Network Planning - Magtek DynaPro Go Installation And Operation Manual

3 - Planning and Preparation
3.2

Network Planning

If DynaPro Go will communicate with the host via TCP/IP and an 802.11 wireless access point, network
administrators should do the following before deployment:
1) If the device will have TLS enabled (see section 3.1 Logistical Planning):
a) Coordinate with your sales representative to obtain the certificate chain that must be installed on
the host to enable TLS communication with the device. The certificate chain provided by
MagTek contains a set of SHA-256 signed 2048-bit RSA certificates and 2048-bit RSA keys,
which provides a balance between security and performance.
b) Make sure the host supports at least one of the cipher suites listed in Table 3-1. The device will
not negotiate any ciphers not listed there. The table lists ciphers in descending order of cipher
strength; MagTek recommends the host should have the strongest available cipher enabled. By
default, the device comes with a SHA-256 signed 2048-bit RSA certificate and ECC SECP256R1
certificate installed, which support all of the listed ciphers.
2) Determine how the IP addresses of all DynaPro Go devices and the host will be allocated, and plan a
way to share the plan with the advanced operators who will be configuring devices.
3) The device configuration supports connection to only one access point. Make sure there is adequate
signal strength between the access point and all locations where the device will operate wirelessly.
4) The device supports WPA Personal wireless security. Make sure the access point is configured to
support one of WPA2-PSK (TKIP), WPA2-PSK (AES), or WPA2-PSK (TKIP/AES). MagTek
recommends using WPA2-PSK (AES).
5) Plan a way for the access point SSID and passcode to be available to the advanced operator who will
be configuring devices.
6) Determine whether to use MAC filtering on the access point and plan a way for device MACs to be
added to the list.
7) If the device and host will use static IP addresses, allocate those addresses and determine what
Gateway and Subnet Mask the devices should use.
8) Determine whether the solution will use IP addresses or DNS names for the host and the device.
Note that on some operating systems, the TLS implementation may require the host to connect to the
device by DNS name, or the TLS handshake may fail to authenticate the device because of a naming
mismatch between the DNS name and the Common Name (CN) or Alternate Name embedded in the
Device TLS Certificate.
9) Determine what ports the device and host will use to communicate, and make sure the required
protocols are supported. See Table 3-2 - Protocols and Ports.
10) DynaPro Go does not require an Internet gateway.
DynaPro Go| Handheld PIN Pad Device with MSR/Contact/Contactless | Installation and Operation Manual
Page 18 of 77 (D998200129-20)