If you are deploying Adyen payment terminals with a ValPay POS integration, your network must be configured correctly so the POS, terminal, and Adyen platform can communicate securely and reliably. Adyen requires outbound access to specific domains and ports, supports only modern TLS versions, and recommends specific IP address setup depending on whether you use local or cloud communications.
Who this applies to
This article is for ValPay partners onboarding or supporting merchants using Adyen terminals with a ValPay point-of-sale integration.
Before you begin
Make sure you know whether your setup uses:
Local communications: the POS app communicates directly with the terminal over the local network.
Cloud communications: the POS app communicates with Adyen cloud endpoints, which then communicate with the terminal. Adyen notes that offline payments are only available for integrations using local communications.
Network requirements
1. Allow outbound access to Adyen domains
Your firewall must allow outgoing HTTPS traffic from the IP addresses of your POS devices and payment terminals to the following domains:
*.adyen.com *.adyenpayments.com
Adyen recommends allowlisting by DNS name, not by hard-coded IP address, because Adyen IP addresses can change and are not published publicly. Your firewall should refresh DNS changes at least every 60 seconds.
Important: Do not hard-code Adyen IP addresses in firewall rules. Adyen explicitly states that these can change over time and are not shared publicly.
2. Open the required ports
Make sure the following ports are open:
TCP 443 to the internet
TCP 8443 on your local area network (LAN)
These ports are required for secure communication between the POS environment, terminals, and Adyen services.
3. If using local communications
If your ValPay integration uses local communications, Adyen requires:
The terminal and POS app must be connected to the same local network
The communication between the POS app and terminal must be protected securely
Best practice: For local communication setups, confirm that store Wi-Fi segmentation or VLAN rules do not block traffic between the POS device and terminal.
Security requirements
Adyen uses TLS 1.2 for secure data transmission over the internet. If you are using TLS 1.0 or 1.1 for local communications, terminals running software version 1.81 and later will not be able to process transactions. Adyen’s cloud endpoints also do not accept TLS versions below 1.2.
Supported TLS 1.2 cipher suites include:
TLS 1.2 AES256-GCM-SHA384
TLS 1.2 AES256-SHA256
TLS 1.2 AES128-GCM-SHA256
TLS 1.2 AES128-SHA256
Recommended for partners: Ensure all store infrastructure, middleware, and local POS environments support TLS 1.2 or TLS 1.3 before go-live.
Terminal IP address configuration
To send payments for online authorization, each terminal must have a valid IP address. Adyen supports three options:
Dynamic IP: assigned automatically by DHCP
DHCP reservation: the DHCP server assigns the same IP based on the terminal MAC address
Static IP: entered manually on the terminal
Adyen also notes:
You cannot mix dynamic and static configuration
The terminal IP, DNS server IPs, and router IP must be either all dynamic or all static
DHCP is enabled by default on Adyen terminals
ValPay partner recommendation
For most partner-managed environments:
Use dynamic IP without DHCP reservation for cloud communications
Use DHCP reservation or static IP addresses for local communications
Adyen also recommends setting DHCP lease time to 24 hours or more when possible.
IP address change notifications
In local communication setups, if a terminal reconnects to a different access point or experiences a network issue, its IP address can change. This can cause the POS app to lose connection to the terminal. Adyen offers an optional webhook feature that sends the updated IP address when the terminal comes back online.
When enabled, the webhook includes:
uniqueTerminalId
new_ip
To enable this feature, Adyen instructs merchants or partners to contact their Support Team and provide:
The endpoint URL that should receive the update
The access credentials for that endpoint
ValPay note: This is most useful for partners supporting local terminal communication where terminal IP persistence is important.
General network recommendations
Adyen recommends the following to reduce connectivity issues:
Use a segmented network dedicated to point-of-sale communications
Ensure a DNS server is accessible from the local network and can resolve:
*.adyen.com
*.adyenpayments.com
Honor Adyen’s 60-second DNS TTL for disaster recovery
Keep IDS/IPS firmware and signatures up to date
Connect the full POS environment, including terminals, to an uninterruptible power supply (UPS)
Go-live checklist for ValPay partners
Before going live, confirm all of the following:
Firewall allows outbound traffic to *.adyen.com and *.adyenpayments.com
DNS-based allowlisting is used instead of static Adyen IPs
Port 443 is open to the internet
Port 8443 is open on the LAN
POS and terminal are on the same local network if using local communications
Environment supports TLS 1.2 or higher
Terminal IP addressing is configured correctly
DNS resolution works for Adyen domains
DHCP lease time and reservation strategy match the integration type
Troubleshooting tips
If a ValPay partner or merchant is unable to process transactions, check the following first:
Firewall rules
DNS resolution for Adyen domains
TLS version support
Terminal IP addressing
Whether the POS and terminal are on the same local network for local integrations