Network Communication
This page provides information about ports and protocols that must be enabled on firewalls and other related security aspects to ensure safe usage of YSoft SafeQ 6.
Security configuration
Secured network communication must always be considered when using YSoft SafeQ 6. Most important links are encrypted by default right after the installation using pre-installed certificates. Pre-installed certificates naturally do not ensure highest level of security and they should be replaced by customer ones.
Some links are by default unencrypted. In order to make all the securable path encrypted and subsystems authenticated, continue with the configuration on the following page: Communication paths.
Firewall Configuration Best Practices
In accordance to the "least privilege" security principle, it is strongly advised to configure a firewall to (1) only allow communication from trusted components and/or networks and (2) only open ports required by actual YSoft SafeQ deployment and configuration. When communication with untrusted networks is needed (e.g. public Internet), additional security measures should be considered.
JMX Ports Threat
JMX is used mainly for system monitoring. While these functions are helpful, having ports opened publicly without any authentication mechanism is a high-security risk and customers should only open them with proper configuration or/and understanding the risks. Since MU38 JMX ports in SafeQ are by default accessible only from localhost.
Bandwidth and Latency
Bandwidth and latency must be considered for each implementation:
Latency is important to be kept under 100ms for metadata synchronization in Site Server cluster locations (Spooler Controller Group) and for user experience on all browser based terminal (i.e. between where the MFD is and its respective Terminal Server).
Bandwidth required is vastly dependent on print job data size and path: from workstation to FlexiSpooler (which can reside on the very same workstation or on a remote Site Server) and from FlexiSpooler to the device. Print job metadata traveling among components average around 40–60 kB per print job.
Network communication overview
Following table provides a complete list of the ports and protocols that must be enabled on firewalls in order to ensure YSoft SafeQ 6 system functionality.
This documents describes the communication that has to be allowed on the network level, it does not describe communication that takes place via loopback interface (localhost)
Management
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
User | Management | 80 | 443 | HTTP/HTTPS | TCP | User credentials, settings, GUID |
Management | Management | 6020 | 6020 | Proprietary | TCP | Synchronization info, system properties values |
Spooler Controller | Management | 6010 | 6010 | Proprietary | TCP | Configuration, User data, Workflow data |
Payment machine (SPM) | Management | 4096 | n/a | Proprietary | TCP | Firmware update |
Payment machine (SPM) | Management | 64099 | n/a | Proprietary | UDP | Server discovery |
User | Management | 80 | 443 | HTTP/HTTPS | TCP | Credentials, availability status, LDAP settings, Device information |
ProactiveCare | Management | 19898 | n/a | JMX, JMX RMI | TCP | System state |
Management | Management | 4099 | n/a |
|
| ServerSync |
Spooler Controller
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Spooler Controller | Spooler Controller | 5555 | 5555 | Proprietary | TCP | Configuration |
Management | Spooler Controller | 5020 | n/a | HTTP | TCP | Job preview |
Mobile Integration Gateway | Spooler Controller | 5555 | 5555 | Proprietary | TCP | User credentials, configuration |
End User Interface | Spooler Controller | 5555 | 5555 | Proprietary | TCP | Configuration |
Mobile Print Server | Spooler Controller | 5555 | 5555 | Proprietary | TCP | Configuration, user credentials |
FlexiSpooler server/client spooling | Spooler Controller | 5555 | 5555 | Proprietary | TCP | User credentials, configuration |
