Table of contents
Topics on this page
Required Workload Security IP addresses and port numbers
Required Workload Security URLs

Port numbers, URLs, and IP addresses

Workload Security components communicate over your network. They use:

Before deployment, your network administrator might need to configure firewalls, AWS security groups, and web proxies to allow those network services.

Default settings are shown. Many network settings are configurable. For example, if your network has a web proxy, you could configure agents to connect through it on port 1443, instead of directly to Workload Security on port 443. If you change the default settings, then firewalls must allow communications via the new settings instead.

For a basic overview, see the network diagram below. For details, see the required port numbers, IP addresses, and URLs tables after the diagram. Network diagram of default source addresses, destination addresses, and destination ports that are also described in the tables

Required Workload Security IP addresses and port numbers

The table below is organized by source address (the deployment component which starts the TCP connection or UDP session). Replies (packets in the same connection but opposite direction, from the destination address) usually must be allowed, too.

Workload Security servers usually have dynamic IP addresses (that is, other computers in your deployment use DNS queries to find the current IP address of a Workload Security FQDN when required). For the list of Workload Security domain names, see Required Workload Security URLs.

Some ports are required only if you use specific components and features. Some services might have static IP addresses. These exceptions and optional features are indicated.

All ports in the table are destination ports (also called listening ports). Like many software, Workload Security also uses a range of dynamic, ephemeral source ports when opening a socket. Rarely, ephemeral source ports might be blocked, which causes connectivity issues. If that happens, then you must also open the source ports.

Source
Address		 Destination
Address		 Port
(Default)		 Protocol
Administrator's computer DNS server 53 DNS over UDP
NTP server 123 NTP over UDP

Workload Security

Accounts created before 2020-11-23: 

Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.



Console (GUI)

34.196.38.94

34.198.27.224

34.198.6.142

34.205.210.199

34.205.219.175

34.205.239.162

34.226.116.82

34.233.153.57

35.153.222.175

35.169.254.68

35.169.43.208

35.172.176.62

50.17.162.194

52.0.124.201

52.0.33.128

52.202.124.22

52.207.138.122

52.22.162.229

52.3.171.31

52.72.111.249

52.72.211.36

52.87.46.150

54.175.211.84

54.80.120.113

 443 HTTPS over TCP
Workload Security

Subnets:


Australia:
  • 3.26.127.96/27
Canada:
  • 3.99.65.64/27
Germany:
  • 3.69.198.64/27
India:
  • 3.108.13.32/27
Japan:
  • 35.75.131.96/27
Singapore:
  • 13.214.15.0/27
UK:
  • 18.169.230.160/27
USA:
  • 34.205.5.0/27
 SIEM or Syslog server
(if any) 		514 Syslog over UDP
SIEM or Syslog server
(if any) 		6514 Syslog over TLS

Agents,
Relays
(if any)

Only required if you enable bidirectional or manager-initiated communication.

 4118 HTTPS over TCP
Agents DNS server 53 DNS over UDP
NTP server 123 NTP over UDP
SIEM or Syslog server
(if any)		 514 Syslog over UDP

Workload Security

Accounts created before 2020-11-23: 

Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.



Console (GUI)

