Clocks are shipped configured to communicate to our secure cloud environment, all communication is outgoing only, no ports need to be opened from the outside world (no port forwarding’s or static NAT rules required).
Clocks require the following outgoing ports to operate:
| Protocol | Port | Destination | Description |
| TCP | 443 | <CUSTOMER>.SynerionAgile.com OR <CUSTOMER>.SynerionEnterprise.com | Clocks use this to synchronize employee and job related data, submit transactional data (punches) and pull employee on demand data (Employee Self Service). |
| TCP | 443 | synerion.customexchange.net terminalex.synerionagile.com | This is used for clock management (configuration) and template synchronization. |
| TCP | 5222 7777 | synerionsvass1.gtl.biz | This is used for troubleshooting purposes, firmware upgrades, application upgrades, pulling logs on demand, etc. |
Customers are urged not to create outgoing firewall rules to open these ports based on destination IP addresses: by design (as is the nature of a cloud service) the IP addresses associated with the FQDNs specified in the table above may change over time and thus such rules could cause sudden communication disruption. Most modern firewall appliances allow the creation of rules that accept FQDNs or Hostnames which are evaluated at runtime, if this is not possible, we recommend opening the ports listed above to any destination on the internet.
The clock’s internal IP addresses can be used as the rule source to further limit the scope of the firewall rules, clocks can be configured with Static IP addresses for this purpose if desired but we strongly suggest creating DHCP Reservations instead in order to avoid difficulties and considerable troubleshooting when moving clocks around or troubleshooting general network communication issues.