Flexispooler | Spooler Controller | 5566 | n/a | HTTP | TCP | Print job accounting information |
Terminal Server | Spooler Controller | 5556 | n/a | Proprietary | TCP | Configuration, notification about terminal management and user sessions |
Terminal Server | Spooler Controller | 5020 | n/a | HTTP | TCP | Job preview |
Workflow Processing System | Spooler Controller | 5555 | 5555 | Proprietary | TCP | Configuration, User data, Workflow data |
Payment System | Spooler Controller | 5556 | n/a | Proprietary | TCP | Configuration, license, user credentials, card assignment |
ProactiveCare | Spooler Controller | 9000 | n/a | JMX RMI | TCP | System state |
ProactiveCare | Spooler Controller | 9898 | n/a | JMX | TCP | System state |
ProactiveCare | Spooler Controller group | 9999 | n/a | JMX | TCP | System state |
ProactiveCare | Spooler Controller group | 19044 | n/a | JMX RMI | TCP | System state |
Job Service | Spooler Controller | 5555 | n/a | YMQ | TCP | Configuration, job preview image |
Identity Server | Spooler Controller | 5555 | 5555 | Proprietary | TCP | User credentials |
Terminal Server
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Embedded terminal for Xerox | Terminal Server | 5011 | 5012 | SOAP/HTTPS | TCP | User credentials |
Embedded terminal for Xerox | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | Application data, job preview |
Embedded terminal for Xerox Versalink | Terminal Server | 389 | 636 | LDAP/LDAPS | TCP | User roles and permission groups |
Embedded terminal for Xerox Altalink | Terminal Server | 389 | 389 | LDAP/LDAP over STARTTLS | TCP | User roles and permission groups |
Embedded terminal for Fuji Xerox | Terminal Server | 5011 | 5012 | SOAP/HTTPS | TCP | User credentials |
Embedded terminal for Fuji Xerox | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | Application data, job preview |
Embedded terminal for Fuji Xerox XCP | Terminal Server | 5013 | 5029 | HTTP/HTTPS | TCP | User credentials |
Embedded terminal for Fuji Xerox XCP | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | Application data, job preview |
Embedded terminal for FUJIFILM BI | Terminal Server | 5013 | 5029 | HTTP/HTTPS | TCP | User credentials |
Embedded terminal for FUJIFILM BI | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | Application data, job preview |
Embedded terminal for Konica Minolta, Develop, Olivetti | Terminal Server | 5021 | 5014, 5015, 5016, 5017, 5018, 5019, 5022 | SOAP/HTTPS | TCP | All device communication data, e.g. user credentials |
Embedded terminal for Sharp | Terminal Server | 5011 | 5012 | SOAP/HTTPS | TCP | Web services |
Embedded terminal for Sharp | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | User credentials, job authorization, accounting information, events |
Embedded terminal for Sharp-eSF | Terminal Server | 5021 | n/a | HTTP | TCP | User credentials |
Embedded terminal for Toshiba (non MDS) | Terminal Server | 5011 | 5012 | HTTP/HTTPS | TCP | Application data, job preview |
Embedded terminal for Toshiba (non MDS) | Terminal Server | 389 | 636 | LDAP/LDAPS | TCP | User credentials |
Embedded terminal for Toshiba MDS | Terminal Server | 5011 | 5012 | HTTP/HTTPS | TCP | Web services |
Embedded terminal for Toshiba MDS | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | User credentials, all application data |
Embedded terminal for Samsung | Terminal Server | 5013 | n/a | HTTP | TCP | User credentials, all application data |
Embedded terminal for Lexmark | Terminal Server | 5021 | n/a | HTTP | TCP | User credentials |
Embedded terminal for Ricoh | Terminal Server | 5011 | 5012 | HTTP/HTTPS | TCP | Web services |
Embedded terminal for Ricoh | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | User credentials |
Embedded terminal for Epson | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | User credentials, job preview |
Embedded terminal for Epson | Terminal Server | 5023 | 5024 | HTTP/HTTPS | TCP | Notifications, accounting |
Embedded terminal for Brother | Terminal Server | 5026 | 5027 | HTTP/HTTPS | TCP | Authentication,Accounting,Jobs,Scanned document |
