Views:
This document provides information on Deep Security default port numbers, URLs, IP addresses, and protocols. If a port, URL or IP address is configurable, a link is provided to the relevant configuration page.
Note
Note
If your network uses a proxy or load balancer, you can configure Deep Security to connect to it instead of directly to the components listed on this page. For details, see Configure proxies and Load Balancers.
Note
Note
In addition to the ports on this page, Deep Security uses ephemeral ports when opening a socket (source port). Under rare circumstances these may be blocked, causing connectivity issues. For details, see Activation Failed - Blocked port.

Deep Security port numbers

The following diagram shows the default ports in a Deep Security system:
ports-diagram-onprem-aws-azure=a528b125-58ff-4d08-a778-300681d0e885.png
The following table provides details about the default ports. In this table, ports listed as mandatory must be opened to ensure the proper functioning of the Deep Security system; ports listed as optional may be opened depending on the feature or component you want to deploy; port numbers are referred to as ports.
Port type
Default port number and protocol
Deep Security Agent listening (inbound) port
Mandatory port:
Deep Security Agent outbound ports
Mandatory ports:
  • 53/DNS over TCP or UDP — DNS server port
  • 80/HTTP, 443/HTTPS — Smart Protection Network port, Smart Protection Server for File Reputation , Deep Security Manager port
  • 123/NTP over UDP — NTP server port
Note
Note
When using the AWS AMI and Azure VM versions of the manager, open port 443 instead of port 4119.
Optional ports:
  • 514/Syslog over UDP — SIEM or syslog server port. Allow port 514 if you want the agent to send its security events directly to your SIEM or syslog server. The port number is configurable in the manager.
  • 5274/HTTP, 5275/HTTPS — Smart Protection Server ports for Web Reputation. Ports 5274 and 5275 are only required for Web Reputation, not Firewall. Allow ports 5274 and 5275 if you are hosting a Smart Protection Server in your local network or Virtual Private Network (VPC), instead of having your agents connect to the cloud-based Smart Protection Network over 80/HTTP and 443/HTTPS. For details, see the Smart Protection Server documentation.
Deep Security Relay listening (inbound) ports
  • Allow the agent listening port, since it applies to the relay too
  • 4122/HTTPS — Deep Security Replay port.
  • 4123 — This port is for communication between the agent and its own internal relay.
Deep Security Relay outbound ports
  • 80/HTTP, 443/HTTPS — Trend Micro Update Server/Active Update and Download Center ports
  • 4119/HTTPS — Deep Security Manager GUI and API port.
  • 4122 — Port of other Deep Security Relays.
Deep Security Manager listening (inbound) ports
Mandatory ports:
  • 443/HTTPS — Deep Security VM for Azure Marketplace port
  • 8443/HTTPS — Azure web installer port
Deep Security Manager (outbound ports)
Mandatory ports:
  • 53/DNS over TCP or UDP — DNS server port
  • 80/HTTP, 443/HTTPS — These ports are used by various Deep Security cloud services, Smart Protection Network services, Whois server, AWS API, and Azure API, and Google Cloud Platform (GCP) API) 80 and 443 are configurable depending on the service being accessed. the Whois port.
  • 123/NTP over UDP — NTP server port number. The NTP server can be Trend Micro Apex Central.
  • Deep Security Manager's database server port numbers. Select from:
    • 1433/SQL over TCP or UDP  — Microsoft SQL database port
    • 1433/SQL over TCP — Azure SQL Database port
    • 1521/SQL over TCP — Oracle database port
    • 5432/SQL over TCP — PostgreSQL database port
    • 11000-11999/SQL and 14000-14999/SQL over TCP — These are additional Azure SQL Database ports. Allow ports 11000-11999 and 14000-14999—in addition to 1433—if you are using Azure SQL Database and your Deep Security Manager runs within the Azure cloud boundary. If your manager runs outside the Azure cloud boundary, you only need to allow port 1433 to Azure SQL Database. For details, see this Azure document.
Optional ports:

