Gilbarco Network Configurations

This document is an overview of the required steps to integrate a Gilbarco device, such as a Passport, with a Savi Gateway device.

Savi can provide a hostname for this device upon request on a per-location basis.

You may need to reach out to your Gilbarco managed network provider in order to set up all of the necessary network configurations.

Network Configuration:

The Savi Gateway must be configured allowing it to communicate out to the following URLs:

device.getsavi.com
api-prod.getsavi.com
streaming.getsavi.com
video-relay.getsavi.com
delta-data.balena-cloud.com
registry-data.balena-cloud.com
164870711359.dkr.ecr.us-west-2.amazonaws.com
pool.ntp.org

Note: It is important that if applicable, you enable relevant firewall rules to allow the Savi Gateway to communicate with the NVR or DVR at the location as

Device Installation:

What you’ll need

The Savi Gateway Device
Ethernet Cable
Passport POS System
Back Office Computer (optional)

Plugin the Savi Gateway device’s power, and ethernet cable.
Locate your Passport router’s DMZ Port:

If the DMZ Port is taken AND there’s a computer (Back Office Computer) plugged directly (or with the help of a switch) into the port you’ll need to setup the Back Office Computer to do SFTP uploads
If the DMZ Port is available (no Back Office Computer installed) then plug the other end of the Savi Gateway device’s ethernet cable to the free DMZ port.

Passport router’s DMZ Port

Once the installation is finished we’ll need to get into the Passport POS to configure the XML Gateway

Note: If a Back Office computer is already installed some of the next configurations might be already set. It is necessary to double-check that ALL of the configuration options listed below are checked.

SFTP Uploads Set-Up:

If the location currently has a Back Office Computer, we can decide to set up SFTP uploads and have a “scheduled task” to collect sales data every 5 minutes.

*Please note: For this configuration to work the Back Office computer should be powered on at all times to be able to collect data continuously.

Download SaviSFTPUpload.exe from this link
Run SaviSFTPUpload.exe:

1.After downloading the .exe file “SaviSFTPUpload” open the containing folder, right click on the icon and select “Run as administrator”.

2.When asked if you want to allow the application to run, click “Yes”.

3.The first time you run the application you’ll be prompted to enter the Server Directory, and the store’s Location Number.
4.Type in the Passport’s Server Directory, almost always that directory corresponds to: \\10.5.48.2\XMLGateway\BOOutBox\.

5. Ask for the Store’s Location Number, it can be alphanumeric “C-12” for example, type it in when prompted.

6. Double-check the values for your configuration, if something looks wrong type “N” and press enter, you’ll be prompted to enter the values again. If the configuration is correct type “Y” and press enter.

Move SaviSFTPUpload.exe to Savi’s folder:
1. Copy the “SaviSFTPUpload.exe” file from the “Downloads” folder.
2. Go to the Windows User Directory, you’ll find a new folder called “getsavi”. The Windows User Directory is C:\Users\computer_username\
3.Paste the “SaviSFTPUpload.exe” file into the “getsavi” folder.

Create a Scheduled Task

1.Go to Control Panel > System and Security > Administrative Tools

If you can’t find the “System and Security” option, you’ll need to go directly to “Administrative Tools”

2.Locate “Task Scheduler”, right-click on it and press “Run as administrator”

3. In the Task Scheduler menu go to Action > Create Basic Task

4. Give your task the name “Savi SFTP Upload” and click Next

5. Click on “When I log on” when asked when the task should start.

6. For task action, select Start a program and click Next.

7. Browse for SaviSFTPUpload.exe executable. You’ll find it inside: C:\Users\computer_username\gestavi

8. When done click the checkbox “Open the Properties dialog for this task when I click Finish”, click Next, review your options and confirm with Finish.

9. Inside the “General” tab select the following options:

11.Click the option “Any User”
12.Check the box “Repeat task every” and change the value to 5 minutes “for a duration of” Indefinitely. Press Ok.

