Table of contents

Port numbers, URLs, and IP addresses

Topics on this page
Required Workload Security IP addresses and port numbers
Required Workload Security URLs

Workload Security components communicate over your network using the following:

Before deployment, your network administrator might need to configure firewalls, AWS security groups, and web proxies to allow those network services.

Default settings are displayed. Many network settings are configurable. For example, if your network has a web proxy, you could configure agents to connect through it on port 1443, instead of directly to Workload Security on port 443. If you change the default settings, then firewalls must allow communications via the new settings.

The following network diagram provides an overview:

Network diagram of default source addresses, destination addresses, and destination ports that are also described in the tables

Required Workload Security IP addresses and port numbers

The following table is organized by source address (the deployment component which starts the TCP connection or UDP session). Replies (packets in the same connection but opposite direction, from the destination address) usually must be allowed, too.

Workload Security servers usually have dynamic IP addresses (that is, other computers in your deployment use DNS queries to find the current IP address of a Workload Security FQDN when required). For the list of Workload Security domain names, see Required Workload Security URLs.

Some ports are required only if you use specific components and features. Some services might have static IP addresses. These exceptions and optional features are indicated.

All ports in the table are destination ports (also known as listening ports). Like many software, Workload Security also uses a range of dynamic, ephemeral source ports when opening a socket. Rarely, ephemeral source ports might be blocked, which causes connectivity issues. If that happens, you must also open the source ports.

Source
Address		 Destination
Address		 Port
(Default)		 Protocol
Administrator's computer DNS server 53 DNS over UDP
NTP server 123 NTP over UDP

Workload Security

Accounts created before 2020-11-23: 

Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.



Console (GUI)

34.196.38.94

34.198.27.224

34.198.6.142

34.205.210.199

34.205.219.175

34.205.239.162

34.226.116.82

34.233.153.57

35.153.222.175

35.169.254.68

35.169.43.208

35.172.176.62

50.17.162.194

52.0.124.201

52.0.33.128

52.202.124.22

52.207.138.122

52.22.162.229

52.3.171.31

52.72.111.249

52.72.211.36

52.87.46.150

54.175.211.84

54.80.120.113

3.225.229.14

18.215.67.148

34.195.125.27

3.86.123.174

44.206.92.118

44.194.122.255

34.197.70.194

18.213.159.46

52.203.120.170

44.205.104.224

35.173.89.232

44.196.197.8

54.243.242.11

34.200.138.190

54.162.255.145

52.203.15.159

44.199.124.64

18.210.225.102

18.235.109.2

44.211.7.123

54.160.53.57

18.209.2.38

3.211.162.147

34.233.239.156

44.207.171.40

18.96.96.27

18.96.96.128

18.97.19.0/27

18.97.133.160

18.97.133.27

34.205.5.0

34.205.5.27

3.140.136.224

3.140.136.27

18.98.162.128

18.98.162.27

18.169.230.160

18.169.230.27

18.99.38.64

18.99.38.27

13.214.15.0

13.214.15.27

35.75.131.96

35.75.131.27

18.96.226.0

18.96.226.27

3.108.13.32

3.108.13.27

18.96.34.160

18.96.34.27

3.69.198.64

3.69.198.27

18.99.0.224

18.99.0.27

3.99.65.64

3.99.65.27

18.98.193.32

18.98.193.27

3.26.127.96

3.26.127.27

 443 HTTPS over TCP

Workload Security

Subnets:

  • Australia:
    3.26.127.96/27
    18.98.193.32/27
  • Canada:
    3.99.65.64/27
    18.99.0.224/27
  • Germany:
    3.69.198.64/27
    18.96.34.160/27
  • India:
    3.108.13.32/27
    18.96.226.0/27
  • Japan:
    35.75.131.96/27
    18.99.69.160/27
  • Singapore:
    13.214.15.0/27
    18.99.38.64/27
  • UK:
    18.169.230.160/27
    18.98.162.128/27
  • USA:
    3.140.136.224/27
    34.205.5.0/27
    18.97.133.160/27
    18.97.19.0/27
    		•  SIEM or Syslog server
    (if any)         		514 Syslog over UDP
    SIEM or Syslog server
    (if any)         		6514 Syslog over TLS

    Agents,
    Relays
    (if any)

    Only required if you enable bidirectional or manager-initiated communication.

