Networking and connectivity details for the SendPro C, SendPro C Auto

Use these network requirements to prepare your IT and local network environment for connecting your SendPro C device to the internet.
Products affected: SendPro® C, SendPro® C Auto (2H25, R2H25, 1H25C, R1H25C, R7H25C, 7H25A)

If you have extensive network security restrictions, your IT or network administrator may need these specifications to prepare for the installation.

URL Information

These URLs must be accessible from the device, without any obstructions. This includes being free of any SSL packet inspection, web filtering devices or software monitoring.

Required URLs

  • Distributor - main PB Server that authenticates machine for access to other PB web services.
  • Funds (Funds Management & Refills) - funds are managed through a separate Funds Server.
    • http://distservp1.pb.com (Port 80)
    • https://distservp1.pb.com (Port 443)
    • http://comet2.ct.pb.com (Port 80)
    • https://comet2.ct.pb.com (Port 443)
    • 199.231.45.46
    • 199.231.44.31
  • Rates and Updates (Download Services) - Downloads new software, graphics, rate prices.
    • Main Download Services entry
      • https://dlsdlp1.pb.com (Port 443)
      • https://dlsdlp1b.pb.com (Port 443)
    •  File Processing
      • https://pbdlsp1.pb.com (Port 443)
      • https://pbdlsp1t.pb.com (Port 443)
      • https://pbdlsp1k.pb.com (Port 443)
      • https://pbdlsp1b.pb.com (Port 443)
      • https://pbdlsp1z.pb.com (Port 443)
    • OS Updates
      • https://pb-ota.redbend.com (Port 443)
  • Manage Accounts (Accounting) - separate PB Server that manages accounting including account creation, reports etc.
    • Accounting Web Application:
      https://ms1app.pb.com/ (Port 443)
      https://ms1appalm-kdc.pb.com (Port 443)
    • Accounting Web Services:
      https://ms1app.pb.com/ms1atweb/services/ (Port 443)
  • Health Data Update - machine health Information upload.
    • https://s3.amazonaws.com (Port 443)
  • Network Connectivity Test Site - used by tablet's Android O/S to confirm connectivity.
    • http://connectivitycheck.gstatic.com/generate_204 (Port 80)

Important: Connectivity tests also use Google DNS explicitly (8.8.8.8 Port 53)

  • PB Web Services Support - used by several PB applications including Shipping.
    • https://api.pitneybowes.com (Port 443)
    • https://api.precisely.com (Port 443)
    • https://pitneybowes.okta.com (Port 443)
    • https://microsoft.com (Port 443)
    • http://microsoft.com (Port 80)
    • http://mail.o365.pb.com (Port 80)

Recommended URLs

We recommend these URLs are left open, but if this presents a security issue, they can remain blocked. They are enabled by default.

  • Device Management(uses Port 443 or 80 unless otherwise stated).
    • https://smb.pitneybowes.com
    • https://prov.mdm.pitneybowes.com
    • https://api.mdm.pitneybowes.com
    • https://cn977.awmdm.com
    • https://ds977.awmdm.com
    • https://play.google.com
    • https://gate.hockeyapp.net
    • https://e.crashlytics.com
    • https://android.googleapis.com
    • https://play.vidyard.com/
    • bhttps://www.youtube.com/
    • https://s3-us-west-2.amazonaws.com/
    • http://mobile-gtalk.l.google.com (Port 5228)
    • a21iywh40b72eh-ats.iot.us-west-2.amazonaws.com
    • alt2-mtalk.google.com
    • alt5-mtalk.google.com
    • alt6-mtalk.google.com
    • alt8-mtalk.google.com
    • android.clients.google.com
    • android-safebrowsing.google.com
    • api.crashlytics.com
    • apis.google.com
    • app-measurement.com
    • aws.amazon.com
    • captive.apple.com
    • cloudconfig.googleapis.com
    • cognito-identity.us-east-1.amazonaws.com
    • content.googleapis.com
    • csd-error-logs.s3.amazonaws.com
    • csd-error-logs.s3-us-west-1.amazonaws.com
    • csd-launcher.s3.amazonaws.com
    • csd-launcher.s3-us-west-1.amazonaws.com
    • csd-mailing.s3.amazonaws.com
    • csd-mailing.s3-us-west-1.amazonaws.com
    • csd-remote-config.s3.amazonaws.com
    • csd-remote-config.s3-us-west-1.amazonaws.com
    • csd-translations.s3.amazonaws.com
    • csd-translations.s3-us-west-1.amazonaws.com
    • digitalassetlinks.googleapis.com
    • dl.google.com
    • docs.google.com
    • ES-MAD-ANX-R010.teamviewer.com
    • firebaseinstallations.googleapis.com
    • fonts.googleapis.com
    • fonts.gstatic.com
    • GB-LON-ANX-R008.teamviewer.com
    • hshh.org
    • in.appcenter.ms
    • lh3.googleusercontent.com
    • master3.teamviewer.com
    • mdh-pa.googleapis.com
    • mtalk.google.com
    • pagead2.googlesyndication.com
    • phonedeviceverification-pa.googleapis.com
    • ping3.teamviewer.com
    • play.googleapis.com
    • pool.ntp.org
    • r1---sn-8pgbpohxqp5-auol.gvt1.com
    • r2---sn-8pgbpohxqp5-auol.gvt1.com
    • r3---sn-8pgbpohxqp5-auol.gvt1.com
    • r3---sn-8pgbpohxqp5-auos.gvt1.com
    • r6---sn-8pgbpohxqp5-auol.gvt1.com
    • r7---sn-8pgbpohxqp5-auol.gvt1.com
    • r8---sn-8pgbpohxqp5-auol.gvt1.com
    • redirector.gvt1.com
    • registrar.iot.pitneycloud.com
    • reports.crashlytics.com
    • safebrowsing.googleapis.com
    • settings.crashlytics.com
    • ssl.gstatic.com
    • time.apple.com
    • www.google.com
    • www.googleapis.com
    • www.gstatic.com
    • www.pitneybowes.com

