Port numbers, URLs, and IP addresses
Workload Security components communicate over your network using the following:
Before deployment, your network administrator might need to configure firewalls, AWS security groups, and web proxies to allow those network services.
Default settings are displayed. Many network settings are configurable. For example, if your network has a web proxy, you could configure agents to connect through it on port 1443, instead of directly to Workload Security on port 443. If you change the default settings, then firewalls must allow communications via the new settings.
The following network diagram provides an overview:
Required Workload Security IP addresses and port numbers
The following table is organized by source address (the deployment component which starts the TCP connection or UDP session). Replies (packets in the same connection but opposite direction, from the destination address) usually must be allowed, too.
Workload Security servers usually have dynamic IP addresses (that is, other computers in your deployment use DNS queries to find the current IP address of a Workload Security FQDN when required). For the list of Workload Security domain names, see Required Workload Security URLs.
Some ports are required only if you use specific components and features. Some services might have static IP addresses. These exceptions and optional features are indicated.
All ports in the table are destination ports (also known as listening ports). Like many software, Workload Security also uses a range of dynamic, ephemeral source ports when opening a socket. Rarely, ephemeral source ports might be blocked, which causes connectivity issues. If that happens, you must also open the source ports.
SourceAddress |
DestinationAddress |
Port(Default) |
Protocol |
Administrator's computer |
DNS server |
53 |
DNS over UDP |
NTP server |
123 |
NTP over UDP |
Workload Security
Accounts created before 2020-11-23:
|
443 |
HTTPS over TCP |
Workload Security
Subnets:
Australia:
3.26.127.96/27
Canada:
3.99.65.64/27
Germany:
3.69.198.64/27
India:
3.108.13.32/27
Japan:
35.75.131.96/27
Singapore:
13.214.15.0/27
UK:
18.169.230.160/27
USA:
3.140.136.224/27
34.205.5.0/27
|
SIEM or Syslog server (if any)
|
514 |
Syslog over UDP |
SIEM or Syslog server (if any)
|
6514 |
Syslog over TLS |
Agents, Relays (if any)
Only required if you enable bidirectional or manager-initiated communication.
|
4118 |
HTTPS over TCP |
Agents |
DNS server |
53 |
DNS over UDP |
NTP server |
123 |
NTP over UDP |
SIEM or Syslog server (if any) |
514 |
Syslog over UDP |
Workload Security
Accounts created before 2020-11-23:
Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.
Console (GUI)
34.196.38.94
34.198.27.224
34.198.6.142
34.205.210.199
34.205.219.175
34.205.239.162
34.226.116.82
34.233.153.57
35.153.222.175
35.169.254.68
35.169.43.208
35.172.176.62
50.17.162.194
52.0.124.201
52.0.33.128
52.202.124.22
52.207.138.122
52.22.162.229
52.3.171.31
52.72.111.249
52.72.211.36
52.87.46.150
54.175.211.84
54.80.120.113
3.225.229.14
18.215.67.148
34.195.125.27
3.86.123.174
44.206.92.118
44.194.122.255
34.197.70.194
18.213.159.46
52.203.120.170
44.205.104.224
35.173.89.232
44.196.197.8
54.243.242.11
34.200.138.190
54.162.255.145
52.203.15.159
44.199.124.64
18.210.225.102
18.235.109.2
44.211.7.123
54.160.53.57
18.209.2.38
3.211.162.147
34.233.239.156
44.207.171.40
Activation and heartbeat
34.192.67.219
34.196.25.105
34.199.44.254
34.204.244.61
34.206.23.113
34.206.95.140
34.206.146.6
34.206.215.233
52.23.102.52
52.54.141.100
52.54.240.176
54.86.2.200
Fast heartbeat
34.192.145.157
34.199.111.255
34.204.221.63
34.206.179.241
52.44.129.132
52.45.95.227
52.55.183.116
52.73.88.81
52.202.143.169
52.206.208.21
54.208.106.230
54.152.108.196
54.85.86.247
18.204.77.2
54.84.198.181
52.0.58.66
52.6.19.160
18.233.125.165
34.227.134.223
52.73.122.26
34.233.252.54
34.236.163.142
52.44.40.85
3.209.15.127
52.70.113.18
3.210.118.160
54.175.77.19
3.225.117.164
54.224.63.108
52.72.213.26
18.235.177.174
34.203.45.194
54.165.185.17
|
443 |
HTTPS over TCP |
Relays (if any) |
4122 |
HTTPS over TCP |
Smart Protection Network |
80 |
HTTP over TCP |
443 |
HTTPS over TCP |
Service Gateway (if any, instead of Smart Protection Network, for File Reputation feature) |
8080 |
HTTP over TCP |
Smart Protection Server (if any, instead of Smart Protection Network, for File Reputation feature) |
80 |
HTTP over TCP |
443 |
HTTPS over TCP |
Smart Protection Server (if any, instead of Smart Protection Network, for Web Reputation feature) |
5274 |
HTTP over TCP |
5275 |
HTTPS over TCP |
Relays (if any)
|
All destination addresses, ports, and protocols required by agents (each relay contains an agent) |
Other relays (if any) |
4122 |
HTTPS over TCP |
Localhost (on relays, its agent connects locally, not to a remote relay)
Only configure if the server's other software uses the same port (a port conflict), or if host firewalls such as iptables or Windows Firewall block localhost connections (server connecting internally to itself). Network firewalls do not need to allow this port because localhost connections do not reach the network.
