Network Security virtual appliances make a number of outbound connections in order to authenticate, communicate and secure the traffic flowing through your cloud instance. The table below lists the expected virtual appliance outbound connections:
Outbound Connection
URL
Function
Trend Micro backend
*.trendmicro.com
Domain filtering feeds
C1 backend
*.cloudone.trendmicro.com
Retrieves events for Threat Insights
Platform backend (Required)
AWS: 169.254.169.*Azure: Uses PTP host
NTP request
Platform backend (Required)
AWS: 169.254.169.*Azure: Platform DNS service tag
DNS request
Platform backend (Required)
AWS: 169.254.169.*Azure: Platform IMDS service tag
Instance metadata (IMDS)
AWS CloudWatch logs
*aws.amazon.com
Retrieves metrics and logs
AWS S3 buckets
*aws.amazon.com
Digital Vaccine filterAppliance upgrade package
Tech support reportGeo/Domain filtering feeds
AWS ACM, CloudHSM, KMS, S3
AWS: *aws.amazon.com (Varies based on TLS inspection settings)Azure: Key Vault service tag
TLS inspection settings
Azure Log Analytics/Storage
Azure Monitor and Storage service tag
Retrieves metrics and logs
Splunk
User defined
Retrieves events
This list is not comprehensive and new connections may be added periodically to improve functionality.