Home

Set up network requirements for Square hardware

Who is this article for?
  • Only account owners or networking professionals can configure network setup for Square hardware.
  • About networking requirements for Square hardware

    In most cases, Square hardware is easy to connect to the internet and use straight out of the box. However, if your business has a more complex networking setup, you may want to check Square’s networking requirements to optimize the performance of your Square hardware.

    Before you begin

    The following requirements typically apply to businesses with more complex internet network setups. We recommend only making changes to your network configuration if you are knowledgeable about network requirements, or working with a professional.

    Protocol/port allowlist

    If you enforce restrictions on what protocols and ports that devices on your network can access, Square devices require the following protocols and their corresponding ports to be allowed through your firewall:

    • NTP: This is critical for ensuring that the device has the correct time. Connectivity may fail due to certificate validity mismatches if the device time is wrong.

    • HTTPS (only port 443): All traffic to Square servers is made over HTTPS.

    The following ports are also used for network printers, but these do not require access to the internet: 

    • UDP: 22222, 3289 

    • TCP: 9100:9109

    Domain filtering

    If you enforce restrictions on what domains can be accessed from within your network, Square devices require the following domains to be allowlisted.

    HTTPS traffic

    All subdomains of:

    • squareup.com
    • issquareup.com
    • squarecdn.com
    • cash.me
    • Cash.app
    • squarecloudservices.com

    As well as the following FQDNs:

    • api.skyhookwireless.com
    • notify.bugsnag.com
    • sessions.bugsnag.com
    • apytiqcuyrsq6-ats.iot.us-east-2.amazonaws.com
    • square.site
    • www.weebly.com
    • api.mapbox.com
    • mobile-data.onetrust.io
    • privacyportal.onetrust.com
    • cdn.cookielaw.org
    • memfault-prod-east1.s3.amazonaws.com
    • memfault-prod-ap-south-1.s3.amazonaws.com
    • files.memfault.com
    • device.memfault.com
    • ingress.memfault.com

    NTP traffic

    NTP requires access to:

    • time.android.com

    IP addresses

    • US: 74.122.184.0/21
    • Asia/Pacific: 103.31.216.0/22
    • Europe: 185.57.56.0/22

    Square devices also rely on access to Amazon Web Services (AWS) and Google Cloud Platform (GCP). AWS IP ranges are published here, and Google is AS15169. Make sure to add these IP ranges as well.

    Square devices have an internal firewall and an internal (domain, not IP) allowlist, and perform TLS certificate pinning on all Square endpoints, so you may consider the IP allowlisting on your side redundant depending on your purpose. It could make sense to just ensure Square devices can’t access any internal company IP addresses, and leave the rest of the internet open for Square’s on-device firewall and domain filter.

    MAC addresses

    Square’s MAC OUI: 44:59:25

    Merchants should allowlist all MAC addresses that start with the above prefix (ie. devices with MAC addresses following the pattern 44:59:25:XX:XX:XX). Alternatively, merchants can allowlist each individual device that shows up with that MAC address prefix (this prefix is owned by Square and should not be used by any other device vendors).

    If you have older Square hardware, you may need to also allowlist the following MAC prefixes:

    • Older MAC OUIs: 2C:D1:41:D, 8C:47:6E:5, 1C:59:74:6

    DNS

    Square devices are compatible with any DNS server sent to the device over DHCP as long as it works. Feel free to use your ISP’s servers, or your favorite public servers (e.g. Level3 at 4.2.2.1/4.2.2.2).

    Supported network authentication protocols

    Square devices support:

    • WPA/WPA2 PSK
    • WEP (US only)

    They do not support:

    • WPA/WPA2 Enterprise
    • WPA3 PSK/WPA3 Enterprise

    Related articles