|
4123 |
N/A |
Trend Micro Update Server / Active Update
Accounts created before 2020-11-23:
Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.
3.210.17.243
3.222.238.73
18.205.30.1
18.210.96.90
34.193.172.66
34.194.74.60
34.196.197.189
34.204.219.38
34.204.220.78
34.205.83.195
34.227.254.106
34.232.200.81
52.2.63.133
52.3.39.108
52.4.197.109
52.20.8.32
52.21.149.243
52.44.144.238
52.55.188.35
52.201.199.128
52.204.10.77
52.206.54.30
52.206.193.178
52.207.18.27
54.86.152.157
54.87.173.241
54.144.77.16
54.156.82.102
54.160.187.232
54.165.40.223
54.165.117.76
54.174.156.3
54.175.39.189
54.210.11.136
54.211.23.144
54.221.238.214
174.129.163.104
18.214.137.160
3.219.11.223
52.73.153.11
34.232.117.216
18.235.47.237
3.233.97.169
44.197.94.111
67.202.14.86
3.209.20.62
54.221.154.133
18.211.153.108
52.87.104.67
23.23.5.105
35.168.60.31
34.239.97.161
18.204.32.89
3.210.83.69
3.212.210.107
54.84.225.146
3.222.60.230
54.85.75.36
34.238.64.151
44.205.155.46
34.233.180.4
18.210.56.78
|
80 |
HTTP over TCP |
443 |
HTTPS over TCP |
Download Center, or its mirror on a local web server (if any)
Accounts created before 2020-11-23:
Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.
3.210.17.243
3.222.238.73
18.205.30.1
18.210.96.90
34.193.172.66
34.194.74.60
34.196.197.189
34.204.219.38
34.204.220.78
34.205.83.195
34.227.254.106
34.232.200.81
52.2.63.133
52.3.39.108
52.4.197.109
52.20.8.32
52.21.149.243
52.44.144.238
52.55.188.35
52.201.199.128
52.204.10.77
52.206.54.30
52.206.193.178
52.207.18.27
54.86.152.157
54.87.173.241
54.144.77.16
54.156.82.102
54.160.187.232
54.165.40.223
54.165.117.76
54.174.156.3
54.175.39.189
54.210.11.136
54.211.23.144
54.221.238.214
174.129.163.104
18.214.137.160
3.219.11.223
52.73.153.11
34.232.117.216
18.235.47.237
3.233.97.169
44.197.94.111
67.202.14.86
3.209.20.62
54.221.154.133
18.211.153.108
52.87.104.67
23.23.5.105
35.168.60.31
34.239.97.161
18.204.32.89
3.210.83.69
3.212.210.107
54.84.225.146
3.222.60.230
54.85.75.36
34.238.64.151
44.205.155.46
34.233.180.4
18.210.56.78
|
443 |
HTTPS over TCP |
Data Center Gateway (if any)
|
DNS server |
53 |
DNS over UDP |
NTP server |
123 |
NTP over UDP |
Workload Security |
443 |
HTTPS over TCP |
VMware vCenter |
443 |
HTTPS over TCP |
Microsoft Active Directory |
389 |
STARTTLS and LDAP over TCP and UDP |
636 |
LDAPS over TCP and UDP |
Service Gateway (if any)
|
DNS server |
53 |
DNS over UDP |
NTP server |
123 |
NTP over UDP |
Trend Micro Smart Protection Network (for File Reputation feature) |
80 |
HTTP over TCP |
443 |
HTTPS over TCP |
API clients (if any)
|
Workload Security |
443 |
HTTPS over TCP |
Required Workload Security URLs
Web proxies and URL filters can inspect the HTTP layer of connections: valid certificates, URL (such as /index
), fully-qualified domain name (FQDN) (such as Host: store.example.com:8080
), and more. Allow all URLs on every FQDN listed in the following table.
