As the software provided by .decimal requires access to the internet to place orders, the proper functioning of our software can be affected by the local network within which the software is installed. Since each customer facility implements their own unique security, firewall, and networking policies we cannot guarantee support for all configurations. Therefore, this guide was created to provide general troubleshooting steps to help our customers and their IT departments ensure they are not blocking or interfering with .decimal software and the HTTPS requests to .decimal's servers that are required to install, authenticate, and place device orders.

.decimal's applications communicate via HTTPS to our server resources. The diagram below demonstrates how our HTTPS traffic flows through each piece of infrastructure and identifies common failure points:

1. Blocking or filtering the required .decimal urls or ports:
   • .decimal applications require specific urls(or IPs) and ports to be unblocked and unimpeded in order to authenticate and place orders to .decimal's servers. Refer to the System and Network Requirements document provided by .decimal staff. At a minimum the url direct.dotdecimal.com (64.128.252.104) port 443 is always used. You may also refer to the .decimal client app network requirements for each application's latest network requirements (please ensure you have the correct application and app version).
     • Note: If using p.d 5.3 you'll also need to ensure update.dotdecimal.com (65.128.252.105) port 443 is also fully accessible.
2. Proxies:
   • .decimal internet traffic imposes strict client/server verification to ensure secure connections between the software installed at the clinic and our servers. As such, traffic from .decimal applications may encounter issues if a proxy is re-routing .decimal's traffic. Traffic from .decimal's software must be whitelisted to skip any network proxies if errors occur. See the Web Security Appliance (WSA) bullet below for more in depth explanation details and potential error messages due to using a proxy.
3. Web Security Appliance (WSA):
   • Some network security hardware (notably Proxies or WSAs) will attempt to decrypt and inspect our HTTPS traffic. Some customers have needed to include an exception in this network security device as this can impact and cause our encrypted and authenticated HTTPS traffic to encounter errors while in transit between the client software installed at the clinical facility and .decimal's servers. Network security hardware can lead to errors such as:
     • Errors can Include (but are not limited to): “Request failed…” or “SSL handshake failed” or “SSL connect error” or “Could not connect to login server” or 401 errors or Error Getting the public key for JWT token.
     • Common Required SSL Exemptions include (refer to the App Specific Network Requirements for detailed list):
       • dotdecimal.com
       • auth0.com (for users using the decimal Launcher)
   • .decimal software requires verbose SSL client to server verification of the encrypted HTTPS traffic. As such, any WSAs may cause .decimal client software to fail the SSL verification if the HTTPS traffic is intercepted by a WSA. This can lead the client or server software to assume a 'Man in the Middle' attack.
4. Users not receiving decimal Direct email invites:
   • Refer to the decimal Direct Site Management Troubleshooting guide.

The following steps may help when troubleshooting network security and IT issues for your facility.

Running the compatibility checker will ensure that all required .decimal IP addresses and ports are not being blocked.

Download the Compatibility Checker by logging in to decimal Direct with your .decimal account credentials.

If any of the above tests fail, then a required URL/Port is being blocked. Refer to the System and Network Requirements document provided by .decimal staff. You may also refer to the .decimal client app network requirements for each application's latest network requirements (please ensure you have the correct application and app version).

This option is advised if your network IT has whitelisted and unblocked .decimal's urls and ports (as evidenced by a successful Compatibility Checker run), but you still encounter issues using .decimal's software and communicating to .decimal's servers.

1. Attempt to download and install the .decimal client software on a device (e.g.: a laptop) not connected to your main cooperate network (e.g.: a guest WiFi network or smart phone hotspot) that has absolutely zero security or firewall blocking, filtering, or packet inspection.
2. Attempt to login to the .decimal client software
3. Confirm you are able to download, install, login, and use the .decimal software on an unrestricted device on an unrestricted internet connection. This ensures no security, firewall, or packet inspection security policies are interfering with your HTTPS connection and traffic to .decimal servers.
   1. Conclusion: If Step #3 passes, then there is still security policies in place on your main facility network impeding .decimal HTTPS traffic. We recommend disabling each network security device one by one until the .decimal client software operates normally. Then consider allowing an exception only on the offending network security devices impeding .decimal's HTTPS traffic.

The below table provides the location for the network requirements for each of the .decimal client side applications. Please ensure you have the correct application and app version when looking up the network requirements below.