Remote Access

TeamViewer is an application that lets Pitney Bowes Service access your device remotely, when you authorise it. (A TeamViewer session can only be initiated by someone on your end, therefore the system cannot be accessed without your knowledge.) There are two ways to unblock TeamViewer:

  • General unblocking of Port 5938 TCP for outgoing connections (recommended). Port 5938 is only used by a few applications and therefore there is no security risk. This traffic should be filtered or cached.
  • Unblocking URLs of the following formats (to any server) GET:
    • /din.aspx?s=…&client=DynGate…GET
    • /dout.aspx?s=…&client=DynGate…POST
    • /dout.aspx?s=…&client=DynGate…

Regardless of which method you choose to unblock TeamViewer, verify there are no content filters or anything similar blocking one of these URLs:

  • *.TeamViewer.com
  • *.dyngate.com

Is it secure?

Yes, the system has been approved by AEGISOLVE, a company specializing in custom evaluation and certification testing services for information technology products. Download the full report.

Communications

All communication is initiated from the system via ports 80 (HTTP) and 443 (TLS).

All communications from the system to the back end system are in the form of XML messages.

Ports

Port 80 (HTTP)

  • Web Services
  • TeamViewer (remote access software)

Port 443 (TLS)

  • SendPro C sends requests to refill or audit its PSD (Postal Security Device) when the user requests it or an inspection is required. Audits occur if the PSD inspection date has expired.
  • Transaction records from the SendPro C are automatically uploaded when a user message appears (within three days of the mail being generated).
  • O/S updates and PB Application Software and Rates Data updates.

Port 53

  • DNS lookup

Important: If your IT department uses a rules-based method for allowing specific ports to pass traffic on their network for port 53, you must allow both UDP and TCP traffic to this port.

Advanced Network Requirements

SendPro C initiates all communication (via HTTP or TLS), so it can safely sit behind most corporate firewalls.

  • High-speed network connection
  • SendPro C supports 802.11n WiFi WPA, WPA-2 PSK, WPA-802.1x (LEAP) protocols.
  • Due to security issues, WEP Wireless Security Protocol is not supported.
  • Both 2.4 and 5 GHz frequency band wireless is supported.
  • SendPro C communicates to external web services via HTTP over Port 80
  • SendPro C communicates to PB secure server(s) via TLS 1.2 over port 443
  • SendPro C uses Port 53 for DNS lookup
  • Pitney Bowes requires a minimum network bandwidth of 384 kbps (upstream and downstream) to operate, but we recommend 1 Mbit/sec for best performance
  • Pitney Bowes recommends that DSL or cellular devices are not shared across multiple SendPro C systems
  • Customer owned web filtering devices or software, as well as SSL packet inspection should be disabled for these ports as they can affect performance or could prevent functionality.
  • SendPro C internal base and tablet communication uses a subnet that consists of IPs from the 192.168.10.240 to 192.168.10.255 and 192.168.10.96 to 192.168.10.111 ranges. When the SendPro C is connected to a network that has a default gateway which uses any address in these ranges, the SendPro C will not be able to communicate on the network because messages can not be routed properly.
  • Wired Ethernet supports 10/100 Mbit speeds.

If you are unable to connect to the internet, ask your IT department or internet provider to check the internet settings.

Related topics

UPDATED: 26 January 2024