    		 4118 HTTPS over TCP
    Agents DNS server 53 DNS over UDP
    NTP server 123 NTP over UDP
    SIEM or Syslog server
    (if any)    		 514 Syslog over UDP

    Workload Security

    Accounts created before 2020-11-23: 

    Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.

    

    Console (GUI)

    34.196.38.94

    34.198.27.224

    34.198.6.142

    34.205.210.199

    34.205.219.175

    34.205.239.162

    34.226.116.82

    34.233.153.57

    35.153.222.175

    35.169.254.68

    35.169.43.208

    35.172.176.62

    50.17.162.194

    52.0.124.201

    52.0.33.128

    52.202.124.22

    52.207.138.122

    52.22.162.229

    52.3.171.31

    52.72.111.249

    52.72.211.36

    52.87.46.150

    54.175.211.84

    54.80.120.113

    3.225.229.14

    18.215.67.148

    34.195.125.27

    3.86.123.174

    44.206.92.118

    44.194.122.255

    34.197.70.194

    18.213.159.46

    52.203.120.170

    44.205.104.224

    35.173.89.232

    44.196.197.8

    54.243.242.11

    34.200.138.190

    54.162.255.145

    52.203.15.159

    44.199.124.64

    18.210.225.102

    18.235.109.2

    44.211.7.123

    54.160.53.57

    18.209.2.38

    3.211.162.147

    34.233.239.156

    44.207.171.40

    18.96.96.27

    18.96.96.128

    18.97.19.0/27

    18.97.133.160

    18.97.133.27

    34.205.5.0

    34.205.5.27

    3.140.136.224

    3.140.136.27

    18.98.162.128

    18.98.162.27

    18.169.230.160

    18.169.230.27

    18.99.38.64

    18.99.38.27

    13.214.15.0

    13.214.15.27

    35.75.131.96

    35.75.131.27

    18.96.226.0

    18.96.226.27

    3.108.13.32

    3.108.13.27

    18.96.34.160

    18.96.34.27

    3.69.198.64

    3.69.198.27

    18.99.0.224

    18.99.0.27

    3.99.65.64

    3.99.65.27

    18.98.193.32

    18.98.193.27

    3.26.127.96

    3.26.127.27

    

    Activation and heartbeat

    34.192.67.219

    34.196.25.105

    34.199.44.254

    34.204.244.61

    34.206.23.113

    34.206.95.140

    34.206.146.6

    34.206.215.233

    52.23.102.52

    52.54.141.100

    52.54.240.176

    54.86.2.200

    

    Fast heartbeat

    34.192.145.157

    34.199.111.255

    34.204.221.63

    34.206.179.241

    52.44.129.132

    52.45.95.227

    52.55.183.116

    52.73.88.81

    52.202.143.169

    52.206.208.21

    54.208.106.230

    54.152.108.196

    54.85.86.247

    18.204.77.2

    54.84.198.181

    52.0.58.66

    52.6.19.160

    18.233.125.165

    34.227.134.223

    52.73.122.26

    34.233.252.54

    34.236.163.142

    52.44.40.85

    3.209.15.127

    52.70.113.18

    3.210.118.160

    54.175.77.19

    3.225.117.164

    54.224.63.108

    52.72.213.26

    18.235.177.174

    34.203.45.194

    54.165.185.17

    		 443 HTTPS over TCP
    Relays
    (if any)    		 4122 HTTPS over TCP
    Smart Protection Network 80 HTTP over TCP
    443 HTTPS over TCP
    Service Gateway
    (if any, instead of Smart Protection Network, for File Reputation feature)    		 8080 HTTP over TCP
    Smart Protection Server
    (if any, instead of Smart Protection Network, for File Reputation feature)    		 80 HTTP over TCP
    443 HTTPS over TCP
    Smart Protection Server
    (if any, instead of Smart Protection Network, for Web Reputation feature)    		 5274 HTTP over TCP
    5275 HTTPS over TCP
    Relays
    (if any)         		All destination addresses, ports, and protocols required by agents (each relay contains an agent)
    Other relays
    (if any)    		 4122 HTTPS over TCP