Embedded terminal for HP | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | User credentials, Scanned document |
Embedded terminal for HP | Terminal Server | 5025 | 5025 | HTTPS | TCP | Web services |
Embedded terminal for OKI | Terminal Server | 5011 | 5012 | HTTP/HTTPS | TCP | Application data, job preview |
Embedded terminal for OKI | Terminal Server | 389 | 636 | LDAP/LDAPS | TCP | User credentials |
Embedded terminal for OKI sXP2 | Terminal Server | 5011 | 5012 | HTTP/HTTPS | TCP | Application data, job preview |
Embedded terminal for OKI sXP2 | Terminal Server | 389 | 636 | LDAP/LDAPS/LDAP over STARTTLS | TCP | User credentials |
Terminal Professional (TP4) | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | User credentials, job preview, all application data |
Mobile terminal (Android) | Terminal Server | 5021 | 5022 | HTTP REST API (JSON)/HTTPS | TCP | User credentials, job metadata |
Mobile terminal (iPhone) | Terminal Server | 5021 | 5022 | HTTP REST API (JSON)/HTTPS | TCP | User credentials, job metadata |
Mobile terminal (Windows Phone) | Terminal Server | 5021 | 5022 | HTTP REST API (JSON)/HTTPS | TCP | User credentials, job metadata |
Mobile terminal | Terminal Server | 5021 | 5022 | HTTPS | TCP | Logs (time of crash, OS, stacktrace) |
Spooler Controller | Terminal Server | 5557 | n/a | Proprietary | TCP | Configuration, notification about terminal management and user sessions |
Terminal Server | Terminal Server (ETCD) | 2377 | n/a | HTTP | TCP | User IDs (Konica Minolta, Sharp), credit informations, timestamps, device exclusivity locks, scan duplex from glass, Sharp Hello message, application IDs for Konica Minolta |
Terminal Server (ETCD) | Terminal Server (ETCD) | 2378 | n/a | HTTP | TCP | User IDs (Konica Minolta, Sharp), credit informations, timestamps, device exclusivity locks, scan duplex from glass, Sharp Hello message, application IDs for Konica Minolta |
Network card reader | Terminal Server | 5011 | n/a | HTTP | TCP | User credentials (card number) |
Terminal Professional (TPv3.5) in Network card reader mode | Terminal Server | 5011 | n/a | HTTP | TCP | User credentials (card number) |
MFD | Terminal Server | 21, 1024-65535 | n/a | FTP | TCP | Scanned document. Port 21 is configurable by a system parameter "ftp-port". Ports 1024-65535 are used only when MFD is in passive FTP mode. |
MFD | Terminal Server | User defined | User defined | WebDAV/WebDAVS | TCP | Scanned document |
EDEE | Terminal Server | 5021 | 5022 | HTTP/HTTPS | TCP | User credentials |
Terminal Professional | Terminal Server | 4096 | 4096 | Proprietary | TCP | User credentials (card number, pin, username+password), firmware update, session data |
Terminal Professional | Terminal Server | 37 | n/a | Proprietary | UDP | Time synchronization |
Terminal Professional | Terminal Server (SQTA) | 5021 | 5022 | HTTP | TCP | Job preview |
Terminal Ultralight | Terminal Server | 4096 | 4096 | Proprietary | TCP | User credentials (card number, pin), firmware update, session data |
Terminal Ultralight | Terminal Server | 37 | n/a | Proprietary | UDP | Time synchronization |
Flexi Spooler
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Mobile Integration Gateway | FlexiSpooler server spooling/non spooling | 5559 | 5559 | HTTP/HTTPS | TCP | Job data |
Mobile Print Server | FlexiSpooler server spooling/non spooling | 5559 | 5559 | HTTP/HTTPS | TCP | Job data |
User/LPD | FlexiSpooler client spooling/non spooling | 515 | n/a | LPR | TCP | Job data |
Desktop Interface | FlexiSpooler client spooling/non spooling | 5558 | 5558 | Proprietary | TCP | Job data, user credentials |
FlexiSpooler server/client non spooling | FlexiSpooler server spooling/non spooling | 5559 | 5559 | HTTP/HTTPS | TCP | Job data |
Other app (e.g. SAP) LPR printing | FlexiSpooler server spooling/non spooling | 515 | n/a | LPR | TCP | Job data |
SafeQ Client | FlexiSpooler server spooling/non spooling | 9100 | n/a | TCP/IP raw/jet direct | TCP | Username and domain, job data |