Deep Security URLs

To restrict the URLs that are allowed in your environment, you need to ensure that your firewall allows traffic from the source to the destinations, as described in the following table. For each FQDN, you have to allow access to its associated HTTP and HTTPS URLs. For example, for the FQDN files.trendmicro.com, allow access to http://files.trendmicro.com:80 and https://files.trendmicro.com:443.
Source
Destination server or service name
Destination fully-qualified domain name (FQDN)
API clients
Deep Security APIs
  • <manager FQDN or IP>:443/webservice/Manager?WSDL
  • <manager FQDN or IP>:443/api
  • <manager FQDN or IP>:443/rest
Legacy REST API clients
Deep Security legacy REST API's Status Monitoring API
  • <manager FQDN or IP>:443/rest/status/manager/ping
Deep Security Manager, Deep Security Agent, Deep Security Relay
Download Center or web server
Hosts software.
  • files.trendmicro.com
Deep Security Manager
Smart Protection Network -
Certified Safe Software Service (CSSS)
Used for event tagging with Integrity Monitoring.
  • grid-global.trendmicro.com
Deep Security Manager
Trend Micro Vision One
Used to Integrate with Trend Micro Vision One.
  • *.xdr.trendmicro.com:443
  • *.xbc.trendmicro.com:443
  • *.mgcp.trendmicro.com:443
  • *.manage.trendmicro.com:443
  • *.xdr.trendmicro.co.jp:443 (for Japanese regions)
Deep Security Agent
Smart Protection Network -
Global Census Service
Used for behavior monitoring, and predictive machine learning.
20.0 and later agents connect to:
  • ds2000-en-census.trendmicro.com
  • ds2000-jp-census.trendmicro.com
12.0 and later agents connect to:
  • ds1200-en-census.trendmicro.com
  • ds1200-jp-census.trendmicro.com
11.0 and later agents connect to:
  • ds1100-en-census.trendmicro.com
  • ds1100-jp-census.trendmicro.com
10.2 and 10.3 agents connect to:
  • ds1020-en-census.trendmicro.com
  • ds1020-jp-census.trendmicro.com
  • ds1020-sc-census.trendmicro.com
10.1 and 10.0 agents connect to:
  • ds1000-en.census.trendmicro.com
  • ds1000-jp.census.trendmicro.com
  • ds1000-sc.census.trendmicro.com
  • ds1000-tc.census.trendmicro.com
Deep Security Agent
Smart Protection Network -
Good File Reputation Service
Used for behavior monitoring, predictive machine learning, and process memory scans.
20.0 and later agents connect to:
  • deepsec20-en.gfrbridge.trendmicro.com
  • deepsec20-jp.gfrbridge.trendmicro.com
12.0 and later agents connect to:
  • deepsec12-en.gfrbridge.trendmicro.com
  • deepsec12-jp.gfrbridge.trendmicro.com
11.0 and later agents connect to:
  • deepsec11-en.gfrbridge.trendmicro.com
  • deepsec11-jp.gfrbridge.trendmicro.com
10.2 and 10.3 agents connect to:
  • deepsec102-en.gfrbridge.trendmicro.com
  • deepsec102-jp.gfrbridge.trendmicro.com
10.1 and 10.0 agents connect to:
  • deepsec10-en.grid-gfr.trendmicro.com
  • deepsec10-jp.grid-gfr.trendmicro.com
  • deepsec10-cn.grid-gfr.trendmicro.com
Deep Security Agent
Smart Protection Network - Smart Feedback
20.0 and later agents connect to:
  • ds200-en.fbs25.trendmicro.com
  • ds200-jp.fbs25.trendmicro.com
12.0 and later agent connect to:
  • ds120-en.fbs25.trendmicro.com
  • ds120-jp.fbs25.trendmicro.com
11.0 and later agents connect to:
  • deepsecurity1100-en.fbs25.trendmicro.com
  • deepsecurity1100-jp.fbs25.trendmicro.com
10.0 agents connect to:
  • deepsecurity1000-en.fbs20.trendmicro.com 
  • deepsecurity1000-jp.fbs20.trendmicro.com
  • deepsecurity1000-sc.fbs20.trendmicro.com
Deep Security Agent
Smart Protection Network - Smart Scan Service
20.0 and later agents connects to:
  • ds20.icrc.trendmicro.com
  • ds20-jp.icrc.trendmicro.com
12.0 and later agents connect to:
  • ds120.icrc.trendmicro.com
  • ds120-jp.icrc.trendmicro.com
11.0 and later agents connect to:
  • ds110.icrc.trendmicro.com
  • ds110-jp.icrc.trendmicro.com
10.2 and 10.3 agents connect to:
  • ds102.icrc.trendmicro.com
  • ds102-jp.icrc.trendmicro.com
  • ds102-sc.icrc.trendmicro.com.cn
10.1 and 10.0 agents connect to:
  • ds10.icrc.trendmicro.com
  • ds10.icrc.trendmicro.com/tmcss/
  • ds10-jp.icrc.trendmicro.com/tmcss/
  • ds10-sc.icrc.trendmicro.com.cn/tmcss/
9.6 and 9.5 agents connect to:
  • iaufdbk.trendmicro.com
  • ds96.icrc.trendmicro.com
  • ds96-jp.icrc.trendmicro.com
  • ds96-sc.icrc.trendmicro.com.cn
  • ds95.icrc.trendmicro.com
  • ds95-jp.icrc.trendmicro.com
  • ds95-sc.icrc.trendmicro.com.cn
Deep Security Agent
Smart Protection Network -
predictive machine learning
20.0 and later agents connect to:
  • ds20-en-b.trx.trendmicro.com
  • ds20-jp-b.trx.trendmicro.com
  • ds20-en-f.trx.trendmicro.com
  • ds20-jp-f.trx.trendmicro.com
12.0 and later agents connect to:
  • ds120-en-b.trx.trendmicro.com
  • ds120-jp-b.trx.trendmicro.com
  • ds120-en-f.trx.trendmicro.com
  • ds120-jp-f.trx.trendmicro.com
11.0 and later agents connect to:
  • ds110-en-b.trx.trendmicro.com
  • ds110-jp-b.trx.trendmicro.com
  • ds110-en-f.trx.trendmicro.com
  • ds110-jp-f.trx.trendmicro.com
10.2 and 10.3 agents connect to:
  • ds102-en-f.trx.trendmicro.com
  • ds102-jp-f.trx.trendmicro.com
  • ds102-sc-f.trx.trendmicro.com
Deep Security Agent
Smart Protection Network - Web Reputation Service
20.0 and later agents connect to:
  • ds20-0-en.url.trendmicro.com
  • ds20-0-jp.url.trendmicro.com
12.0 and later agents connect to:
  • ds12-0-en.url.trendmicro.com
  • ds12-0-jp.url.trendmicro.com
The 11.0 and later agents connect to:
  • ds11-0-en.url.trendmicro.com
  • ds11-0-jp.url.trendmicro.com
10.2 and 10.3 agents connect to:
  • ds10-2-en.url.trendmicro.com
  • ds10-2-sc.url.trendmicro.com.cn
  • ds10-2-jp.url.trendmicro.com
10.1 and 10.0 agents connect to:
  • ds100-en.url.trendmicro.com
  • ds100-sc.url.trendmicro.com
  • ds100-jp.url.trendmicro.com
9.6 and 9.5 agents connect to:
  • ds96-en.url.trendmicro.com
  • ds96-jp.url.trendmicro.com
  • ds95-en.url.trendmicro.com
  • ds95-jp.url.trendmicro.com
Deep Security Manager
Help and support
  • help.deepsecurity.trendmicro.com
  • success.trendmicro.com/product-support/deep-security
Deep Security Manager
Licensing and registration servers
  • licenseupdate.trendmicro.com
  • clp.trendmicro.com
  • olr.trendmicro.com
Deep Security Manager
News feed
  • news.deepsecurity.trendmicro.com
  • news.deepsecurity.trendmicro.com/news.atom
  • news.deepsecurity.trendmicro.com/news_ja.atom
Browser on Deep Security Agent computers, and the computer used to log in to Deep Security Manager
Site Safety
Optional. There are links to the URLs below within the manager UI and on the agent's 'Your administrator has blocked access to this page for your safety' page.
  • sitesafety.trendmicro.com
  • jp.sitesafety.trendmicro.com
Deep Security Relay, and Deep Security Agent
Update Server (also called Active Update)
Hosts security updates.
  • iaus.activeupdate.trendmicro.com
  • iaus.trendmicro.com
  • ipv6-iaus.trendmicro.com
  • ipv6-iaus.activeupdate.trendmicro.com
Deep Security Manager
AWS and Azure URLs
Used for
adding AWS accounts, Azure accounts and Google Cloud Platform (GCP) service accounts to Deep Security Manager.
 