13. Inside the “Conditions” tab, check “Wake the computer to run this task”

14.Inside the “Settings” tab check “If the task fails, restart every: 1 minute”, up to “3 times”

15. Press Ok, you’ll need to enter the user’s password.

16. Start the task you just created by selecting “Savi SFTP Uploads” from the list, and click the “Run” button on the right side of the screen.

Passport Router Configuration

(Only needed for Gilbarco Integration Setups that require a Gateway Device instead of SFTP Uploads)

Setup Context:

Gilbarco customers have an on-site Cisco Firewall Router RV042:
The Cisco RV042 includes the following ports:
- Port 1: Port connected to the Passport Server
- Ports 2-4: This 3 ports are dedicated to Cash Register stations and Credit Card processors, on a typical configuration we'll see port 1 and 4 occupied and ports 2 and 3 empty and disabled)
- Internet: Connectivity to the greater web to process credit card transactions.
- DMZ/Internet: The Demilitarized Zone (DMZ) Port is the only way for the Gateway Device to communicate with Gilbarco's Passport POS. Note: (On SFTP configurations this port is occupied by the Back Office Computer)

Before connecting to the Cisco Router we'll need to configure our computer's ethernet adaptor with the following network configuration:

IP address: 10.5.48.15

Subnet Mask: 255.255.255.192

Default Gateway: 10.5.60.1

First thing we'll need to do is to enable port 3 on the Cisco Router
IMPORTANT: In some locations ports 2 and 3 are disabled. In order to re-enable port 3 to enter the Cisco Router Configuration
you'll need to unplug port 1 of the Cisco Router en connect your computer to that port.
A good way to test if the ports are disabled is connecting a computer to the port, check the green led on the Router is on or blinking.
If it's off, the port is disabled.
If port 3 is not available, then configuration can be applied to port 2 (or any available port)

Connecting to the Cisco Router:

After having configured the computer's IP address, and connecting to port 1 of the Cisco Router open your web browser Type 10.5.48.1 on the address bar and press enter.
The Cisco Router login page will be displayed:

Enter the username: admin and password: GVR09RV042
Another login is: username: admin and password: GVR09RV042
IMPORTANT: Stop here if none of the login credentials work, refer to the store and ask for the right credentials.
If they're not provided then we can no longer move forward with the configuration.

Enable Port 3:
Inside the cisco configuration page go to
Double check "Internet" and "DMZ Internet" ports are both enabled and both have the options Speed: 100M and Duplex: Full
Do not touch configuration of ports 1,2 and 4
Press "Save"

Reconnect POS to Port 1:
After enabling port 3 and saving the changes, disconnect your computer from port 1 of the Cisco Router and connect it to port 3.
You'll have to enter to the login page again, open your web browser, type 10.5.48.1 enter the username and password.
Don't forget to connect back the cable corresponding to port 1, the Passport Server

Configure Access Rules:

Enter the firewall configuration Firewall > Access Rules
You'll find a list of Access Rules:

Make sure the following rules are listed and enabled:

Action	Service	Source Interface	Source	Destination	Time
Allow	BOSShare [139]	DMZ	10.5.60.15 - 10.5.60.15	10.5.48.2 - 10.5.48.2	Always
Allow	FTP [21]	DMZ	10.5.60.15 - 10.5.60.15	10.5.48.2 - 10.5.48.2	Always

If you can't find the rules on the table, you'll have to add them.

How to Add Access Rules:

Click the Add button at the bottom of the page
Enter the values on the table.
You'll find FTP under the service dropdown. If you can't find the name BOSShare click on "Service Management"
Under service management you'll add the service name, port, protocol. For example to create the BOSShare[139] service you'll add:

name: BOSShare

protocol: TCP

port: 139

Add Savi's Specific Access Rules

Follow the steps on "How to Add Access Rules"
Enter the values on the table:

