TZ350 Best pratice to open up ports in this scenario for Time Clock company Paycor

Walkman

I have a time clock company paycor that has requested that their 2 time clocks be accessible by a range of servers through ports 80, 443.

the time clocks have static ip's and are currently on our main lan they can get out the door and contact the update server.

Paycor is saying that they cant get to their time clocks and need to be allowed 2 way traffic on ports 80 and 443 and needs to listed as a trusted data source.

what is the best and most secure way to complete this?

TKWITS

The time clock vendor should provide documentation on their network requirements that you can base your configuration off of.

Not sure why the vendor needs inbound access, if the device can communicate out they would in theory be able to pass any configuration changes to it that way.

Anyway if the vendor is adamant about inbound access restrict incoming connections from only the block of IPs (range of servers) they provide as their known addresses.

This might be helpful:

https://www.sonicwall.com/support/knowledge-base/how-can-i-enable-port-forwarding-and-allow-access-to-a-server-through-the-sonicwall