    Localhost
    (on relays, its agent connects locally, as opposed to a remote relay)

    Only configure if the server's other software uses the same port (a port conflict), or if host firewalls such as iptables or Windows Firewall block localhost connections (server connecting internally to itself). Network firewalls do not need to allow this port because localhost connections do not reach the network.

    		 4123 N/A

    Trend Micro Update Server / Active Update

    Accounts created before 2020-11-23: 

    Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.

    

    3.210.17.243

    3.222.238.73

    18.205.30.1

    18.210.96.90

    34.193.172.66

    34.194.74.60

    34.196.197.189

    34.204.219.38

    34.204.220.78

    34.205.83.195

    34.227.254.106

    34.232.200.81

    52.2.63.133

    52.3.39.108

    52.4.197.109

    52.20.8.32

    52.21.149.243

    52.44.144.238

    52.55.188.35

    52.201.199.128

    52.204.10.77

    52.206.54.30

    52.206.193.178

    52.207.18.27

    54.86.152.157

    54.87.173.241

    54.144.77.16

    54.156.82.102

    54.160.187.232

    54.165.40.223

    54.165.117.76

    54.174.156.3

    54.175.39.189

    54.210.11.136

    54.211.23.144

    54.221.238.214

    174.129.163.104

    18.214.137.160

    3.219.11.223

    52.73.153.11

    34.232.117.216

    18.235.47.237

    3.233.97.169

    44.197.94.111

    67.202.14.86

    3.209.20.62

    54.221.154.133

    18.211.153.108

    52.87.104.67

    23.23.5.105

    35.168.60.31

    34.239.97.161

    18.204.32.89

    3.210.83.69

    3.212.210.107

    54.84.225.146

    3.222.60.230

    54.85.75.36

    34.238.64.151

    44.205.155.46

    34.233.180.4

    18.210.56.78

    18.96.96.27

    18.96.96.128

    18.97.19.0

    18.97.19.27

    18.97.133.160

    18.97.133.27

    34.205.5.0

    34.205.5.27

    3.140.136.224

    3.140.136.27

    18.98.162.128

    18.98.162.27

    18.169.230.160

    18.169.230.27

    18.99.38.64

    18.99.38.27

    13.214.15.0

    13.214.15.27

    35.75.131.96

    35.75.131.27

    18.96.226.0

    18.96.226.27

    3.108.13.32

    3.108.13.27

    18.96.34.160

    18.96.34.27

    3.69.198.64

    3.69.198.27

    18.99.0.224

    18.99.0.27

    3.99.65.64

    3.99.65.27

    18.98.193.32

    18.98.193.27

    3.26.127.96

    3.26.127.27

    		 80 HTTP over TCP
    443 HTTPS over TCP

    Download Center,
    or its mirror on a local web server
    (if any)

    Accounts created before 2020-11-23: 

    Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.

    

