Allowing connections through firewall

One reason for an Internet Communication Interruption error might be a firewall blocking traffic from the DC box device to Petrosoft cloud resources. If the DC Box is operational and physically connected to the network, but still cannot connect to CStoreOffice®, check and adjust outbound firewall rules to allow communication with the required cloud services.

We do not limit the type of firewall you use at your locations. You may choose any software and hardware solution depending on your needs and IT policies. Each firewall is configured individually through a web interface, command line, or external application - check the instructions for your specific solution for details on configuring the rules.

For proper functionality, DC Box relies on both Petrosoft services and services from third-party providers. See the information below for details on configuring firewall rules.

Configuring firewall rules for Petrosoft service access

The easiest way is to allow outbound access by wildcards. However, if you still have connectivity issues, or the firewall or your IT policies require stricter access control, you can separately configure each DNS or IP address.

Using wildcard FQDN addresses

We strongly recommend configuring firewall rules through wildcards:

Wildcard	Protocols	Ports	Description
*.cstoreoffice.com	TCP/TLS	443, 20448, 20450	CStoreOffice® front end and API
*.petrosoft.cloud	TCP/TLS	443, 5000	Petrosoft Cloud Portal
*.petrosoftinc.com	TCP/ICMP	22, 443, 11194	Petrosoft corporate website and VPN
*.cloudapp.azure.com	TCP/TLS	443, 8883, 5671	Azure Device Provisioning
*.apt-petrosoftinc.com	TCP/TLS	443	Loss Prevention Analytics

Using DNS or IP addresses

Configure each address manually if your firewall does not support wildcards, or your IT policies require stricter access control:

DNS	IP addresses	Protocols	Ports	Description
cstoreoffice.com	209.166.146.115 208.40.206.212	TCP/TLS	443, 20448, 20450	CStoreOffice® Application & APIs
petrosoftinc.com	52.191.211.125	TCP/TLS	443	Petrosoft Corporate Website
edi.cstoreoffice.com	209.166.146.103	TCP/TLS	443, 2022	CStoreOffice® API, Middle Point
edi.petrosoftinc.com	209.166.146.114	TCP/TLS	443, 11194, 20448, 20450	CStoreOffice® APIs, EDI and VPN Connections
rc.cstoreoffice.com	209.166.146.123	TCP/TLS	443	CStoreOffice® Application & APIs
globalrk.petrosoftinc.com	209.166.146.105	TCP/ICMP	443	DC Repository
ubuntu-mirror.petrosoftinc.com	209.166.146.110	TCP/TLS	443	Standard Ubuntu OS components. No risk or data protection needed.
cnnx35-api.petrosoft.cloud	35.237.12.77	TCP/TLS	443,5000	Conexxus 3.5 Integration APIs
vpn1.petrosoftinc.com	209.166.146.72	TCP/TLS	11194	Petrosoft VPN server
vpn2.petrosoftinc.com	209.166.146.106	TCP/TLS	11194	Petrosoft VPN server
vpn3.petrosoftinc.com	209.166.146.107	TCP/TLS	11194	Petrosoft VPN server
vpn4.petrosoftinc.com	209.166.146.80	TCP/TLS	11194	Petrosoft VPN server
vpn5.petrosoftinc.com	209.166.146.81	TCP/TLS	11194	Petrosoft VPN server
rvpn.petrosoftinc.com	40.69.153.85	TCP	22, 443	Secondary Control Channel for reverse SSH connection.
global.azure-devices-provisioning.net	Dynamic	TCP/TLS	443, 5671, 8883	Site Level Devices - Provisioning Portal (IoT Hub)
iotc-d7a85aa4-9c30-422b-927c-3829fcb8690a.azure-devices.net	13.89.231.149 20.40.207.8	TCP/TLS	443, 5671, 8883	IoT Central template
errors-gateway-api.petrosoft.cloud	209.166.146.105	TCP/TLS	443	DC Box connectivity status endpoint
apt-petrosoftinc.com	209.166.146.69	TCP	3129	Loss Prevention Analytics

Third-party services

For uninterrupted operation, DC Box relies on several public services for tasks like IP address resolution. Ensure outbound access is granted to these service providers.

DNS	IP addresses	Protocols	Ports	Description
ipecho.net	34.117.118.44	TCP	80	IP Echo Service
ifconfig.me	34.117.118.44	TCP	80	Connection details resolver
resolver4.opendns.com	208.67.220.222	UDP	53	DNS server