Last updated: Oct 22, 2025, 10:50 AM
If you use allowlist domains in your firewall, you'll need to include the domains listed below.
A firewall allowlist is a list of domains that are configured on a firewall or router to be explicitly allowed to pass traffic without any restrictions. This does not apply to all customers, only to those who have already configured firewall settings to block/restrict specific domains.
Wildcarded domains (recommended):
| Protocol | Destination | Destination Port |
| UDP | Any | 53 |
| UDP | Any | 123 |
| ICMP | 8.8.8.8/32 | Any |
| ICMP | 75.75.75.75/32 | Any |
| ICMP | 8.8.4.4/32 | Any |
| TCP | 162.159.153.239/32, 162.159.152.25/32 | 443,8443,36868 |
| TCP | *.toasttab.com | 443,8443,36868,5671 |
| TCP | *.toasttab.com | 80,8080,8443 |
| UDP | *.toasttab.com | 3478 |
| TCP | d2c9w5yn32a2ju.cloudfront.net | 443 |
| TCP | *.launchdarkly.com | 443 |
| TCP | api.mapbox.com | 443 |
| TCP | google-analytics.com | 443 |
| TCP | *.googleapis.com | 443 |
| TCP | s3.amazonaws.com | 443 |
| TCP | s3-external-1.amazonaws.com | 443 |
| TCP | toasttab.s3.amazonaws.com | 443 |
| TCP | toast-perf-mon.s3.amazonaws.com | 443 |
| TCP | mg.adups.cn | 443 |
| TCP | fotadown.mayitek.com | 80 |
| TCP | hwfotadown.mayitek.com | 80 |
| TCP | oskm.mayitek.com | 80 |
| TCP | fota5.adups.cn | 443 |
| TCP | fruet.adups.com | 443 |
| TCP | osqn.mayitek.com | 80 |
| TCP | *.ingest.sentry.io | 443 |
| TCP | *.wootric.com | 443 |
| TCP | *.appcues.com | 443 |
| TCP | wootric-eligibility.herokuapp.com | 443 |
| TCP | d8myem934l1zi.cloudfront.net | 443 |
| TCP | manage.eloview.com | 443 |
| TCP | api.sunmi.com | 443 |
| TCP | ota.cdn.sunmi.com | 443 |
| TCP | tms.bbpos.com | 443,63357 |
| TCP | *.toasttab.auth0.com | 80,443,4443,53 |
| TCP | fw-update.ubnt.com | 443 |
| TCP | fw-download.ubnt.com | 443 |
| TCP | dl.ui.com | 443 |
| TCP | *.sunmi.com | 443,80 |
| TCP | apk.cdn.sunmi.com.wsdvs.com | 443 |
| TCP | ota.cdn.sunmi.com.mgslb.com | 443 |
| TCP | apk.cdn.sunmi.com.w.kunlunar.com | 443 |
| TCP | ota.cdn.sunmi.com.w.kunlunar.com | 443 |
| TCP | file.cdn.sunmi.com.w.kunlunar.com | 443 |
| TCP | pic.cdn.sunmi.com.w.kunlunar.com | 443 |
| TCP | d10br2b8k9bn0s.cloudfront.net | 443 |
| TCP | maven.n.miliao.com | 8081 |
| TCP | jivesoftware.com | 443 |
| TCP | nexus.d.xiaomi.net | 443 |
| TCP | pic1.ooopic.com | 443 |
| TCP | *.1e100.net | 80,443 |
| TCP | bit.ly | 443 |
| TCP | pendo-static-5740812351307776.storage.googleapis.com | 443 |
| TCP | *.pendo.io | 443 |
| TCP | cdn.jsdelivr.net | 443 |
| TCP | unpkg.com | 443 |
| TCP | http-inputs-toast.splunkcloud.com | 443 |
| TCP | app-ab35.marketo.com | 443 |
| TCP | io.eloview.com | 443 |
| TCP | content.eloview.com | 443 |
| TCP | device.eloview.com | 443 |
| TCP | dsq.eloview.com | 443 |
| TCP | cdn2.hubspot.net | 443 |
| TCP | cdn.auth0.com | 443 |
| TCP | d2w1ef2ao9g8r9.cloudfront.net | 443 |
| TCP | browser.sentry-cdn.com | 443 |
| TCP | ssl.google-analytics.com | 443 |
| TCP | apis.google.com | 443 |
| TCP | plus.l.google.com | 443 |
| TCP | *.gstatic.com | 443 |
| TCP | d1pxgl8l8levq9.cloudfront.net | 443 |
| TCP | sentry.io | 443 |
| TCP | maxcdn.bootstrapcdn.com | 443 |
| TCP | service.force.com | 443 |
| TCP | *.salesforceliveagent.com | 443 |
| TCP | cdn.ravenjs.com | 443 |
| TCP | *.glance.net | 443,5500,5501 |
| TCP | *.ecardsystems.com | 443 |
| TCP | captive.apple.com | 443,80 |
| TCP | *.eloview.com | 443 |
| UDP | 2.android.pool.ntp.org | 123 |
| TCP | api.memfault.com | 443 |
| TCP | files.memfault.com | 443 |
| TCP | device.memfault.com | 443 |
| TCP | ingress.memfault.com | 443 |
| TCP | chunks.memfault.com | 443 |
| TCP | memfault-prod-east1.s3.amazonaws.com | 443 |
| TCP | fota5.adups.com | 443 |
| TCP | sdk.iad-05.braze.com | 443 |
| TCP | recaptcha.net | 443 |
| TCP | appboy-images.com | 443 |
| TCP | braze-images.com | 443 |
| TCP | cdn.braze.eu | 443 |
| TCP | memfault.com | 443 |
| TCP | osqn.mayitek.com | 443 |
| TCP | 23.22.57.16/32 | 443 |
| TCP | 44.209.216.48/32 | 443 |
| TCP | 52.7.18.112/32 | 443 |
| TCP | 34.228.97.229/32 | 443 |
| TCP | 54.173.90.154/32 | 443 |
| TCP | toast-cc-config-update-prod.s3.amazonaws.com | 443 |
| TCP | *.okta.com | 443 |
| TCP | *.mtls.okta.com | 443 |
| TCP | *.oktapreview.com | 443 |
| TCP | *.mtls.oktapreview.com | 443 |
| TCP | *.oktacdn.com | 443 |
| TCP | *.okta-emea.com | 443 |
| TCP | *.mtls.okta-emea.com | 443 |
| TCP | *.kerberos.okta.com | 443 |
| TCP | *.kerberos.okta-emea.com | 443 |
| TCP | *.kerberos.oktapreview.com | 443 |
| TCP | *.okta-gov.com | 443 |
| TCP | *.mtls.okta-gov.com | 443 |
| TCP | *.okta.mil | 443 |
| TCP | *.mtls.okta.mil | 443 |
| TCP | 3.145.240.0/25 | 443 |
| TCP | 52.32.63.128/26 | 443 |
| TCP | 54.236.251.192/26 | 443 |
| TCP | 54.241.191.128/26 | 443 |
| UDP | network-device-syslog.prod.toasttabdns.com | 5140 |
| UDP | network-device-syslog.prod.toasttabdns.com | 5142 |
| TCP | vault.joinforage.app | 443 |
| TCP | api.joinforage.app | 443 |
| TCP | tntbcrncmgi.live.verygoodproxy.com | 443 |
| ICMPv4 | *.adyen.com | Any |
| TCP | *.adyenpayments.com | 443 |
| TCP | *.adyen.com | 443 |