers from leaving your network.

3. We use a range of TTL values on the multicast packets to control transmission life.

4. Contents of the packets are not documented, and packets are encrypted.

5. Mesh systems work best when inbound ports are enabled, however they will self adapt and try various techniques to establish a connection.

Outbound Security

In addition to the above, the Retail Systems may connect to random hosts during operation. This is rare, but if you are configuring advanced security options, you need to be aware of this.

1. Trading Counters may connect to random internet sites for many reasons, but this category should all be known in advance by the retailer. The POS has a built in web browser so that counters can (under control) browse to specific tools such as postage checkers, or freight companies.

2. Lanes may communicate to *.fieldpine.com domains. This can be under staff control (eg Quick Code "f123") or to report crash events.

3. Any Fieldpine system (depending on configuration) may communicate to *.fieldpine.com or *.fieldpine.co.nz or *.meetu4.com or *.meetu4.org domains.

4. Fieldpine do not store full credit card numbers or PAN numbers, so these are not sent over network links, period.

THIS ARTICLE APPLIES TO

• All Fieldpine Products. As at November 2011