    3.210.17.243

    3.222.238.73

    18.205.30.1

    18.210.96.90

    34.193.172.66

    34.194.74.60

    34.196.197.189

    34.204.219.38

    34.204.220.78

    34.205.83.195

    34.227.254.106

    34.232.200.81

    52.2.63.133

    52.3.39.108

    52.4.197.109

    52.20.8.32

    52.21.149.243

    52.44.144.238

    52.55.188.35

    52.201.199.128

    52.204.10.77

    52.206.54.30

    52.206.193.178

    52.207.18.27

    54.86.152.157

    54.87.173.241

    54.144.77.16

    54.156.82.102

    54.160.187.232

    54.165.40.223

    54.165.117.76

    54.174.156.3

    54.175.39.189

    54.210.11.136

    54.211.23.144

    54.221.238.214

    174.129.163.104

    18.214.137.160

    3.219.11.223

    52.73.153.11

    34.232.117.216

    18.235.47.237

    3.233.97.169

    44.197.94.111

    67.202.14.86

    3.209.20.62

    54.221.154.133

    18.211.153.108

    52.87.104.67

    23.23.5.105

    35.168.60.31

    34.239.97.161

    18.204.32.89

    3.210.83.69

    3.212.210.107

    54.84.225.146

    3.222.60.230

    54.85.75.36

    34.238.64.151

    44.205.155.46

    34.233.180.4

    18.210.56.78

    18.96.96.27

    18.96.96.128

    18.97.19.0

    18.97.19.27

    18.97.133.160

    18.97.133.27

    34.205.5.0

    34.205.5.27

    3.140.136.224

    3.140.136.27

    18.98.162.128

    18.98.162.27

    18.169.230.160

    18.169.230.27

    18.99.38.64

    18.99.38.27

    13.214.15.0

    13.214.15.27

    35.75.131.96

    35.75.131.27

    18.96.226.0

    18.96.226.27

    3.108.13.32

    3.108.13.27

    18.96.34.160

    18.96.34.27

    3.69.198.64

    3.69.198.27

    18.99.0.224

    18.99.0.27

    3.99.65.64

    3.99.65.27

    18.98.193.32

    18.98.193.27

    3.26.127.96

    3.26.127.27

    		 443 HTTPS over TCP
    Data Center Gateway
    (if any)         		DNS server 53 DNS over UDP
    NTP server 123 NTP over UDP
    Workload Security 443 HTTPS over TCP
    VMware vCenter 443 HTTPS over TCP
    Microsoft Active Directory 389 STARTTLS and LDAP over TCP and UDP
    636 LDAPS over TCP and UDP
    Service Gateway
    (if any)         		DNS server 53 DNS over UDP
    NTP server 123 NTP over UDP
    Trend Micro Smart Protection Network
    (for File Reputation feature)    		 80 HTTP over TCP
    443 HTTPS over TCP
    API clients
    (if any)         		Workload Security 443 HTTPS over TCP

    Required Workload Security URLs

    Web proxies and URL filters can inspect the HTTP layer of connections: valid certificates, URL (such as /index), fully-qualified domain name (FQDN) (such as Host: store.example.com:8080), and more. Allow all URLs on every FQDN listed in the following table.

    For example, agents and relays must be able to download software updates from files.trendmicro.com on port 80 or 443. You have allowed that TCP/IP connection on your firewall. However, the connection contains the HTTP or HTTPS protocol, which can be blocked not only by firewalls, but also by web proxies and web filters. Therefore you must configure them to allow https://files.trendmicro.com/ or http://files.trendmicro.com/ and all sub-URLs.

    Some FQDNs are required only if you use specific components and features, as indicated.

    Source Address Destination Address Host FQDN Protocols
    Agents,
    Relays
    (if any)

    Workload Security
    Agent 20.0 build 1541 and later:

    The FQDNs for your region:

    
    • Australia: *workload.au-1.cloudone.trendmicro.com
    • Canada: *workload.ca-1.cloudone.trendmicro.com
    • Germany: *workload.de-1.cloudone.trendmicro.com
    • India: *workload.in-1.cloudone.trendmicro.com
    • Japan: *workload.jp-1.cloudone.trendmicro.com
    • Singapore: *workload.sg-1.cloudone.trendmicro.com
    • UK: *workload.gb-1.cloudone.trendmicro.com
    • USA: *workload.us-1.cloudone.trendmicro.com
    If your firewall does not support wild card FQDNs (such as *workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
    Australia:
    • workload.au-1.cloudone.trendmicro.com
    • agents.workload.au-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
    • agent-comm.workload.au-1.cloudone.trendmicro.com
    • dsmim.workload.au-1.cloudone.trendmicro.com
    • relay.workload.au-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
    Canada:
    • workload.ca-1.cloudone.trendmicro.com
    • agents.workload.ca-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
    • agent-comm.workload.ca-1.cloudone.trendmicro.com
    • dsmim.workload.ca-1.cloudone.trendmicro.com
    • relay.workload.ca-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
    Germany:
    • workload.de-1.cloudone.trendmicro.com
    • agents.workload.de-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
    • agent-comm.workload.de-1.cloudone.trendmicro.com
    • dsmim.workload.de-1.cloudone.trendmicro.com
    • relay.workload.de-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
    India:
    • workload.in-1.cloudone.trendmicro.com
    • agents.workload.in-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
    • agent-comm.workload.in-1.cloudone.trendmicro.com
    • dsmim.workload.in-1.cloudone.trendmicro.com
    • relay.workload.in-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
    Japan:
    • workload.jp-1.cloudone.trendmicro.com
    • agents.workload.jp-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
    • agent-comm.workload.jp-1.cloudone.trendmicro.com
    • dsmim.workload.jp-1.cloudone.trendmicro.com
    • relay.workload.jp-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
    Singapore:
    • workload.sg-1.cloudone.trendmicro.com
    • agents.workload.sg-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
    • agent-comm.workload.sg-1.cloudone.trendmicro.com
    • dsmim.workload.sg-1.cloudone.trendmicro.com
    • relay.workload.sg-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
    UK:
    • workload.gb-1.cloudone.trendmicro.com
    • agents.workload.gb-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
    • agent-comm.workload.gb-1.cloudone.trendmicro.com
    • dsmim.workload.gb-1.cloudone.trendmicro.com
    • relay.workload.gb-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
    USA:
    • workload.us-1.cloudone.trendmicro.com
    • agents.deepsecurity.trendmicro.com
    • agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
    • agent-comm.workload.us-1.cloudone.trendmicro.com
    • dsmim.deepsecurity.trendmicro.com
    • relay.deepsecurity.trendmicro.com
    • xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com
    Agent 20.0 build 1540 and earlier:

    The FQDNs for your region:

    
    • Australia: *workload.au-1.cloudone.trendmicro.com
    • Canada: *workload.ca-1.cloudone.trendmicro.com
    • Germany: *workload.de-1.cloudone.trendmicro.com
    • India: *workload.in-1.cloudone.trendmicro.com
    • Japan: *workload.jp-1.cloudone.trendmicro.com
    • Singapore: *workload.sg-1.cloudone.trendmicro.com
    • UK: *workload.gb-1.cloudone.trendmicro.com
    • USA: *workload.us-1.cloudone.trendmicro.com

    and the legacy domain names:

    • app.deepsecurity.trendmicro.com
    • agents.deepsecurity.trendmicro.com
    • dsmim.deepsecurity.trendmicro.com
    • relay.deepsecurity.trendmicro.com
    If your firewall does not support wild card FQDNs (such as *workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
    Australia:
    • workload.au-1.cloudone.trendmicro.com
    • agents.workload.au-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
    • agent-comm.workload.au-1.cloudone.trendmicro.com
    • dsmim.workload.au-1.cloudone.trendmicro.com
    • relay.workload.au-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
    Canada:
    • workload.ca-1.cloudone.trendmicro.com
    • agents.workload.ca-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
    • agent-comm.workload.ca-1.cloudone.trendmicro.com
    • dsmim.workload.ca-1.cloudone.trendmicro.com
    • relay.workload.ca-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
    Germany:
    • workload.de-1.cloudone.trendmicro.com
    • agents.workload.de-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
    • agent-comm.workload.de-1.cloudone.trendmicro.com
    • dsmim.workload.de-1.cloudone.trendmicro.com
    • relay.workload.de-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
    India:
    • workload.in-1.cloudone.trendmicro.com
    • agents.workload.in-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
    • agent-comm.workload.in-1.cloudone.trendmicro.com
    • dsmim.workload.in-1.cloudone.trendmicro.com
    • relay.workload.in-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
    Japan:
    • workload.jp-1.cloudone.trendmicro.com
    • agents.workload.jp-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
    • agent-comm.workload.jp-1.cloudone.trendmicro.com
    • dsmim.workload.jp-1.cloudone.trendmicro.com
    • relay.workload.jp-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
    Singapore:
    • workload.sg-1.cloudone.trendmicro.com
    • agents.workload.sg-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
    • agent-comm.workload.sg-1.cloudone.trendmicro.com
    • dsmim.workload.sg-1.cloudone.trendmicro.com
    • relay.workload.sg-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
    UK:
    • workload.gb-1.cloudone.trendmicro.com
    • agents.workload.gb-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
    • agent-comm.workload.gb-1.cloudone.trendmicro.com
    • dsmim.workload.gb-1.cloudone.trendmicro.com
    • relay.workload.gb-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
    USA:
    • workload.us-1.cloudone.trendmicro.com
    • agents.deepsecurity.trendmicro.com
    • agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
    • agent-comm.workload.us-1.cloudone.trendmicro.com
    • dsmim.deepsecurity.trendmicro.com
    • relay.deepsecurity.trendmicro.com
    • xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com

    HTTPS

    HTTP

    Download Center,
    or its mirror on a local web server
    (if any)
    • files.trendmicro.com
      or the local web server's FQDN

    HTTPS

    HTTP

    Trend Micro Update Server / Active Update
    • iaus.activeupdate.trendmicro.com
    • iaus.trendmicro.com
    • ipv6-iaus.trendmicro.com
    • ipv6-iaus.activeupdate.trendmicro.com

    HTTPS

    HTTP

    Trend Vision One
    • .xdr.trendmicro.com
    • .xdr.trendmicro.co.jp

    HTTPS

    HTTP
    Agents Smart Protection Network
    • dsaas1100-en-census.trendmicro.com

    Only required for the Global Census feature's behavior monitoring, and predictive machine learning.

    HTTPS

    HTTP
    Agent 20.0 and later:
    • ds200-en.fbs25.trendmicro.com
    • ds200-jp.fbs25.trendmicro.com
    Agent 12.0:
    • ds120-en.fbs25.trendmicro.com
    • ds120-jp.fbs25.trendmicro.com
    Agent 11.0:
    • deepsecurity1100-en.fbs25.trendmicro.com
    • deepsecurity1100-jp.fbs25.trendmicro.com
    Agent 10.0:
    • deepsecurity1000-en.fbs20.trendmicro.com
    • deepsecurity1000-jp.fbs20.trendmicro.com
    • deepsecurity1000-sc.fbs20.trendmicro.com

    Only required for Smart Feedback.

    HTTPS

    HTTP
    • dsaas.icrc.trendmicro.com

    Only required for Smart Scan.

    HTTPS

    HTTP
    • dsaas-en-f.trx.trendmicro.com
    • dsaas-en-b.trx.trendmicro.com

    Only required for predictive machine learning.

    HTTPS

    HTTP
    • deepsecaas11-en.gfrbridge.trendmicro.com

    Only required for the File Reputation feature's behavior monitoring, predictive machine learning, and process memory scans.

    HTTPS

    HTTP
    • dsaas.url.trendmicro.com

    Only required for Web Reputation.

    HTTPS

    HTTP
    Smart Protection Server
    (if any, instead of Smart Protection Network)
    • Your Smart Protection Server's FQDN

    Only required for File Reputation and Web Reputation. Other features still require the Smart Protection Network, and cannot use this local server.