AWS URLs
  • URLs of AWS endpoints listed on this AWS page, under these headings:
    • Amazon Elastic Compute Cloud (Amazon EC2)
    • AWS Security Token Service (AWS STS)
    • AWS Identity and Access Management (IAM)
    • Amazon WorkSpaces
Azure URLs
  • login.windows.net (authentication)
  • login.microsoftonline.com (authentication)
  • management.azure.com (Azure API)
  • login.microsoftonline.us (authentication to Azure Government)
  • management.usgovcloudapi.net (authentication to Azure Government)
  • management.core.windows.net (Azure API)
Note
Note
The management.core.windows.net URL is only required if you used the v1 Azure connector available in Deep Security Manager 9.6 to add an Azure account to the manager. With Deep Security Manager 10.0 and later, a v2 connector is used, and does not require access to this URL.
GCP URLs
  • oauth2.googleapis.com (authentication)
  • googleapis.com (GCP API)
  • cloudresourcemanager.googleapis.com (GCP API)
Deep Security Manager
Telemetry service
Used for protected Deep Security Product Usage Data Collection.
  • telemetry.deepsecurity.trendmicro.com
Deep Security Manager
Activation
Used for activating Deep Security Manager with an activation code and for integrating with Trend Vision One.
  • flywheel.xdr.trendmicro.com