34.196.38.94

34.198.27.224

34.198.6.142

34.205.210.199

34.205.219.175

34.205.239.162

34.226.116.82

34.233.153.57

35.153.222.175

35.169.254.68

35.169.43.208

35.172.176.62

50.17.162.194

52.0.124.201

52.0.33.128

52.202.124.22

52.207.138.122

52.22.162.229

52.3.171.31

52.72.111.249

52.72.211.36

52.87.46.150

54.175.211.84

54.80.120.113



Activation and heartbeat

34.192.67.219

34.196.25.105

34.199.44.254

34.204.244.61

34.206.23.113

34.206.95.140

34.206.146.6

34.206.215.233

52.23.102.52

52.54.141.100

52.54.240.176

54.86.2.200



Fast heartbeat

34.192.145.157

34.199.111.255

34.204.221.63

34.206.179.241

52.44.129.132

52.45.95.227

52.55.183.116

52.73.88.81

52.202.143.169

52.206.208.21

54.208.106.230

54.152.108.196

54.85.86.247

18.204.77.2

54.84.198.181

52.0.58.66

52.6.19.160

18.233.125.165

34.227.134.223

52.73.122.26

34.233.252.54

34.236.163.142

52.44.40.85

3.209.15.127

52.70.113.18

3.210.118.160

54.175.77.19

3.225.117.164

54.224.63.108

52.72.213.26

18.235.177.174

34.203.45.194

54.165.185.17

 443 HTTPS over TCP
Relays
(if any)		 4122 HTTPS over TCP
Smart Protection Network 80 HTTP over TCP
443 HTTPS over TCP
Smart Protection Server
(if any, instead of Smart Protection Network, for File Reputation feature)		 80 HTTP over TCP
443 HTTPS over TCP
Smart Protection Server
(if any, instead of Smart Protection Network, for Web Reputation feature)		 5274 HTTP over TCP
5275 HTTPS over TCP
Relays
(if any) 		All destination addresses, ports, and protocols required by agents (each relay contains an agent)
Other relays
(if any)		 4122 HTTPS over TCP

Localhost
(on relays, its agent connects locally, not to a remote relay)

Only configure if the server's other software uses the same port (a port conflict), or if host firewalls such as iptables or Windows Firewall block localhost connections (server connecting internally to itself). Network firewalls do not need to allow this port because localhost connections do not reach the network.

 4123 N/A

Trend Micro Update Server / Active Update

Accounts created before 2020-11-23: 

Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.



3.210.17.243

3.222.238.73

18.205.30.1

18.210.96.90

34.193.172.66

34.194.74.60

34.196.197.189

34.204.219.38

34.204.220.78

34.205.83.195

34.227.254.106

34.232.200.81

52.2.63.133

52.3.39.108

52.4.197.109

52.20.8.32

52.21.149.243

52.44.144.238

52.55.188.35

52.201.199.128

52.204.10.77

52.206.54.30

52.206.193.178

52.207.18.27

54.86.152.157

54.87.173.241

54.144.77.16

54.156.82.102

54.160.187.232

54.165.40.223

54.165.117.76

54.174.156.3

54.175.39.189

54.210.11.136

54.211.23.144

54.221.238.214

174.129.163.104

 80 HTTP over TCP
443 HTTP over TCP

Download Center,
or its mirror on a local web server
(if any)

Accounts created before 2020-11-23: 

Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created.



3.210.17.243

3.222.238.73

18.205.30.1

18.210.96.90

34.193.172.66

34.194.74.60

34.196.197.189

34.204.219.38

34.204.220.78

34.205.83.195

34.227.254.106

34.232.200.81

52.2.63.133

52.3.39.108

52.4.197.109

52.20.8.32

52.21.149.243

52.44.144.238

52.55.188.35

52.201.199.128

52.204.10.77

52.206.54.30

52.206.193.178

52.207.18.27

54.86.152.157

54.87.173.241

54.144.77.16

54.156.82.102

54.160.187.232

54.165.40.223

54.165.117.76

54.174.156.3

54.175.39.189

54.210.11.136

54.211.23.144

54.221.238.214

174.129.163.104

 443 HTTPS over TCP
Data Center Gateways
(if any) 		DNS server 53 DNS over UDP
NTP server 123 NTP over UDP
Workload Security 443 HTTPS over TCP
VMware vCenter 443 HTTPS over TCP
Microsoft Active Directory 389 STARTTLS and LDAP over TCP and UDP
636 LDAPS over TCP and UDP
API clients
(if any) 		Workload Security 443 HTTPS over TCP

Required Workload Security URLs

Web proxies and URL filters can inspect the HTTP layer of connections: valid certificates, URL (such as /index), fully-qualified domain name (FQDN) (such as Host: store.example.com:8080), and more. Allow all URLs on each FQDN below.