For example, agents and relays must be able to download software updates from files.trendmicro.com
on port 80 or 443. You have allowed that TCP/IP connection on your firewall. However, the connection contains the HTTP or HTTPS protocol, which can be blocked not only by firewalls, but also by web proxies and web filters. Therefore you must configure them to allow https://files.trendmicro.com/
or http://files.trendmicro.com/
and all sub-URLs.
Some FQDNs are required only if you use specific components and features, as indicated.
Source Address |
Destination Address |
Host FQDN |
Protocols |
Agents, Relays (if any) |
Workload Security
|
Agent 20.0 build 1541 and later:
The FQDNs for your region:
- Australia: *workload.au-1.cloudone.trendmicro.com
- Canada: *workload.ca-1.cloudone.trendmicro.com
- Germany: *workload.de-1.cloudone.trendmicro.com
- India: *workload.in-1.cloudone.trendmicro.com
- Japan: *workload.jp-1.cloudone.trendmicro.com
- Singapore: *workload.sg-1.cloudone.trendmicro.com
- UK: *workload.gb-1.cloudone.trendmicro.com
- USA: *workload.us-1.cloudone.trendmicro.com
If your firewall does not support wild card FQDNs (such as *workload.<region>.cloudone.trendmicro.com ), then instead you must individually allow every FQDN that matches:
Australia:
- workload.au-1.cloudone.trendmicro.com
- agents.workload.au-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
- agent-comm.workload.au-1.cloudone.trendmicro.com
- dsmim.workload.au-1.cloudone.trendmicro.com
- relay.workload.au-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
Canada:
- workload.ca-1.cloudone.trendmicro.com
- agents.workload.ca-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
- agent-comm.workload.ca-1.cloudone.trendmicro.com
- dsmim.workload.ca-1.cloudone.trendmicro.com
- relay.workload.ca-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
Germany:
- workload.de-1.cloudone.trendmicro.com
- agents.workload.de-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
- agent-comm.workload.de-1.cloudone.trendmicro.com
- dsmim.workload.de-1.cloudone.trendmicro.com
- relay.workload.de-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
India:
- workload.in-1.cloudone.trendmicro.com
- agents.workload.in-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
- agent-comm.workload.in-1.cloudone.trendmicro.com
- dsmim.workload.in-1.cloudone.trendmicro.com
- relay.workload.in-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
Japan:
- workload.jp-1.cloudone.trendmicro.com
- agents.workload.jp-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
- agent-comm.workload.jp-1.cloudone.trendmicro.com
- dsmim.workload.jp-1.cloudone.trendmicro.com
- relay.workload.jp-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
Singapore:
- workload.sg-1.cloudone.trendmicro.com
- agents.workload.sg-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
- agent-comm.workload.sg-1.cloudone.trendmicro.com
- dsmim.workload.sg-1.cloudone.trendmicro.com
- relay.workload.sg-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
UK:
- workload.gb-1.cloudone.trendmicro.com
- agents.workload.gb-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
- agent-comm.workload.gb-1.cloudone.trendmicro.com
- dsmim.workload.gb-1.cloudone.trendmicro.com
- relay.workload.gb-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
USA:
- workload.us-1.cloudone.trendmicro.com
- agents.deepsecurity.trendmicro.com
- agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
- agent-comm.workload.us-1.cloudone.trendmicro.com
- dsmim.deepsecurity.trendmicro.com
- relay.deepsecurity.trendmicro.com
- xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com
Agent 20.0 build 1540 and earlier:
The FQDNs for your region:
- Australia: *workload.au-1.cloudone.trendmicro.com
- Canada: *workload.ca-1.cloudone.trendmicro.com
- Germany: *workload.de-1.cloudone.trendmicro.com
- India: *workload.in-1.cloudone.trendmicro.com
