OUTGOING
If a merchant has firewall rules permitting access outbound (http/s) from their systems to *.globalgatewaye4.firstdata.com hosts they are encouraged to use Fully Qualified Domain Names (FQDN) instead of specific IP addresses in their rule sets.
For those merchants who use numerical IP addresses for their rule sets, the address ranges are listed below. Note that the COMPLETE LIST of addresses must be added and not just one or two.
The address ranges listed below are for the production environment only. In order to permit access to the demo environment, you will need to use FQDN. We do not list IP addresses for the demo environment.
Outgoing from merchant firewalls to *.GlobalGatewayE4.FirstData.com
IPv4 - These are all mandatory for all merchants who have firewall rules.
76.74.201.16 /28
76.74.200.144 /28
107.6.23.144 /28
64.69.66.80 /28
204.239.215.0 /24
199.27.128.0/21
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
IPv6 - This complete list can be optionally added by merchants who want to include IPv6 in their firewall rules. It does not replace the need to add all of the above IPv4 IPs:
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
INCOMING
If a merchant uses “Hosted Payment Pages” they may have inbound http/s firewall rules to receive information sourcing from *.globalgatewaye4.firstdata.com hosts. These merchants are also encouraged to use FQDNs instead of IP addresses. Merchants should choose Option 1 or Option 2 depending on their firewall’s ability to use FQDNs:
Note that the COMPLETE LIST of FQDNs or addresses must be added and not just one or two.
Option 1: use fully qualified dns domain names to allow incoming:
pxy.globalgatewaye4.firstdata.com
pxy1.globalgatewaye4.firstdata.com
pxy2.globalgatewaye4.firstdata.com
pxy3.globalgatewaye4.firstdata.com
pxy4.globalgatewaye4.firstdata.com
pxy5.globalgatewaye4.firstdata.com
pxy6.globalgatewaye4.firstdata.com
pxy7.globalgatewaye4.firstdata.com
pxy8.globalgatewaye4.firstdata.com
Option 2: use static IP addresses to allow incoming:
76.74.201.16 /28
76.74.200.144 /28
107.6.23.144 /28
64.69.66.80 /28
204.239.215.0 /24
54.212.250.166/32
54.245.225.254/32
54.191.74.3/32
54.191.79.10/32
184.72.226.169/32
184.72.227.3
54.88.127.174
54.88.222.68