Workflow Processing System
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Terminal Server | Workflow Processing System | 5600 | 5600 | HTTP/HTTPS | TCP | Scanned data |
Terminal Server | Workflow Processing System | n/a | n/a | SMB/WebDAV/WebDAVS | TCP | Scanned document |
Payment
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
End User Interface | Payment System | 8080 | 8443 | HTTP/HTTPS | TCP | User information, voucher code, configuration |
User | Payment System Web Interface | 8080 | 8443 | HTTPS | TCP | User credentials |
Terminal Server | Payment System | 8080 | 8443 | HTTP REST API/HTTPS | TCP | Credit and Quotas data |
Payment machine (SPM) | Payment System | 4196/4198 | 4197/4199 | Proprietary over SSL/TLS |
| User credentials (card number, pin, username+password), credit transaction data |
Payment System | Payment Gateway |
|
| HTTP/HTTPS | TCP | Transaction information |
Payment System | External Payment System | User defined | User defined | Protocol depends on external payment system |
|
|
Management | Payment machine (SPM) | 4095 | n/a | Proprietary | TCP | Configuration change, firmware update |
User (termtool user utility) | Payment machine (SPM) |
|
| Proprietary | TCP | Configuration change, remote control commands, firmware update |
User (termtool user utility) | Payment machine (SPM) | 64099 | n/a | Proprietary | UDP | Configuration change, remote control commands, terminal discovery |
User | Payment machine (SPM) | 161 | n/a | SNMPv2c | UDP | Connection, authentication and operation states |
MFD
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Terminal Server | MFD |
|
|
| ICMP | Device alive response message |
Terminal Server | MFD (Konica Minolta) | 50001 | 50003 | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (Konica Minolta) | User defined | User defined | SNMP |
| Device control (e.g. job deletion) |
Terminal Server | MFD (Ricoh) | 80/8080 | 443/51443 | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (Ricoh) | 64098 | n/a | TCP/IP | TCP | Configuration |
Terminal Server | MFD (FUJIFILM BI) | 58070 | n/a | TCP/IP | TCP | Configuration |
Terminal Server | MFD (HP) | Device-dependent | Device-dependent | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (Toshiba) | 49629 | 49630 | HTTP/HTTPS | TCP | Installation of Embedded Terminal for Toshiba |
Terminal Server | MFD (Toshiba) | 50083 |
| HTTP | TCP | Scan event configuration of Embedded Terminal for Toshiba |
Terminal Server | MFD (Sharp) | User defined | User defined | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (Sharp-eSF) | 21, 1024-65535 | n/a | FTP - passive |
| Terminal installation process. Port range 1024-65535 is all possible ports that the MFD can use to accept data and depends on the FTP server settings of the MFD. |
Terminal Server | MFD (Samsung) | 80 | n/a | HTTP | TCP | Terminal installation process |
Terminal Server | MFD (Lexmark) | 21, 1024-65535 | n/a | FTP - passive |
| Terminal installation process. Port range 1024-65535 is all possible ports that the MFD can use to accept data and depends on the FTP server settings of the MFD. |
Terminal Server | MFD (Epson) | 80 | 443 | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (Xerox) | 80 | 443 | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (Xerox) | 161 | n/a | SNMP |
| Configuration |
Terminal Server | MFD (Fuji Xerox) | User defined | User defined | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (Fuji Xerox XCP) | User defined | User defined | HTTP/HTTPS | TCP | Terminal installation process |
Terminal Server | MFD (FUJIFILM BI) | User defined | User defined | HTTP/HTTPS | TCP | Terminal installation process |
Spooler Controller | MFD (Konica Minolta) | 80 | 443 | IPP/IPPSSL | TCP | Device status information |
Terminal Professional (TP4) | MFD | User defined | User defined | SNMP |
| Device status information |
USB card reader | MFD/PC | n/a | n/a | Proprietary |
| User credentials (card number), Configuration change, remote control commands, firmware update |