- Japan: *workload.jp-1.cloudone.trendmicro.com
- Singapore: *workload.sg-1.cloudone.trendmicro.com
- UK: *workload.gb-1.cloudone.trendmicro.com
- USA: *workload.us-1.cloudone.trendmicro.com
and the legacy domain names:
- app.deepsecurity.trendmicro.com
- agents.deepsecurity.trendmicro.com
- dsmim.deepsecurity.trendmicro.com
- relay.deepsecurity.trendmicro.com
If your firewall does not support wild card FQDNs (such as *workload.<region>.cloudone.trendmicro.com ), then instead you must individually allow every FQDN that matches:
Australia:
- workload.au-1.cloudone.trendmicro.com
- agents.workload.au-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
- agent-comm.workload.au-1.cloudone.trendmicro.com
- dsmim.workload.au-1.cloudone.trendmicro.com
- relay.workload.au-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
Canada:
- workload.ca-1.cloudone.trendmicro.com
- agents.workload.ca-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
- agent-comm.workload.ca-1.cloudone.trendmicro.com
- dsmim.workload.ca-1.cloudone.trendmicro.com
- relay.workload.ca-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
Germany:
- workload.de-1.cloudone.trendmicro.com
- agents.workload.de-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
- agent-comm.workload.de-1.cloudone.trendmicro.com
- dsmim.workload.de-1.cloudone.trendmicro.com
- relay.workload.de-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
India:
- workload.in-1.cloudone.trendmicro.com
- agents.workload.in-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
- agent-comm.workload.in-1.cloudone.trendmicro.com
- dsmim.workload.in-1.cloudone.trendmicro.com
- relay.workload.in-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
Japan:
- workload.jp-1.cloudone.trendmicro.com
- agents.workload.jp-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
- agent-comm.workload.jp-1.cloudone.trendmicro.com
- dsmim.workload.jp-1.cloudone.trendmicro.com
- relay.workload.jp-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
Singapore:
- workload.sg-1.cloudone.trendmicro.com
- agents.workload.sg-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
- agent-comm.workload.sg-1.cloudone.trendmicro.com
- dsmim.workload.sg-1.cloudone.trendmicro.com
- relay.workload.sg-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
UK:
- workload.gb-1.cloudone.trendmicro.com
- agents.workload.gb-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
- agent-comm.workload.gb-1.cloudone.trendmicro.com
- dsmim.workload.gb-1.cloudone.trendmicro.com
- relay.workload.gb-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
USA:
- workload.us-1.cloudone.trendmicro.com
- agents.deepsecurity.trendmicro.com
- agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
- agent-comm.workload.us-1.cloudone.trendmicro.com
- dsmim.deepsecurity.trendmicro.com
- relay.deepsecurity.trendmicro.com
- xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com
|
HTTPS
HTTP
|
Download Center, or its mirror on a local web server (if any)
|
- files.trendmicro.com
or the local web server's FQDN
|
HTTPS
HTTP
|
Trend Micro Update Server / Active Update
|
- iaus.activeupdate.trendmicro.com
- iaus.trendmicro.com
- ipv6-iaus.trendmicro.com
- ipv6-iaus.activeupdate.trendmicro.com
|
HTTPS
HTTP
|
Trend Vision One
|
- .xdr.trendmicro.com
- .xdr.trendmicro.co.jp
|
HTTPS
HTTP
|
Agents |
Smart Protection Network |
- dsaas1100-en-census.trendmicro.com
Only required for the Global Census feature's behavior monitoring, and predictive machine learning.
|
HTTPS
HTTP
|
Agent 20.0 and later:
- ds200-en.fbs25.trendmicro.com
- ds200-jp.fbs25.trendmicro.com
Agent 12.0:
- ds120-en.fbs25.trendmicro.com
- ds120-jp.fbs25.trendmicro.com
Agent 11.0:
- deepsecurity1100-en.fbs25.trendmicro.com
- deepsecurity1100-jp.fbs25.trendmicro.com
Agent 10.0:
- deepsecurity1000-en.fbs20.trendmicro.com
- deepsecurity1000-jp.fbs20.trendmicro.com
- deepsecurity1000-sc.fbs20.trendmicro.com
Only required for Smart Feedback.