    HTTPS

    HTTP
    Workload Security

    Agents,
    Relays
    (if any)

    Only required if you enable bidirectional or manager-initiated communication.
    Agent 20.0 build 1559 and later:

    The FQDNs for your region:

    
    • Australia: agents*.workload.au-1.cloudone.trendmicro.com
    • Canada: agents*.workload.ca-1.cloudone.trendmicro.com
    • Germany: agents*.workload.de-1.cloudone.trendmicro.com
    • India: agents*.workload.in-1.cloudone.trendmicro.com
    • Japan: agents*.workload.jp-1.cloudone.trendmicro.com
    • Singapore: agents*.workload.sg-1.cloudone.trendmicro.com
    • UK: agents*.workload.gb-1.cloudone.trendmicro.com
    • USA: agents*.workload.us-1.cloudone.trendmicro.com
    If your firewall does not support wild card FQDNs (such as agents*.workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
    Australia:
    • agents.workload.au-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
    Canada:
    • agents.workload.ca-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
    Germany:
    • agents.workload.de-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
    India:
    • agents.workload.in-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
    Japan:
    • agents.workload.jp-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
    Singapore:
    • agents.workload.sg-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
    UK:
    • agents.workload.gb-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
    USA:
    • agents.deepsecurity.trendmicro.com
    • agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
    Agent 20.0 build 1558 and earlier:

    The FQDNs for your region:

    
    • Australia: agents*.workload.au-1.cloudone.trendmicro.com
    • Canada: agents*.workload.ca-1.cloudone.trendmicro.com
    • Germany: agents*.workload.de-1.cloudone.trendmicro.com
    • India: agents*.workload.in-1.cloudone.trendmicro.com
    • Japan: agents*.workload.jp-1.cloudone.trendmicro.com
    • Singapore: agents*.workload.sg-1.cloudone.trendmicro.com
    • UK: agents*.workload.gb-1.cloudone.trendmicro.com
    • USA: agents*.workload.us-1.cloudone.trendmicro.com

    and the legacy domain name:

    • agents.deepsecurity.trendmicro.com
    If your firewall does not support wild card FQDNs (such as agents*.workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
    Australia:
    • agents.workload.au-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
    Canada:
    • agents.workload.ca-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
    Germany:
    • agents.workload.de-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
    India:
    • agents.workload.in-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
    Japan:
    • agents.workload.jp-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
    Singapore:
    • agents.workload.sg-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
    UK:
    • agents.workload.gb-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
    USA:
    • agents.deepsecurity.trendmicro.com
    • agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
    		 HTTPS
    Data Center Gateways
    (if any)    		 Workload Security

    The FQDNs for your region:

    Australia:
    • gateway.workload.au-1.cloudone.trendmicro.com
    • gateway-control.workload.au-1.cloudone.trendmicro.com
    Canada:
    • gateway.workload.ca-1.cloudone.trendmicro.com
    • gateway-control.workload.ca-1.cloudone.trendmicro.com
    Germany:
    • gateway.workload.de-1.cloudone.trendmicro.com
    • gateway-control.workload.de-1.cloudone.trendmicro.com
    India:
    • gateway.workload.in-1.cloudone.trendmicro.com
    • gateway-control.workload.in-1.cloudone.trendmicro.com
    Japan:
    • gateway.workload.jp-1.cloudone.trendmicro.com
    • gateway-control.workload.jp-1.cloudone.trendmicro.com
    Singapore:
    • gateway.workload.sg-1.cloudone.trendmicro.com
    • gateway-control.workload.sg-1.cloudone.trendmicro.com
    UK:
    • gateway.workload.gb-1.cloudone.trendmicro.com
    • gateway-control.workload.gb-1.cloudone.trendmicro.com
    USA:
    • gateway.workload.us-1.cloudone.trendmicro.com
    • gateway-control.workload.us-1.cloudone.trendmicro.com

    HTTPS
    API clients
    (if any)    		 Workload Security

    The FQDNs for your region:

