The table below lists the essential whitelisting options for your GRUBBRR Tizen or Windows device operating on version 14.x of our Kiosk application. For an in-depth explanation of what Whitelisting is and why we need it, as well as links to other whitelisting guides, please check the help article here.
Kiosk Whitelisting Requirements
| URL |
IP Address(es) |
Port | Purpose |
| console.grubbrr.com |
See Note B | 443 |
Allows the kiosk to download data from and upload data to the GRUBBRR Console |
| prod-grubbrr.identity.us.auth0.com | 104.19.167.1/20* | 443 |
GRUBBRR account / identity provider |
| builds.grubbrr.net | 13.107.246.1/28* | 443 |
Allows the kiosk to download updated software versions from application storage servers. |
| api.nge.grubbrr.com | 20.119.0.28 | 443 |
Enables real-time, cloud-based communication between the Kiosk and the Console |
| stgngeprodeastus.blob.core.windows.net |
52.239.169.1/23* | 443 |
Microsoft Azure data storage |
|
api.vfipayna.com/ipchapi/rh.aspx |
199.71.106.52 199.71.106.58 |
443 |
Allows the Verifone Gateway to process orders |
| *.sentry.io | See Note B | 443 |
Collects Kiosk App Logs and manages general Error Tracking |
| *.pusher.com *.pusherapp.com |
See Note B | 443 |
Allows the kiosk to receive notifications from the GRUBBRR Portal |
| ik.imagekit.io | See Note B | 443 |
Allows the kiosk to communicate with media storage servers. These host the kiosk screensavers, images, and other UI elements of the kiosk software. |
| fonts.gstatic.com | See Note B | 443 |
Gives the Kiosk access to Google Font Libraries |
| eastus-8.in.applicationinsights.azure.com | See Note B | 443 |
Gives the Kiosk access to Microsoft Azure App Insights telemetry |
Remote Management Whitelisting Requirements
| URL |
IP Address(es) |
Port | Purpose |
| *.teamviewer.com | See Note B |
80, 443 |
Enables remote control of the Kiosk using TeamViewer |
| *.manage.microsoft.com | 443 |
The URLs and ports here enable the effective and secure management of remote devices via Microsoft Intune.
If CIDR blocks are needed,
|
|
| EnterpriseEnrollment.manage.microsoft.com | 443 | ||
| *.update.microsoft.com | 80, 443 | ||
| *.autodeploy.mp.microsoft.com | 443 | ||
| *.support.services.microsoft.com | 443 | ||
| remoteassistance.support.services.microsoft.com | 443 | ||
| *.attest.azure.net | 443 | ||
| login.microsoftonline.com | 443 | ||
| graph.windows.net | 443 | ||
| *.azureedge.net | 443 | ||
| time.windows.com | 123 (NTP) |
||
| *.do.dsp.mp.microsoft.com | 443 | ||
| *.dl.delivery.mp.microsoft.com | 443 | ||
| edge.microsoft.com | 443 | ||
| *.msftconnecttest.com | 443 | ||
| *.msedge.net | 443 | ||
| *.microsoft.com | 443 | ||
| *.wns.windows.com | 443 | ||
| *.azure.com | 443 | ||
| *.login.live.com | 443 |
Notes
Note A: You can whitelist via entries in the "Address" or "IPs" column; you do not need to do both
Note B: These dynamic IP address ranges are managed by their corresponding cloud service providers and are NOT guaranteed to remain unchanged. It is highly recommended to use Domain Name-based whitelisting on your firewall to resolve these URLs and permit access based on the corresponding dynamic IP addresses.