|
HTTPS
HTTP
|
- dsaas.icrc.trendmicro.com
Only required for Smart Scan.
|
HTTPS
HTTP
|
- dsaas-en-f.trx.trendmicro.com
- dsaas-en-b.trx.trendmicro.com
Only required for predictive machine learning.
|
HTTPS
HTTP
|
- deepsecaas11-en.gfrbridge.trendmicro.com
Only required for the File Reputation feature's behavior monitoring, predictive machine learning, and process memory scans.
|
HTTPS
HTTP
|
Only required for Web Reputation.
|
HTTPS
HTTP
|
Smart Protection Server (if any, instead of Smart Protection Network) |
- Your Smart Protection Server's FQDN
Only required for File Reputation and Web Reputation. Other features still require the Smart Protection Network, and cannot use this local server.
|
HTTPS
HTTP
|
Workload Security |
Agents, Relays (if any)
Only required if you enable bidirectional or manager-initiated communication.
|
Agent 20.0 build 1559 and later:
The FQDNs for your region:
- Australia: agents*.workload.au-1.cloudone.trendmicro.com
- Canada: agents*.workload.ca-1.cloudone.trendmicro.com
- Germany: agents*.workload.de-1.cloudone.trendmicro.com
- India: agents*.workload.in-1.cloudone.trendmicro.com
- Japan: agents*.workload.jp-1.cloudone.trendmicro.com
- Singapore: agents*.workload.sg-1.cloudone.trendmicro.com
- UK: agents*.workload.gb-1.cloudone.trendmicro.com
- USA: agents*.workload.us-1.cloudone.trendmicro.com
If your firewall does not support wild card FQDNs (such as agents*.workload.<region>.cloudone.trendmicro.com ), then instead you must individually allow every FQDN that matches:
Australia:
- agents.workload.au-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
Canada:
- agents.workload.ca-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
Germany:
- agents.workload.de-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
India:
- agents.workload.in-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
Japan:
- agents.workload.jp-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
Singapore:
- agents.workload.sg-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
UK:
- agents.workload.gb-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
USA:
- agents.deepsecurity.trendmicro.com
- agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
Agent 20.0 build 1558 and earlier:
The FQDNs for your region:
- Australia: agents*.workload.au-1.cloudone.trendmicro.com
- Canada: agents*.workload.ca-1.cloudone.trendmicro.com
- Germany: agents*.workload.de-1.cloudone.trendmicro.com
- India: agents*.workload.in-1.cloudone.trendmicro.com
- Japan: agents*.workload.jp-1.cloudone.trendmicro.com
- Singapore: agents*.workload.sg-1.cloudone.trendmicro.com
- UK: agents*.workload.gb-1.cloudone.trendmicro.com
- USA: agents*.workload.us-1.cloudone.trendmicro.com
and the legacy domain name:
- agents.deepsecurity.trendmicro.com
If your firewall does not support wild card FQDNs (such as agents*.workload.<region>.cloudone.trendmicro.com ), then instead you must individually allow every FQDN that matches:
Australia:
- agents.workload.au-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
Canada:
- agents.workload.ca-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
Germany:
- agents.workload.de-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
India:
- agents.workload.in-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
Japan:
- agents.workload.jp-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
Singapore:
- agents.workload.sg-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
UK:
- agents.workload.gb-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
USA:
- agents.deepsecurity.trendmicro.com
- agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
|
HTTPS |
Data Center Gateways (if any) |
Workload Security |
The FQDNs for your region:
Australia:
- gateway.workload.au-1.cloudone.trendmicro.com
- gateway-control.workload.au-1.cloudone.trendmicro.com
Canada:
- gateway.workload.ca-1.cloudone.trendmicro.com
- gateway-control.workload.ca-1.cloudone.trendmicro.com
Germany:
- gateway.workload.de-1.cloudone.trendmicro.com
- gateway-control.workload.de-1.cloudone.trendmicro.com
India:
- gateway.workload.in-1.cloudone.trendmicro.com
- gateway-control.workload.in-1.cloudone.trendmicro.com
Japan:
- gateway.workload.jp-1.cloudone.trendmicro.com
- gateway-control.workload.jp-1.cloudone.trendmicro.com
Singapore:
