IT Network & Firewall Configuration for PAX Terminals (RNDIS Integration)

October 08, 2025 00:38

This document outlines the technical network requirements and pre-installation checks for successfully deploying PAX payment terminals that use RNDIS (Remote Network Driver Interface Specification) for integration with POS systems.

It is intended for external IT providers, network administrators, and any technical stakeholders responsible for managing network environments where these terminals will be deployed.

1. Site Preparation & Network Validation

To ensure reliable operation of RNDIS-connected payment terminals, it is critical to validate the IP addressing scheme at the merchant site prior to installation. IP conflicts—particularly with default RNDIS configurations—can cause terminal communication failures or complete network disconnection.

Recommended Pre-Installation Steps

Check existing IP addressing on POS terminals

On each POS workstation, open Command Prompt and run:
ipconfig /all

Review the IPv4 configuration and ensure no overlap with the RNDIS default subnet ranges.

Identify and avoid IP range conflicts

By default, RNDIS adapters may use the following IP ranges:

192.168.137.0/24 (i.e. 192.168.137.1 – 192.168.137.254)
192.168.0.0/16 (i.e. 192.168.0.1 – 192.168.255.255)

If any POS terminals or site devices are configured within these ranges, a custom IP range must be selected for the RNDIS adapter (e.g. 172.16.1.1/24 or another unused private subnet).

Use a subnet calculator if needed

To confirm suitable addressing, you may use this free online tool:
[https://www.davidc.net/sites/default/subnets/subnets.html]

2. Firewall & Whitelisting Configuration

To allow successful communication between the payment terminal and its cloud infrastructure, the following network configurations must be applied:

Ensure the Windows Firewall on the POS machine allows outbound and inbound traffic required by the payment terminal and payment application.
Allow all required URLs, ports, and IP addresses used by the PAX terminal and Terminal Connect platform through the site-level firewall or security gateway.
Whitelisting should include traffic from the RNDIS interface as well as any fallback Wi-Fi or 4G interfaces on the terminal.

PaySuite TMS:

Service	URL or IP	Descriptions	M/O	Remarks
Terminal API	api.whatspos.com port: 443	Detailed functions as below: Terminal login/init/replacement Terminal merchant login Terminal app purchase/subscription Sync terminal data: - logcat - installed applications - installed firmware - terminal battery, cpu, memory, storage usage - terminal configurations (volume, brightness, language, gps_enabled etc.) - terminal hardware status (bluetooth, prnter, icc, picc, ped etc.) - terminal location - terminal data usage (3g, 4g, wifi etc.) - terminal basic infomation (IP, IMEI, screen resolution, SIM, MAC address, android version, Model PN, timezone etc) Retrieve terminal push task: - application - parameter - firmware - rki - message - uninstall application - lock terminal - restart terminal - set launcher - collect logcat - hardware enable/disable - ped status chagne - terminal configurations (volume, brightness, language, gps enable/disable) - puk inject -store clien update -profile	Mandatory	(MAXSTORE client data retrieve and update to backend)
Terminal Download service	www.whatspos.com port: 443	Terminal download: application parameter firmware store client	Mandatory	(App, firmware, parameter download service)
Stackly Service	paxras.whatspos.com port: 443	A real-time exception reporter that helps developers track, prioritize, analyze, and fix stability issues to improve the App quality. it will upload exception report to backend.	Optional	(Crash Report. Not Necessary)
MAXSTORE Message Notification	mpush.whatspos.com port: 443	Subscribe app, firmware from global marketplace.	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush1.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush2.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush3.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush4.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush5.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush6.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush7.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
MAXSTORE Message Notification	mpush8.whatspos.com port: 3000	Message Channel for one-byte push command	Mandatory	(Channel to do heartbeat and send notification)
Geo-Location Service by Tencent (v8.1.1 and after version )	analytics.map.qq.com:443	Map Service to get geo-location data ( below data will be used for geo-location: wifi: BSSID, Level, Rssi cell: MCC, MNC, LAC, CID, rssi gps: directly provide longitude and latitude result terminal: Android ID )	Optional
Geo-Location Service by Tencent (v8.1.1 and after version )	lbs.map.qq.com:443	Map Service to get geo-location data ( below data will be used for geo-location: wifi: BSSID, Level, Rssi cell: MCC, MNC, LAC, CID, rssi gps: directly provide longitude and latitude result terminal: Android ID )	Optional
Geo-Location Service by Tencent (v8.1.1 and after version )	cs.map.qq.com:443	Map Service to get geo-location data ( below data will be used for geo-location: wifi: BSSID, Level, Rssi cell: MCC, MNC, LAC, CID, rssi gps: directly provide longitude and latitude result terminal: Android ID )	Optional
Geo-Location Service by Tencent (v8.1.1 and after version )	cc.map.qq.com:443	Map Service to get geo-location data ( below data will be used for geo-location: wifi: BSSID, Level, Rssi cell: MCC, MNC, LAC, CID, rssi gps: directly provide longitude and latitude result terminal: Android ID )	Optional

AirViewer:

Service	URL or IP	Descriptions	M/O	Remarks
AirViewer Service	posviewer1.paxsaas.com:8089	Value added service, for Marketplace Administrators to remote to their POS and conduct maintenance. (with https encryption for data transmission, and no data stored, als other security controls and notifications for users)	Optional
AirViewer Service	posviewer2.paxsaas.com:8089	Value added service, for Marketplace Administrators to remote to their POS and conduct maintenance. (with https encryption for data transmission, and no data stored, als other security controls and notifications for users)	Optional
AirViewer Service	posviewer3.paxsaas.com:8089	Value added service, for Marketplace Administrators to remote to their POS and conduct maintenance. (with https encryption for data transmission, and no data stored, als other security controls and notifications for users)	Optional
AirViewer Service	posviewer5.paxsaas.com:8089	Value added service, for Marketplace Administrators to remote to their POS and conduct maintenance. (with https encryption for data transmission, and no data stored, als other security controls and notifications for users)	Optional
AirViewer Service	posviewer6.paxsaas.com:8089	Value added service, for Marketplace Administrators to remote to their POS and conduct maintenance. (with https encryption for data transmission, and no data stored, als other security controls and notifications for users)	Optional
Stackly - Exception Reporter	paxras.whatspos.com port: 443	Real-time exception reporter that helps developers track, prioritize, analyze, and fix stability issues to improve the App quality. it will upload exception report to backend.	Optional

3. Windows RNDIS Registry Configuration

Some versions of Windows may require manual registry entries to fully enable RNDIS functionality.

Please ensure the following:

RNDIS drivers are correctly installed on the POS machine
Registry values related to USB selective suspend and RNDIS interface stability are configured as per Nuvei’s deployment documentation

If you are unfamiliar with registry configuration, please contact your Nuvei onboarding specialist or IT support contact for assistance.

4. Power Management Settings on POS

Power management configurations on the POS terminal can cause the RNDIS interface to disconnect intermittently. To prevent disruption of payment processing:

Disable sleep/hibernate modes on the POS
Prevent USB ports from being powered down by the OS (via Device Manager > USB Root Hub settings)
In the event of a disconnection, reinserting the USB cable or rebooting the POS may re-establish the RNDIS link

Support & Escalation

If you encounter challenges in meeting the requirements outlined above, or if the terminal fails to establish a network connection via RNDIS:

Contact Nuvei's technical support or your assigned implementation manager
Provide screenshots of ipconfig /all and details of your network topology
Refer to the full onboarding checklist for further site readiness validation