Action	Service	Source Interface	Source	Destination	Time
Allow	DNS [53]	DMZ	10.5.60.15 - 10.5.60.15	Any	Always
Allow	NNTP [119]	DMZ	10.5.60.15 - 10.5.60.15	Any	Always
Allow	NVR [1935]	DMZ	10.5.60.15 - 10.5.60.15	Any	Always
Allow	HTTP [443]	DMZ	10.5.60.15 - 10.5.60.15	Any	Always
Allow	All Traffic [1]	LAN	10.5.48.2 - 10.5.48.2	10.5.60.14 - 10.5.60.17	Always

Make sure to enable the new rules you added
IMPORTANT: Make sure no rules with action "Deny" are enabled on the list of access rules

Check Advanced Routing Settings:

From the menu go to Setup > Advanced Routing
The "Working Mode" should be set to Gateway

Check Advanced Routing Settings Bandwidth:

From the menu go to System Management > Bandwidth Management
The Upstream and Downstream value will vary from location to location, but as a general rule it shouldn't be lower than 5000 kbps

Check DHCP Configuration:

From the menu go to DHCP > DHCP Setup
The option "Enable DHCP Server" should be checked.
Range should start at 10.5.48.8 and the range end will vary from location to location.

Check DMZ Setting:

From the menu go to Setup > Network
Under DMZ Setting the option "Enable DMZ" should be checked.
Verify ip address is 10.5.60.1

Passport POS Configuration:

Make sure you are logged in with administrator privileges inside the “Manager Workstation”
From the Store menu, select the option Back Office, this will bring up the Interface Configuration Screen

The Interface Configuration Screen will display with three tabs: Document Generation, XML Gateway Polling Options and XML File Import Options

Interface Format:

The latest version should always be selected (NACS XML v3.4)

Document Generation:

From the list, make sure to click “Shift Close” on the following reports:

Items Sales Movement
Merchandise Code Movement

Note: It is preferable to select “Shift Close” rather than “Store Close” even if the store runs only one shift per day.

Generation Options:

The following checkboxes must be selected:

Generate Transaction Level Detail (PJR) (IMPORTANT)
Enforce Document Type Definition (DTD)
Reassign PLUs to Assume Department Changes
Calculate Net Sales for Merchandise Code Movement and Items Sales Movement
Drop UPC Check Digit

Make sure to keep in mind:

Generate Acknowledgement Files does not need to be selected unless it is being used by another Back Office System.
Use Manifest must be left unchecked, if selected, Passport will not start file processing until the manifest file is received. (Only for Gateway Device installations).
Combine Transaction Level Detail Files (PJR) should be left unchecked.

XML Polling Options

Make sure to check the option Enable XML Gateway File Polling. Enter the following configurations:

Enter Backoffice User Name: Either your current Back Office User or SAVI
Enter Backoffice Password: Either your current Back Office Password or SAVIpassport2020
Enter Directory Path to Push XML Files To Either your current Back Office drive or C:\Passport\XMLGateway\BOOutbox

After you click “Save”, click “OK” on the top message, “Yes” on the second and “Yes” on the third.

Passport Employee Report Configuration:

NOTE: Only available on Passport version v12.02 and higher.

There is a feature called Report/PDF Printing Configuration that will allow us to get employee names from the Passport.

How to configure:

Go to Setup > Store > Report Maintenance
Check the box to 'Copy reports to local XML Gateway Back Office share'.
Once the customer selects Print after reviewing a report, the report will be saved in the BOOutBox folder.

IMPORTANT: Make sure the customer reviews the report and Prints the report at the time of the configuration, otherwise we won't get the employees file.

Passport V6.XX Network for Heartland Payment Systems - Dallas Network Phillips 66

FTP for Back Office

Obtain the IP Address for the Edge Device.

You must obtain the FortiGate Demilitarized Zone (DMZ) Port IP Address from the Phillips 66 Help Desk (1-800-426-3696) to derive the IP Address for the Edge Device. When you call the Phillips 66 Help Desk, provide the following information:

Passport RV042 Firewall Router WAN IP Address
Site Dealer Number

Based on this information, the Phillips 66 Help Desk will provide you the FortiGate DMZ Port IP Address. You can obtain the Edge Device IP Address by adding 1 to the value of the fourth octet of the FortiGate DMZ Port IP Address.

