Moneris Gateway Public IPs FAQ

Moneris is updating the Moneris Gateway external facing Internet Protocol (IP) addresses. Please see below for the dates when the new IP addresses will take effect. If you have firewall rules in place, IP filtering, or use the IP addresses directly, you will not be able to process cardholder transactions and receive connection errors if updates to the addresses are not made by these dates.

Moneris Gateway CA QA Environment

  • Publish new IPs: Monday, October 9, 2017
  • De-commission old IPs: Monday, May 2, 2018

Moneris Gateway CA Production environment:

  • Publish new IPs: Wednesday, March 28, 2018
  • De-commission old IPs: Tuesday, May 29, 2018

General Overview

1.     Why is Moneris making this change?

Moneris is conducting an infrastructure update that will change external facing Internet Protocol (IP) addresses to improve our systems and services.

2.     How does Moneris notify about changes?

Moneris sends notices of such updates using the merchant notification contact emails listed on file in the Moneris Gateway Merchant Resource Center (MRC).

To see the list of contacts on file for your account please proceed to:

Once logged in, please select the Admin menu à Notification. This page displays all emails on file for this account that will receive direct email communications from Moneris. To add more contacts for future notifications, please do so here.

Moneris also posts notices of such changes on the Moneris Developer Portal and Community Blog page.

Links for these posts can be found below:

NOTE: The command may vary based on Windows vs Linux vs other OS/system

3.     When did Moneris notify about this change? 

Email communications were sent out to all notification contact email addresses on September 12, 2017 with a follow-up reminder on October 26, 2017. An additional email was sent on February 28 advising that the new IPs would be published on March 28.

Change Overview

1.     What change is Moneris making?

Moneris will be changing the Moneris Gateway Canada and US external facing IPs (Internet Protocol) on Wednesday, March 28th, 2018.

Table below shows the old IPs and the new IPs.

Environment

DNS Host

Old IPs

New IPs

Moneris Gateway CA Production

www3.moneris.com

216.220.63.73
69.46.113.10
74.200.8.130
23.249.192.193
23.249.200.193

Moneris Gateway US Production

esplus.moneris.com

65.110.162.80
69.46.113.12
74.200.8.133
23.249.193.201
23.249.201.201

2.     Was QA updated?

Moneris changed the Moneris Gateway Canada and US external facing IPs (Internet Protocol) in QA on Monday, October 9, 2017.

Table below shows the old IPs and the new IPs that were updated in QA.

Environment

DNS Host

Old IPs

New IPs

Moneris Gateway CA QA

esqa.moneris.com

69.46.113.11
74.200.8.192
23.249.192.209
23.249.200.209

Moneris Gateway US QA

esplusqa.moneris.com

69.46.113.13
74.200.8.193
23.249.193.217
23.249.201.217

3.     Will the Moneris DNS host address change?

No. The following host addresses remain unchanged and should still be used:

Environment

DNS Host URL

Moneris Gateway CA Production

www3.moneris.com

Moneris Gateway US Production

esplus.moneris.com

 4.     What are the impacted areas?

This change is applicable to merchants using Moneris Gateway Canada and/or Moneris Gateway US.

Merchants with the following network settings will be impacted:

  • Using static IPs
  • Using host files with specific URL to IP mapping
  • Using firewall rules/whitelists

All Moneris Gateway integration options are impacted, including:

  • Merchant Resource Center
  • Hosted Pay Page
  • API
  • Hosted Tokenization
  • SFTP batch file processing
  • Direct Post

5.     Who should merchants speak with to fix connectivity issues?

Please consult with:

  • Your internal IT department (network, security, systems administrator, etc.)
  • The company that is hosting your solution
  • The company that did the network setup for your website/system

Please provide these stakeholders with this FAQ.

6.      Will the IP change impact merchants instantly? 

After the IPs are changed it can take up to 48 hours to take effect as the new IPs are updated across the internet.

This means you may see the impact at different times based on your location and network setup.