    
    • Australia: *workload.au-1.cloudone.trendmicro.com
    • Canada: *workload.ca-1.cloudone.trendmicro.com
    • Germany: *workload.de-1.cloudone.trendmicro.com
    • India: *workload.in-1.cloudone.trendmicro.com
    • Japan: *workload.jp-1.cloudone.trendmicro.com
    • Singapore: *workload.sg-1.cloudone.trendmicro.com
    • UK: *workload.gb-1.cloudone.trendmicro.com
    • USA: *workload.us-1.cloudone.trendmicro.com

    and depending on which API you use, one of the following legacy domain names:

    • app.deepsecurity.trendmicro.com/api
    • app.deepsecurity.trendmicro.com/webservice/Manager?WSDL (deprecated)
    • app.deepsecurity.trendmicro.com/rest (deprecated)
    If your web filter does not support wild card FQDNs such as *workload.<region>.cloudone.trendmicro.com, then instead you must individually allow every FQDN that matches: 
    Australia:
    • workload.au-1.cloudone.trendmicro.com
    • agents.workload.au-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
    • agent-comm.workload.au-1.cloudone.trendmicro.com
    • dsmim.workload.au-1.cloudone.trendmicro.com
    • relay.workload.au-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
    Canada:
    • workload.ca-1.cloudone.trendmicro.com
    • agents.workload.ca-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
    • agent-comm.workload.ca-1.cloudone.trendmicro.com
    • dsmim.workload.ca-1.cloudone.trendmicro.com
    • relay.workload.ca-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
    Germany:
    • workload.de-1.cloudone.trendmicro.com
    • agents.workload.de-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
    • agent-comm.workload.de-1.cloudone.trendmicro.com
    • dsmim.workload.de-1.cloudone.trendmicro.com
    • relay.workload.de-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
    India:
    • workload.in-1.cloudone.trendmicro.com
    • agents.workload.in-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
    • agent-comm.workload.in-1.cloudone.trendmicro.com
    • dsmim.workload.in-1.cloudone.trendmicro.com
    • relay.workload.in-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
    Japan:
    • workload.jp-1.cloudone.trendmicro.com
    • agents.workload.jp-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
    • agent-comm.workload.jp-1.cloudone.trendmicro.com
    • dsmim.workload.jp-1.cloudone.trendmicro.com
    • relay.workload.jp-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
    Singapore:
    • workload.sg-1.cloudone.trendmicro.com
    • agents.workload.sg-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
    • agent-comm.workload.sg-1.cloudone.trendmicro.com
    • dsmim.workload.sg-1.cloudone.trendmicro.com
    • relay.workload.sg-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
    UK:
    • workload.gb-1.cloudone.trendmicro.com
    • agents.workload.gb-1.cloudone.trendmicro.com
    • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
    • agent-comm.workload.gb-1.cloudone.trendmicro.com
    • dsmim.workload.gb-1.cloudone.trendmicro.com
    • relay.workload.gb-1.cloudone.trendmicro.com
    • xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
    USA:
    • workload.us-1.cloudone.trendmicro.com
    • agents.deepsecurity.trendmicro.com
    • agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
    • agent-comm.workload.us-1.cloudone.trendmicro.com
    • dsmim.deepsecurity.trendmicro.com
    • relay.deepsecurity.trendmicro.com
    • xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com

    HTTPS
    Notification Service Workload Security

    The FQDNs for your region:

    
    • Australia: *workload.au-1.cloudone.trendmicro.com
    • Canada: *workload.ca-1.cloudone.trendmicro.com
    • Germany: *workload.de-1.cloudone.trendmicro.com
    • India: *workload.in-1.cloudone.trendmicro.com
    • Japan: *workload.jp-1.cloudone.trendmicro.com
    • Singapore: *workload.sg-1.cloudone.trendmicro.com
    • UK: *workload.gb-1.cloudone.trendmicro.com
    • USA: *workload.us-1.cloudone.trendmicro.com
    • UAE: *workload.ae-1.cloudone.trendmicro.com

    If your firewall does not support wild card FQDNs such as c1ws-notification.<region>.cloudone.trendmicro.com, then you must individually allow every FQDN.

    HTTPS