FlexiSpooler server/client spooling | MFD | 515/9100/80 | 443/631 | LPR/RAW/IPP/IPPS | TCP | Job data |
Terminal Server | MFD | 1024-65535 | n/a | FTP - active |
| Scanned document. This is used only when the MFD uploads data using active FTP. Port range 1024-65535 is dependent on the FTP settings of the MFD. |
Spooler | MFD | User defined | User defined | JetDirect, IPP, IPPS | TCP | Job data |
Database server
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Management | Database server (MS SQL) | 1433 | 1433 | TCP/TCP over TLS | TCP | User info, job info, statistics, configuration, etc. |
Database server (MS SQL) | Database server (MS SQL) | 1433 | 1433 | TCP/TCP over TLS | TCP | User info, job info, statistics, configuration, etc. |
Management | Database server (PGSQL) | 5432 (External) / 5433 (Embedded) | 5432 (External) / 5433 (Embedded) | TCP/TCP over TLS | TCP | User info, job info, statistics, configuration, etc. |
Database server (PGSQL) | Database server (PGSQL) | 5432 | 5432 | TCP/TCP over TLS | TCP | User info, job info, statistics, configuration, etc. |
LDAP
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Management | LDAP Replicator service | 9696 | n/a | JMX | TCP | User data |
Management | LDAP Replicator service | 9002 | n/a | JMX RMI | TCP | User data |
LDAP Replicator service | LDAP Server | User defined | User defined | LDAP/LDAPS | TCP | User data, LDAP credentials |
Management | LDAP Server | User defined | User defined | LDAP/LDAPS | TCP | User credentials |
Microsoft
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Workflow Processing System | Microsoft Exchange | n/a | 80 | HTTP/HTTPS | TCP | Credentials, scanned data |
Workflow Processing System | Microsoft OneDrive for Business (365) | n/a | n/a | HTTPS | TCP | Credentials, scanned data |
Workflow Processing System | Microsoft SharePoint 2010 | n/a | n/a | HTTP/HTTPS | TCP | Credentials, scanned data |
Workflow Processing System | Microsoft SharePoint 2013 | n/a | n/a | HTTP/HTTPS | TCP | Credentials, scanned data |
Workflow Processing System | Microsoft SharePoint 2016 | n/a | n/a | HTTP/HTTPS | TCP | Credentials, scanned data |
Workflow Processing System | Microsoft SharePoint Online (365) | n/a | n/a | HTTPS | TCP | Credentials, scanned data |
eDee
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
FlexiSpooler | EDEE | 9100 | n/a | TCP/IP (RAW) | TCP | Job data |
IMS
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Management | IMS | 7347 | 7348 | HTTP/HTTPS | TCP | Configuration |
Spooler Controller | IMS Proxy | 7347 | 7348 | HTTP/HTTPS | TCP | Configuration |
Terminal Server | IMS Proxy | 7347 | 7348 | HTTP (REST)/HTTPS | TCP | HW device registration, TP4 and EDEE installation process |
UA | IMS | 7347 | 7348 | HTTP/HTTPS | TCP | Status report (hardware configuration, serial number, FW/SW version, configuration, network state), logs |
UA | IMS Proxy | 7347 | 7348 | HTTP/HTTPS | TCP | Status report (hardware configuration, serial number, FW/SW version, configuration, network state), logs |
Terminal Ultralight
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Terminal Server | Terminal Ultralight | 4095 | n/a | Proprietary | TCP | Configuration change, firmware update |
User (termtool user utility) | Terminal Ultralight | 4095 | n/a | Proprietary | TCP | Configuration change, remote control commands, firmware update |
User (termtool user utility) | Terminal Ultralight | 64099 | n/a | Proprietary | UDP | Configuration change, remote control commands, terminal discovery |
User | Terminal Ultralight |
|
| SNMPv2c over TCP/IP or UDP/IP | TCP | Connection, authentication and operation states |
Terminal Pro 3.5
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Terminal Server | Terminal Professional (TPv3.5) | 4095 | n/a | Proprietary | TCP | Configuration change, firmware update, compressed job delivery, session data |
User (termtool user utility) | Terminal Professional (TPv3.5) |
|
