IP Addresses for Merchants to load into Firewall Rules

Avatar
Sarah Shope
Follow

OUTGOING

If a merchant has firewall rules permitting access outbound (http/s) from their systems to *.globalgatewaye4.firstdata.com hosts they are encouraged to use Fully Qualified Domain Names (FQDN) instead of specific IP addresses in their rule sets.

For those merchants who use numerical IP addresses for their rule sets, the address ranges are listed below. Note that the COMPLETE LIST of addresses must be added and not just one or two.

The address ranges listed below are for the production environment only.  In order to permit access to the demo environment, you will need to use FQDN.  We do not list IP addresses for the demo environment.

 

Outgoing from merchant firewalls to *.GlobalGatewayE4.FirstData.com

 

IPv4 - These are all mandatory for all merchants who have firewall rules.

76.74.201.16 /28

76.74.200.144 /28

107.6.23.144 /28

64.69.66.80 /28

204.239.215.0 /24

199.27.128.0/21

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/12

172.64.0.0/13

 

IPv6 - This complete list can be optionally added by merchants who want to include IPv6 in their firewall rules. It does not replace the need to add all of the above IPv4 IPs:

2400:cb00::/32

2606:4700::/32

2803:f800::/32

2405:b500::/32

2405:8100::/32

 

INCOMING

If a merchant uses “Hosted Payment Pages” they may have inbound http/s firewall rules to receive information sourcing from *.globalgatewaye4.firstdata.com hosts. These merchants are also encouraged to use FQDNs instead of IP addresses. Merchants should choose Option 1 or Option 2 depending on their firewall’s ability to use FQDNs:

Note that the COMPLETE LIST of FQDNs or addresses must be added and not just one or two.

 

Option 1: use fully qualified dns domain names to allow incoming:

pxy.globalgatewaye4.firstdata.com

pxy1.globalgatewaye4.firstdata.com

pxy2.globalgatewaye4.firstdata.com

pxy3.globalgatewaye4.firstdata.com

pxy4.globalgatewaye4.firstdata.com

pxy5.globalgatewaye4.firstdata.com

pxy6.globalgatewaye4.firstdata.com

pxy7.globalgatewaye4.firstdata.com

pxy8.globalgatewaye4.firstdata.com

 

Option 2: use static IP addresses to allow incoming:

76.74.201.16 /28

76.74.200.144 /28

107.6.23.144 /28

64.69.66.80 /28

204.239.215.0 /24

54.212.250.166/32

54.245.225.254/32

54.191.74.3/32

54.191.79.10/32

184.72.226.169/32

184.72.227.3

54.88.127.174

54.88.222.68

Powered by Zendesk