The following IP Address settings are used as samples in these instructions. These values are samples only; DO NOT use them for configuring a live site.

Passport RV042 Firewall Router WAN IP Address: 10.80.138.11
FortiGate DMZ Port IP Address: 172.20.164.129
BOS IP Address (add one to the FortiGate DMZ Port IP Address 172.20.164.129 + 0.0.0.1): 172.20.164.130

Plug the Edge Device into the FortiGate DMZ port using a standard CAT-5 Cable (not a crossover cable).
Configure the Edge Device in admin. You must use the FortiGate DMZ WAN IP Address as the Edge Device Default Gateway when configuring the app in admin, for example:

IP Address: 172.20.164.130
Subnet Mask: 255.255.255.224
Default Gateway: 172.20.164.129

You must replace the new Back Office IP Address in the Pull and Push paths on the MWS > Set Up > Back Office > Back Office Interface > XMLGateway Polling Options with the Edge Device IP address.

The path directory must include the specific IP Address of the Edge Device (for example, 172.20.164.130). Ensure that you do not change the remaining values for paths.

Ensure that the following RV042 Firewall Router Access Rule settings are correctly configured for the Edge Device to communicate with the Passport Server:

Enable the BOSShare rule.
Set the Source IP Address to the Edge Device IP Address (for example, 172.20.164.130).
Change Source interface from DMZ to WAN.
Click Save Settings.

Also, change the drive mapping for all drives mapped to the Passport Server from 10.5.60.1 (V8.02) or 10.5.48.2 (earlier than V8.02) to the Passport Router WAN IP (for example, 10.80.138.11). When the Edge Device prompts for username and password, enter passport as the username and pmcs382000 as the password.

Finding BOSShare on CISCO Router:

Applies To	Service	Source Interface	Source	Destination	Action Required
Phillips 66	BOSShare[139]	DMZ	Any	10.5.48.2 ~ 10.5.48.2	Select Enable.

Schematic Connections:

Illustrative Document specific for Phillips 66 other configurations may vary

IP Address Assignments

Device	IP Address
Passport 10.5.48.X Subnet (255.255.255.192 Subnet Mask)
RV042 Router LAN	10.5.48.1
Passport Server	10.5.48.2
Passport RAS	10.5.48.3 - 10.5.48.4
Secondary Router/Hub (if required)	10.5.48.7
Third-party 10.5.60.X Subnet (255.255.255.192 Subnet Mask)
Third-party DMZ Router	10.5.60.14
Edge Device	10.5.60.15

Installing an Additional Hub/Switch on the DMZ (10.5.60.X)

When more than two third-party devices require connections to the DMZ, it will be necessary to accommodate additional LAN connections. This procedure must be used to install a Linksys 10/100 8-port Workgroup Switch (Q13708-01A) as an expansion device on the DMZ

Ensure that both the Linksys switch and Firewall Router are powered on.
Connect a CAT-5 Modular Cable between Port 1 of the Linksys 10/100 8-port Workgroup Switch and the DMZ Port.
Connect third-party devices to Ports 2-8 as required, through a CAT-5 modular cable.

Getting Access to Linksys Router

Note: It might be needed to login into the Linksys Router to enable firewall rules. The following steps utilize the default username and password, please keep in mind that clients may have changed these to a different value.

Ensure that the IP address of your laptop is programmed to:

IP address: 10.5.48.18
Subnet Mask: 255.255.255.192
Default Gateway: 10.5.48.1

Connect a CAT-5 cable between Port 1 of the Firewall Router and your laptop
Type 10.5.48.1 in the address bar of your web browser and press enter.
Enter admin as the Username and GVR09RV042

Enabling DMZ Port:

Log into the firewall router’s configuration page
Acces Port Management and ensure that the DMZ interface is enabled
Click save setting for changes to take effect.