The Verifone Commander Punchh Integration runs on a Windows PC installed in the DMZ of the location’s network inside of the Verifone POS network (192.168.31.0)
If this computers network interface does not have internet access to the enumerated Punchh endpoints, then a secondary NIC on the PC may be used to provide internet access to the Punchh service endpoints
Network Ex 1 - Zone Router WAN connection inside DMZ behind edge router
Network Ex 2 - Zone Router is Edge Router. DMZ managed behind Zone Router
Network Firewall & Antivirus Setup
PUNCHH Firewall rules. Confirm that the following FQDN (Fully Qualified Domain Names) endpoints are properly whitelisted in the site's firewall/router
(PUNCHH DOES NOT SUPPORT FIREWALL RULES USING IP ADDRESSES)
Network Firewall Configuration
ALLOW: | FROM: | TO: |
---|---|---|
TCP using port 443 | The PC running the Punchh service (Punchh.exe) |
Endpoint Details
Please contact Punchh support if your portal is a dedicated instance to get the endpoints specific for you. If you login to your Punchh portal via any other URL than https://punchh.com, then you will need to get your brand’s specific endpoints.
Default endpoints
pos.punchh.com - Punchh check-in and redemption transactions, Punchh application configuration & update server & Punchh check and barcode details
loguploads.punchh.com - Punchh log file repository #1
poslogs.punchh.com - Punchh log file repository #2
Software firewall, antivirus, and application whitelisting configuration
Antivirus
Files in these folders need to be able to be updated and automatically added to the PC application whitelist when updated by our update service.
Verify that the designated directories and sub-directories below are excluded from Antivirus and real time scanning on the POS
Executable application files in these directories should also be whitelisted in any software application whitelisting control
Location | Directory | Files |
---|---|---|
The PC running the Punchh service (Punchh.exe) | C:\Program Files\Punchh\* | punchh.exe |
Application Whitelisting
Whitelist all Punchh EXE’s in the Application Whitelisting Control to allow communication over network designated in the table above
Whitelist all applications that are digitally signed by “Punchh, Inc.”
To allow updates without having to go back and “re-fingerprint” individual EXEs
Doing the above whitelisting will allow for updates to be managed without having to “re-fingerprint” the updated individual exe files in the installation directory making updating, when needed, an easier experience.
Network Firewall Validation Tests
From the PC running the Punchh service (Punchh.exe), please do the following tests:
Open a web browser and navigate to the following web pages
Each web page should return a plain white page with OK
If any page doesn't return OK, the firewall needs to be reviewed to ensure the correct firewall rules are in place.