If you use allowlist domains in your firewall, you'll need to include the domains listed below.
A firewall allowlist is a list of domains that are configured on a firewall or router to be explicitly allowed to pass traffic without any restrictions. This does not apply to all customers, only to those who have already configured firewall settings to block/restrict specific domains.
U.S. and International Firewall Allowlist
Wildcarded domains (recommended):
Protocol
| Destination | Destination Port |
UDP | Any | 53 |
UDP | Any | 123 |
ICMP | 8.8.8.8/32 | Any |
ICMP | 75.75.75.75/32 | Any |
ICMP | 8.8.4.4/32 | Any |
TCP | 162.159.153.239/32, 162.159.152.25/32 | 443,8443,36868 |
TCP | *.toasttab.com | 443,8443,36868,5671 |
TCP | *.toasttab.com | 80,8080,8443 |
UDP | *.toasttab.com | 3478 |
TCP | d2c9w5yn32a2ju.cloudfront.net | 443 |
TCP | *.launchdarkly.com | 443 |
TCP | api.mapbox.com | 443 |
TCP | google-analytics.com | 443 |
TCP | *.googleapis.com | 443 |
TCP | s3.amazonaws.com | 443 |
TCP | s3-external-1.amazonaws.com | 443 |
TCP | toasttab.s3.amazonaws.com | 443 |
TCP | toast-perf-mon.s3.amazonaws.com | 443 |
TCP | *.ingest.sentry.io | 443 |
TCP | *.wootric.com | 443 |
TCP | *.appcues.com | 443 |
TCP | wootric-eligibility.herokuapp.com | 443 |
TCP | d8myem934l1zi.cloudfront.net | 443 |
TCP | manage.eloview.com | 443 |
TCP | api.sunmi.com | 443 |
TCP | ota.cdn.sunmi.com | 443 |
TCP | tms.bbpos.com | 443,63357 |
TCP | *.toasttab.auth0.com | 80,443,4443,53 |
TCP | fw-update.ubnt.com | 443 |
TCP | fw-download.ubnt.com | 443 |
TCP | dl.ui.com | 443 |
TCP | *.sunmi.com | 443,80 |
TCP | apk.cdn.sunmi.com.wsdvs.com | 443 |
TCP | ota.cdn.sunmi.com.mgslb.com | 443 |
TCP | apk.cdn.sunmi.com.w.kunlunar.com | 443 |
TCP | ota.cdn.sunmi.com.w.kunlunar.com | 443 |
TCP | file.cdn.sunmi.com.w.kunlunar.com | 443 |
TCP | pic.cdn.sunmi.com.w.kunlunar.com | 443 |
TCP | d10br2b8k9bn0s.cloudfront.net | 443 |
TCP | maven.n.miliao.com | 8081 |
TCP | jivesoftware.com | 443 |
TCP | nexus.d.xiaomi.net | 443 |
TCP | pic1.ooopic.com | 443 |
TCP | *.1e100.net | 80,443 |
TCP | bit.ly | 443 |
TCP | pendo-static-5740812351307776.storage.googleapis.com | 443 |
TCP | *.pendo.io | 443 |
TCP | cdn.jsdelivr.net | 443 |
TCP | unpkg.com | 443 |
TCP | http-inputs-toast.splunkcloud.com | 443 |
TCP | app-ab35.marketo.com | 443 |
TCP | io.eloview.com | 443 |
TCP | content.eloview.com | 443 |
TCP | device.eloview.com | 443 |
TCP | dsq.eloview.com | 443 |
TCP | cdn2.hubspot.net | 443 |
TCP | cdn.auth0.com | 443 |
TCP | d2w1ef2ao9g8r9.cloudfront.net | 443 |
TCP | browser.sentry-cdn.com | 443 |
TCP | ssl.google-analytics.com | 443 |
TCP | apis.google.com | 443 |
TCP | plus.l.google.com | 443 |
TCP | *.gstatic.com | 443 |
TCP | d1pxgl8l8levq9.cloudfront.net | 443 |
TCP | sentry.io | 443 |
TCP | maxcdn.bootstrapcdn.com | 443 |
TCP | service.force.com | 443 |
TCP | *.salesforceliveagent.com | 443 |
TCP | cdn.ravenjs.com | 443 |
TCP | *.glance.net | 443,5500,5501 |
TCP | *.ecardsystems.com | 443 |
TCP | captive.apple.com | 443,80 |
TCP | *.eloview.com | 443 |
UDP | 2.android.pool.ntp.org | 123 |
TCP | api.memfault.com | 443 |
TCP | files.memfault.com | 443 |
TCP | device.memfault.com | 443 |
TCP | ingress.memfault.com | 443 |
TCP | chunks.memfault.com | 443 |
TCP | memfault-prod-east1.s3.amazonaws.com | 443 |
TCP | sdk.iad-05.braze.com | 443 |
TCP | recaptcha.net | 443 |
TCP | appboy-images.com | 443 |
TCP | braze-images.com | 443 |
TCP | cdn.braze.eu | 443 |
TCP | memfault.com | 443 |
TCP | osqn.mayitek.com | 443 |
TCP | 23.22.57.16/32 | 443 |
TCP | 44.209.216.48/32 | 443 |
TCP | 52.7.18.112/32 | 443 |
TCP | 34.228.97.229/32 | 443 |
TCP | 54.173.90.154/32 | 443 |
TCP | toast-cc-config-update-prod.s3.amazonaws.com | 443 |
TCP | *.okta.com | 443 |
TCP | *.mtls.okta.com | 443 |
TCP | *.oktapreview.com | 443 |
TCP | *.mtls.oktapreview.com | 443 |
TCP | *.oktacdn.com | 443 |
TCP | *.okta-emea.com | 443 |
TCP | *.mtls.okta-emea.com | 443 |
TCP | *.kerberos.okta.com | 443 |
TCP | *.kerberos.okta-emea.com | 443 |
TCP | *.kerberos.oktapreview.com | 443 |
TCP | *.okta-gov.com | 443 |
TCP | *.mtls.okta-gov.com | 443 |
TCP | *.okta.mil | 443 |
TCP | *.mtls.okta.mil | 443 |
TCP | 3.145.240.0/25 | 443 |
TCP | 52.32.63.128/26 | 443 |
TCP | 54.236.251.192/26 | 443 |
TCP | 54.241.191.128/26 | 443 |
UDP | network-device-syslog.prod.toasttabdns.com | 5140 |
UDP | network-device-syslog.prod.toasttabdns.com | 5142 |
TCP | vault.joinforage.app | 443 |
TCP | api.joinforage.app | 443 |
TCP | tntbcrncmgi.live.verygoodproxy.com | 443 |
ICMPv4 | *.adyen.com | Any |
TCP | *.adyenpayments.com | 443 |
TCP | *.adyen.com | 443 |
TCP | *.rq-fo.ca | 443 |
TCP | *.mev-web.ca | 443 |
TCP | us20.zimperium.com | 443 |
TCP | edge.zimperium.com | 443 |
TCP | us20-cdn.zimperium.com | 443 |
TCP | cdn.zimperium.com | 443 |
TCP | stest.zimperium.com | 80 |
TCP | certs.zimperium.com | 443 |
TCP | cs.freedompay.us | 443 |
TCP | manager.freedompay.us | 443 |
TCP | enterprise-services.freedompay.com | 443 |
TCP | cdn.freedompay.com | 443 |
TCP | 64.74.156.0/24 | 443 |
TCP | 52.177.83.208/28 | 443 |
TCP | 64.74.156.0/24 | 443 |