For example, agents and relays must be able to download software updates from files.trendmicro.com on port 80 or 443. You have allowed that TCP/IP connection on your firewall. However, the connection contains the HTTP or HTTPS protocol, which web proxies and web filters can block -- not only firewalls. So you must configure them, too, to allow https://files.trendmicro.com/ or http://files.trendmicro.com/ and all sub-URLs.

Some FQDNs are required only if you use specific components and features. These optional components and features are indicated.

Source Address Destination Address Host FQDN Protocols
Agents,
Relays
(if any)

Workload Security
Agent 20.0 build 1541 and later:

The FQDNs for your region:


  • Australia: *workload.au-1.cloudone.trendmicro.com
  • Canada: *workload.ca-1.cloudone.trendmicro.com
  • Germany: *workload.de-1.cloudone.trendmicro.com
  • India: *workload.in-1.cloudone.trendmicro.com
  • Japan: *workload.jp-1.cloudone.trendmicro.com
  • Singapore: *workload.sg-1.cloudone.trendmicro.com
  • UK: *workload.gb-1.cloudone.trendmicro.com
  • USA: *workload.us-1.cloudone.trendmicro.com
If your firewall does not support wild card FQDNs (such as *workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
Australia:
  • workload.au-1.cloudone.trendmicro.com
  • agents.workload.au-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
  • agent-comm.workload.au-1.cloudone.trendmicro.com
  • dsmim.workload.au-1.cloudone.trendmicro.com
  • relay.workload.au-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
Canada:
  • workload.ca-1.cloudone.trendmicro.com
  • agents.workload.ca-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
  • agent-comm.workload.ca-1.cloudone.trendmicro.com
  • dsmim.workload.ca-1.cloudone.trendmicro.com
  • relay.workload.ca-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
Germany:
  • workload.de-1.cloudone.trendmicro.com
  • agents.workload.de-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
  • agent-comm.workload.de-1.cloudone.trendmicro.com
  • dsmim.workload.de-1.cloudone.trendmicro.com
  • relay.workload.de-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
India:
  • workload.in-1.cloudone.trendmicro.com
  • agents.workload.in-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
  • agent-comm.workload.in-1.cloudone.trendmicro.com
  • dsmim.workload.in-1.cloudone.trendmicro.com
  • relay.workload.in-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
Japan:
  • workload.jp-1.cloudone.trendmicro.com
  • agents.workload.jp-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
  • agent-comm.workload.jp-1.cloudone.trendmicro.com
  • dsmim.workload.jp-1.cloudone.trendmicro.com
  • relay.workload.jp-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
Singapore:
  • workload.sg-1.cloudone.trendmicro.com
  • agents.workload.sg-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
  • agent-comm.workload.sg-1.cloudone.trendmicro.com
  • dsmim.workload.sg-1.cloudone.trendmicro.com
  • relay.workload.sg-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
UK:
  • workload.gb-1.cloudone.trendmicro.com
  • agents.workload.gb-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
  • agent-comm.workload.gb-1.cloudone.trendmicro.com
  • dsmim.workload.gb-1.cloudone.trendmicro.com
  • relay.workload.gb-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
USA:
  • workload.us-1.cloudone.trendmicro.com
  • agents.workload.us-1.cloudone.trendmicro.com
  • agents-001 through agents-099.workload.us-1.cloudone.trendmicro.com
  • agent-comm.workload.us-1.cloudone.trendmicro.com
  • dsmim.workload.us-1.cloudone.trendmicro.com
  • relay.workload.us-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com
Agent 20.0 build 1540 and earlier:

The FQDNs for your region:


  • Australia: *workload.au-1.cloudone.trendmicro.com
  • Canada: *workload.ca-1.cloudone.trendmicro.com
  • Germany: *workload.de-1.cloudone.trendmicro.com
  • India: *workload.in-1.cloudone.trendmicro.com
  • Japan: *workload.jp-1.cloudone.trendmicro.com
  • Singapore: *workload.sg-1.cloudone.trendmicro.com
  • UK: *workload.gb-1.cloudone.trendmicro.com
  • USA: *workload.us-1.cloudone.trendmicro.com

and the legacy domain names:

  • app.deepsecurity.trendmicro.com
  • agents.deepsecurity.trendmicro.com
  • dsmim.deepsecurity.trendmicro.com
  • relay.deepsecurity.trendmicro.com
If your firewall does not support wild card FQDNs (such as *workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
Australia:
  • workload.au-1.cloudone.trendmicro.com
  • agents.workload.au-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
  • agent-comm.workload.au-1.cloudone.trendmicro.com
  • dsmim.workload.au-1.cloudone.trendmicro.com
  • relay.workload.au-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
Canada:
  • workload.ca-1.cloudone.trendmicro.com
  • agents.workload.ca-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
  • agent-comm.workload.ca-1.cloudone.trendmicro.com
  • dsmim.workload.ca-1.cloudone.trendmicro.com
  • relay.workload.ca-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
Germany:
  • workload.de-1.cloudone.trendmicro.com
  • agents.workload.de-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
  • agent-comm.workload.de-1.cloudone.trendmicro.com
  • dsmim.workload.de-1.cloudone.trendmicro.com
  • relay.workload.de-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
India:
  • workload.in-1.cloudone.trendmicro.com
  • agents.workload.in-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
  • agent-comm.workload.in-1.cloudone.trendmicro.com
  • dsmim.workload.in-1.cloudone.trendmicro.com
  • relay.workload.in-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
Japan:
  • workload.jp-1.cloudone.trendmicro.com
  • agents.workload.jp-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
  • agent-comm.workload.jp-1.cloudone.trendmicro.com
  • dsmim.workload.jp-1.cloudone.trendmicro.com
  • relay.workload.jp-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
Singapore:
  • workload.sg-1.cloudone.trendmicro.com
  • agents.workload.sg-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
  • agent-comm.workload.sg-1.cloudone.trendmicro.com
  • dsmim.workload.sg-1.cloudone.trendmicro.com
  • relay.workload.sg-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
UK:
  • workload.gb-1.cloudone.trendmicro.com
  • agents.workload.gb-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
  • agent-comm.workload.gb-1.cloudone.trendmicro.com
  • dsmim.workload.gb-1.cloudone.trendmicro.com
  • relay.workload.gb-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
USA:
  • workload.us-1.cloudone.trendmicro.com
  • agents.workload.us-1.cloudone.trendmicro.com
  • agents-001 through agents-099.workload.us-1.cloudone.trendmicro.com
  • agent-comm.workload.us-1.cloudone.trendmicro.com
  • dsmim.workload.us-1.cloudone.trendmicro.com
  • relay.workload.us-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com

HTTPS

HTTP

Download Center,
or its mirror on a local web server
(if any)
  • files.trendmicro.com
    or the local web server's FQDN

HTTPS

HTTP

Trend Micro Update Server / Active Update
  • iaus.activeupdate.trendmicro.com
  • iaus.trendmicro.com
  • ipv6-iaus.trendmicro.com
  • ipv6-iaus.activeupdate.trendmicro.com

HTTPS

HTTP
Agents Smart Protection Network
  • dsaas1100-en-census.trendmicro.com

Only required for the Global Census feature's behavior monitoring, and predictive machine learning.

HTTPS

HTTP
Agent 20.0 and later:
  • ds200-en.fbs25.trendmicro.com
  • ds200-jp.fbs25.trendmicro.com
Agent 12.0:
  • ds120-en.fbs25.trendmicro.com
  • ds120-jp.fbs25.trendmicro.com
Agent 11.0:
  • deepsecurity1100-en.fbs25.trendmicro.com
  • deepsecurity1100-jp.fbs25.trendmicro.com
Agent 10.0:
  • deepsecurity1000-en.fbs20.trendmicro.com
  • deepsecurity1000-jp.fbs20.trendmicro.com
  • deepsecurity1000-sc.fbs20.trendmicro.com

Only required for Smart Feedback.

HTTPS

HTTP
  • dsaas.icrc.trendmicro.com

Only required for the Smart Scan feature.