- gateway.workload.sg-1.cloudone.trendmicro.com
- gateway-control.workload.sg-1.cloudone.trendmicro.com
UK:
- gateway.workload.gb-1.cloudone.trendmicro.com
- gateway-control.workload.gb-1.cloudone.trendmicro.com
USA:
- gateway.workload.us-1.cloudone.trendmicro.com
- gateway-control.workload.us-1.cloudone.trendmicro.com
|
HTTPS
|
API clients (if any) |
Workload Security |
The FQDNs for your region:
- Australia: *workload.au-1.cloudone.trendmicro.com
- Canada: *workload.ca-1.cloudone.trendmicro.com
- Germany: *workload.de-1.cloudone.trendmicro.com
- India: *workload.in-1.cloudone.trendmicro.com
- Japan: *workload.jp-1.cloudone.trendmicro.com
- Singapore: *workload.sg-1.cloudone.trendmicro.com
- UK: *workload.gb-1.cloudone.trendmicro.com
- USA: *workload.us-1.cloudone.trendmicro.com
and depending on which API you use, one of the following legacy domain names:
- app.deepsecurity.trendmicro.com/api
- app.deepsecurity.trendmicro.com/webservice/Manager?WSDL (deprecated)
- app.deepsecurity.trendmicro.com/rest (deprecated)
If your web filter does not support wild card FQDNs such as *workload.<region>.cloudone.trendmicro.com , then instead you must individually allow every FQDN that matches:
Australia:
- workload.au-1.cloudone.trendmicro.com
- agents.workload.au-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
- agent-comm.workload.au-1.cloudone.trendmicro.com
- dsmim.workload.au-1.cloudone.trendmicro.com
- relay.workload.au-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
Canada:
- workload.ca-1.cloudone.trendmicro.com
- agents.workload.ca-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
- agent-comm.workload.ca-1.cloudone.trendmicro.com
- dsmim.workload.ca-1.cloudone.trendmicro.com
- relay.workload.ca-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
Germany:
- workload.de-1.cloudone.trendmicro.com
- agents.workload.de-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
- agent-comm.workload.de-1.cloudone.trendmicro.com
- dsmim.workload.de-1.cloudone.trendmicro.com
- relay.workload.de-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
India:
- workload.in-1.cloudone.trendmicro.com
- agents.workload.in-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
- agent-comm.workload.in-1.cloudone.trendmicro.com
- dsmim.workload.in-1.cloudone.trendmicro.com
- relay.workload.in-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
Japan:
- workload.jp-1.cloudone.trendmicro.com
- agents.workload.jp-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
- agent-comm.workload.jp-1.cloudone.trendmicro.com
- dsmim.workload.jp-1.cloudone.trendmicro.com
- relay.workload.jp-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
Singapore:
- workload.sg-1.cloudone.trendmicro.com
- agents.workload.sg-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
- agent-comm.workload.sg-1.cloudone.trendmicro.com
- dsmim.workload.sg-1.cloudone.trendmicro.com
- relay.workload.sg-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
UK:
- workload.gb-1.cloudone.trendmicro.com
- agents.workload.gb-1.cloudone.trendmicro.com
- agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
- agent-comm.workload.gb-1.cloudone.trendmicro.com
- dsmim.workload.gb-1.cloudone.trendmicro.com
- relay.workload.gb-1.cloudone.trendmicro.com
- xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
USA:
- workload.us-1.cloudone.trendmicro.com
- agents.deepsecurity.trendmicro.com
- agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com
- agent-comm.workload.us-1.cloudone.trendmicro.com
- dsmim.deepsecurity.trendmicro.com
- relay.deepsecurity.trendmicro.com
- xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com
|
HTTPS
|
Notification Service |
Workload Security |
The FQDNs for your region:
- Australia: *workload.au-1.cloudone.trendmicro.com
- Canada: *workload.ca-1.cloudone.trendmicro.com
- Germany: *workload.de-1.cloudone.trendmicro.com
- India: *workload.in-1.cloudone.trendmicro.com
- Japan: *workload.jp-1.cloudone.trendmicro.com
- Singapore: *workload.sg-1.cloudone.trendmicro.com
- UK: *workload.gb-1.cloudone.trendmicro.com
- USA: *workload.us-1.cloudone.trendmicro.com
- UAE: *workload.ae-1.cloudone.trendmicro.com
If your firewall does not support wild card FQDNs such as c1ws-notification.<region>.cloudone.trendmicro.com , then you must individually allow every FQDN.
|
HTTPS
|