7.      When do merchants need to update by?

For those using the DNS host address, please ensure firewall rules include both the old IPs and new IPs to ensure a smooth transition. Doing so will ensure that your connectivity will not be affected when the new IPs are propagated to your network.  We recommend leaving the rules for the old IPs in place as a precaution.

8.     Which merchants will be impacted?

There are 2 scenarios:

Scenario

How to identify?

What change will merchant need to make?

Merchants using IPs as destination host (i.e., as opposed to DNS host URL)

Merchant connects to Moneris using the IP instead of the DNS host address.

API static IP example:

Connect using https://216.220.63.73/gateway2/servlet/MpgRequest

Update to use the appropriate DNS host URL instead of IP.  This is the recommended method of connecting to Moneris.

Canada Production DNS Host URL: www3.moneris.com

US Production DNS Host URL: esplus.moneris.com

NOTE: If you choose to continue to use static IPs to connect, then you must update to the new IPs provided.

Merchant uses whitelisted IPs

In this instance, a Merchant must identify and speak with a network administrator that manages the network to verify if firewall rules have been setup to block internet traffic.

Merchant must white list the new IPs.  This means firewall rules need to be setup, internal routing set up, etc.

9.     What is the impact of this change?

This change will only impact merchants using static IPs or whitelists. In these cases, if the IPs are not properly updated, merchant will not be able to connect to Moneris Gateway. Failure to update could cause the following errors:

  • All API transaction requests will return with a connection or I/O error.
  • If using the Merchant Resource Center (MRC) you may not be able to view the website and may receive a 404 error.
  • If using the Hosted Pay Page (HPP) you may not be able to view the HPP and may receive a 404 error.
  • If using SFTP batch file upload you may not be able to connect to the SFTP server.

10.     Can Moneris revert back to the old IPs?

Unfortunately Moneris cannot revert back.  All merchants must use the new IPs and must update their systems appropriately. 

11.     Can merchants revert back to using the old IPs?

All merchant must use the new IPs. However, Moneris recommends that you keep the firewall rules for the old IPs in place as a precaution.

Technical Overview

1.     How do I identify if it is a firewall related issue?

Use the below commands to help identify if the IP changes have been applied to your environment.

To run these commands in a Windows environment click on the Start button and type cmd in the search box to open the Windows Command Line.

Example:

OLD IP’s:

Gateway Command Line Command
Canada telnet 216.220.63.73:443
US telnet 65.110.162.80 443

telnet 65.110.162.80 443

NEW IP’s:

Gateway Command Line Command
Canada telnet 23.249.192.193:443
telnet 23.249.200.193:443
US telnet 23.249.193.201:443
telnet 23.249.201.201:443

NOTE: The command may vary based on Windows vs Linux vs other OS/system

You may also perform the trace route command if allowed in your environment. Perform the below trace route examples and compare OLD IP trace to NEW IP trace to see what the last hop  that you are able to hit.

OLD IP’s:

Gateway

Command Line Command

Canada

tracert –d 216.220.63.73

US

tracert –d 65.110.162.80

NEW IPs

Gateway

Command Line Command

Canada

tracert –d 23.249.192.193
tracert –d 23.249.200.193

US

tracert –d 23.249.193.201
tracert –d 23.249.201.201

telnet 65.110.162.80 443 gives blank screen as mentioned below.

After the change telnet 23.249.193.201 443 should give blank screen

telnet 216.220.63.73 443 gives blank screen as mentioned below.

2.     How do I identify if it is a DNS related issue?

Perform the below command to see what your system is resolving the IP address to.

To run these commands in a Windows environment click on the Start button and type cmd in the search box to open the Windows Command Line.

Gateway

Command Line Command

Canada nslookup www3.moneris.com
US nslookup esplus.moneris.com


Perform the following command to see what your system is resolving the IP address to:

nslookup esplus.moneris.com

Nslookup www3.moneris.com is resolved to 216.220.63.73 as mentioned below.

After the change Nslookup www3.moneris.com should be resolved to 23.249.192.193

Nslookup esplus.moneris.com is resolved to 65.110.162.80 as mentioned below.

After the change Nslookup esplus.moneris.com should be resolved to 23.249.193.201