| Proprietary | TCP | Configuration change, remote control commands, firmware update |
User (termtool user utility) | Terminal Professional (TPv3.5) | 64099 | n/a | Proprietary | UDP | Configuration change, remote control commands, terminal discovery |
User | Terminal Professional (TPv3.5) |
|
| SNMPv2c over TCP/IP or UDP/IP | TCP | Connection, authentication and operation states |
Others
Client side | Server side | Unsecured server side port | Secured server side port | Application protocols | Network protocols | Transferred data |
Management | Identity Provider (SAML) | n/a | n/a | HTTP/HTTPS | TCP | Identity provider information, key for signature verification |
Spooler Controller | Infinispan | 80, 81 | n/a | HTTP | TCP | Job metadata |
Infinispan | Infinispan | 7800 | 7800 | JGroups | TCP/UDP | Job metadata |
Infinispan | Infinispan | 7801, 7802 | n/a | JGroups | TCP/UDP | – |
Management | Mail Server | 25/587 | 25/465/587 | SMTP/SMTPS | TCP | Reporting and notifications |
Spooler Controller | Mail Server | 25/587 | 25/465/587 | SMTP/SMTPS | TCP | Reporting and notifications |
Mobile Integration Gateway | External System | 5353 | n/a | mDNS (UDP) | UDP | Printer information |
Mobile device | Mobile Integration Gateway | 8050 | 8050 | IPP/IPPSSL | TCP | User credentials |
User | End User Interface | 9090 | 9443 | HTTP/HTTPS | TCP | User credentials |
Mobile Print Server | Mail Server | 25/587 | 25/465/587 | SMTP/SMTPS | TCP | Email notifications |
Mobile Print Server | Mail Server | 110 | 995 | POP3/POP3S | TCP | Emails with job data |
Mobile Print Server | Mail Server | 143 | 993 | IMAP/IMAPS | TCP | Emails with job data |
Mobile Print Server | Shared folder (used by EUI) | 137/138 (UDP) | 137/138 (UDP) | SMB | TCP/UDP | Job data |
FlexiSpooler server/client spooling | Shared folder | 137/138 UDP | 137/138 UDP | SMB |
| Job data |
Management | DropBox (Business/Enterprise) | n/a | 443 | HTTPS | TCP | User credentials / token |
Workflow Processing System | DropBox (Business/Enterprise) | n/a | 443 | HTTPS | TCP | Scanned document |
Workflow Processing System | File System | n/a | n/a | SMB |
| Scanned data |
Workflow Processing System | Mail Server | n/a | n/a | SMTP/SMTPS | TCP | Scanned data |
Workflow Processing System | HP Records Manager (HP Trim) | 1137 | 1137 | TCP/IP/HTTPS | TCP | Scanned document, job metadata |
Payment System | Mail Server | n/a | n/a | SMTP |
| Reporting |
Payment machine (SPM) | User | User defined | User defined | SNMPv2c | UDP | Connection and authentication states change |
User | UA | n/a | 22 | SSH | TCP | FW/SW update, status report, credentials, Management server address |
EDEE | Mail Server | 25/587 | 25/465/587 | SMTP/SMTPS | TCP |
|
Terminal Professional | User | User defined | User defined | SNMPv2c trap over UDP/IP | UDP | Connection and authentication states change |
Terminal Ultralight | User | User defined | User defined | SNMPv2c trap over UDP/IP | UDP | Connection and authentication states change |
Spooler | Spooler (Server Spooling) | 5002 | 5002 | HTTP/HTTPS | TCP | Job data |
– | End User Interface | 9009 | n/a | AJP |
| – |
Job Service | Job Service | 5000 | 5000 | HTTP/HTTPS | TCP |
|
Job Service | JS Infinispan | 6000 | n/a | HTTP | TCP | Job metadata |
JS Infinispan | JS Infinispan | 7900 | 7900 | JGroups | TCP/UDP | Job metadata |
MySafeQ | Identity Server | 5000 | 5000 | HTTP/HTTPS | TCP | User credentials |
MySafeQ | Spooler | 3050 | n/a | HTTP | TCP | Access token |
System spooler (Windows) | Spooler | 515/631 | 632 | LPR, IPP, IPPS | TCP | Job data |
System spooler (MAC) | Spooler | 5515/5631 | 5632 | LPR, IPP, IPPS | TCP | Job data |
Spooler | File System | n/a | n/a |
|
| Configuration, job data |
Spooler | Job Service | 5000 | 5000 | HTTP/HTTPS | TCP | Job metadata, commands (print, delete, preview), job preview image |
Job Service | Identity Server | 5000 | 5000 | HTTP | TCP | Access token, scope |
edge-config-application | edge-remote-site-server-config |
| HTTPS + AMQP |
| TCP | Configuration + CSR and certificates |