HTTPS

HTTP
  • dsaas-en-f.trx.trendmicro.com
  • dsaas-en-b.trx.trendmicro.com

Only required for predictive machine learning.

HTTPS

HTTP
  • deepsecaas11-en.gfrbridge.trendmicro.com

Only required for the File Reputation feature's behavior monitoring, predictive machine learning, and process memory scans.

HTTPS

HTTP
  • dsaas.url.trendmicro.com

Only required for the Web Reputation feature.

HTTPS

HTTP
Smart Protection Server
(if any, instead of Smart Protection Network)
  • Your Smart Protection Server's FQDN

Only required for the File Reputation and Web Reputation features. Other features still require the Smart Protection Network, and cannot use this local server.

HTTPS

HTTP
Workload Security

Agents,
Relays
(if any)

Only required if you enable bidirectional or manager-initiated communication.
Agent 20.0 build 1559 and later:

The FQDNs for your region:


  • Australia: agents*.workload.au-1.cloudone.trendmicro.com
  • Canada: agents*.workload.ca-1.cloudone.trendmicro.com
  • Germany: agents*.workload.de-1.cloudone.trendmicro.com
  • India: agents*.workload.in-1.cloudone.trendmicro.com
  • Japan: agents*.workload.jp-1.cloudone.trendmicro.com
  • Singapore: agents*.workload.sg-1.cloudone.trendmicro.com
  • UK: agents*.workload.gb-1.cloudone.trendmicro.com
  • USA: agents*.workload.us-1.cloudone.trendmicro.com
If your firewall does not support wild card FQDNs (such as agents*.workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
Australia:
  • agents.workload.au-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
Canada:
  • agents.workload.ca-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
Germany:
  • agents.workload.de-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
India:
  • agents.workload.in-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
Japan:
  • agents.workload.jp-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
Singapore:
  • agents.workload.sg-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
UK:
  • agents.workload.gb-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
USA:
  • agents.workload.us-1.cloudone.trendmicro.com
  • agents-001 through agents-099.workload.us-1.cloudone.trendmicro.com
Agent 20.0 build 1558 and earlier:

The FQDNs for your region:


  • Australia: agents*.workload.au-1.cloudone.trendmicro.com
  • Canada: agents*.workload.ca-1.cloudone.trendmicro.com
  • Germany: agents*.workload.de-1.cloudone.trendmicro.com
  • India: agents*.workload.in-1.cloudone.trendmicro.com
  • Japan: agents*.workload.jp-1.cloudone.trendmicro.com
  • Singapore: agents*.workload.sg-1.cloudone.trendmicro.com
  • UK: agents*.workload.gb-1.cloudone.trendmicro.com
  • USA: agents*.workload.us-1.cloudone.trendmicro.com

and the legacy domain name:

  • agents.deepsecurity.trendmicro.com
If your firewall does not support wild card FQDNs (such as agents*.workload.<region>.cloudone.trendmicro.com), then instead you must individually allow every FQDN that matches: 
Australia:
  • agents.workload.au-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
Canada:
  • agents.workload.ca-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
Germany:
  • agents.workload.de-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
India:
  • agents.workload.in-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
Japan:
  • agents.workload.jp-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
Singapore:
  • agents.workload.sg-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
UK:
  • agents.workload.gb-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
USA:
  • agents.workload.us-1.cloudone.trendmicro.com
  • agents-001 through agents-099.workload.us-1.cloudone.trendmicro.com
 HTTPS
Data Center Gateways
(if any)		 Workload Security

The FQDNs for your region:

Australia:
  • gateway.workload.au-1.cloudone.trendmicro.com
  • gateway-control.workload.au-1.cloudone.trendmicro.com
Canada:
  • gateway.workload.ca-1.cloudone.trendmicro.com
  • gateway-control.workload.ca-1.cloudone.trendmicro.com
Germany:
  • gateway.workload.de-1.cloudone.trendmicro.com
  • gateway-control.workload.de-1.cloudone.trendmicro.com
India:
  • gateway.workload.in-1.cloudone.trendmicro.com
  • gateway-control.workload.in-1.cloudone.trendmicro.com
Japan:
  • gateway.workload.jp-1.cloudone.trendmicro.com
  • gateway-control.workload.jp-1.cloudone.trendmicro.com
Singapore:
  • gateway.workload.sg-1.cloudone.trendmicro.com
  • gateway-control.workload.sg-1.cloudone.trendmicro.com
UK:
  • gateway.workload.gb-1.cloudone.trendmicro.com
  • gateway-control.workload.gb-1.cloudone.trendmicro.com
USA:
  • gateway.workload.us-1.cloudone.trendmicro.com
  • gateway-control.workload.us-1.cloudone.trendmicro.com

HTTPS
API clients
(if any)		 Workload Security

The FQDNs for your region:


  • Australia: *workload.au-1.cloudone.trendmicro.com
  • Canada: *workload.ca-1.cloudone.trendmicro.com
  • Germany: *workload.de-1.cloudone.trendmicro.com
  • India: *workload.in-1.cloudone.trendmicro.com
  • Japan: *workload.jp-1.cloudone.trendmicro.com
  • Singapore: *workload.sg-1.cloudone.trendmicro.com
  • UK: *workload.gb-1.cloudone.trendmicro.com
  • USA: *workload.us-1.cloudone.trendmicro.com

and depending on which API you use, one of the following legacy domain names:

  • app.deepsecurity.trendmicro.com/api
  • app.deepsecurity.trendmicro.com/webservice/Manager?WSDL (deprecated)
  • app.deepsecurity.trendmicro.com/rest (deprecated)
If your web filter does not support wild card FQDNs such as *workload.<region>.cloudone.trendmicro.com, then instead you must individually allow every FQDN that matches: 
Australia:
  • workload.au-1.cloudone.trendmicro.com
  • agents.workload.au-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com
  • agent-comm.workload.au-1.cloudone.trendmicro.com
  • dsmim.workload.au-1.cloudone.trendmicro.com
  • relay.workload.au-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com
Canada:
  • workload.ca-1.cloudone.trendmicro.com
  • agents.workload.ca-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com
  • agent-comm.workload.ca-1.cloudone.trendmicro.com
  • dsmim.workload.ca-1.cloudone.trendmicro.com
  • relay.workload.ca-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com
Germany:
  • workload.de-1.cloudone.trendmicro.com
  • agents.workload.de-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com
  • agent-comm.workload.de-1.cloudone.trendmicro.com
  • dsmim.workload.de-1.cloudone.trendmicro.com
  • relay.workload.de-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com
India:
  • workload.in-1.cloudone.trendmicro.com
  • agents.workload.in-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com
  • agent-comm.workload.in-1.cloudone.trendmicro.com
  • dsmim.workload.in-1.cloudone.trendmicro.com
  • relay.workload.in-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
Japan:
  • workload.jp-1.cloudone.trendmicro.com
  • agents.workload.jp-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
  • agent-comm.workload.jp-1.cloudone.trendmicro.com
  • dsmim.workload.jp-1.cloudone.trendmicro.com
  • relay.workload.jp-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
Singapore:
  • workload.sg-1.cloudone.trendmicro.com
  • agents.workload.sg-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com
  • agent-comm.workload.sg-1.cloudone.trendmicro.com
  • dsmim.workload.sg-1.cloudone.trendmicro.com
  • relay.workload.sg-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com
UK:
  • workload.gb-1.cloudone.trendmicro.com
  • agents.workload.gb-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com
  • agent-comm.workload.gb-1.cloudone.trendmicro.com
  • dsmim.workload.gb-1.cloudone.trendmicro.com
  • relay.workload.gb-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com
USA:
  • workload.us-1.cloudone.trendmicro.com
  • agents.workload.us-1.cloudone.trendmicro.com
  • agents-001 through agents-099.workload.us-1.cloudone.trendmicro.com
  • agent-comm.workload.us-1.cloudone.trendmicro.com
  • dsmim.workload.us-1.cloudone.trendmicro.com
  • relay.workload.us-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com

HTTPS