This document provides information on Deep Security default port numbers, URLs, IP
addresses, and protocols. If a port, URL or IP address is configurable, a link is
provided to the relevant configuration page.
![]() |
NoteIf your network uses a proxy or load balancer, you can configure Deep Security to
connect to it instead of directly to the components listed on this page. For details,
see Configure proxies and Load Balancers.
|
![]() |
NoteIn addition to the ports on this page, Deep Security uses ephemeral ports when opening a socket (source port). Under rare circumstances these may be blocked,
causing connectivity issues. For details, see Activation Failed - Blocked port.
|
Deep Security port numbers
The following diagram shows the default ports in a Deep Security system:

The following table provides details about the default ports. In this table, ports
listed as mandatory must be opened to ensure the proper functioning of the Deep Security
system; ports listed as optional may be opened depending on the feature or component
you want to deploy; port numbers are referred to as ports.
Port type
|
Default port number and protocol
|
||
Deep Security Agent listening
(inbound) port
|
Mandatory port:
|
||
Deep Security Agent outbound ports
|
Mandatory ports:
Optional ports:
|
||
Deep Security Relay listening (inbound) ports
|
|
||
Deep Security Relay outbound ports
|
|
||
Deep Security Manager listening (inbound) ports
|
Mandatory ports:
|
||
Deep Security Manager (outbound ports)
|
Mandatory ports:
Optional ports:
|
Deep Security URLs
To restrict the URLs that are allowed in your environment, you need to ensure that
your firewall allows traffic from the source to the destinations, as described in
the following table. For each FQDN, you have to allow access to its associated HTTP
and HTTPS URLs. For example, for the FQDN
files.trendmicro.com
, allow access to http://files.trendmicro.com:80
and https://files.trendmicro.com:443
.
Source
|
Destination server or service name
|
Destination fully-qualified domain name (FQDN)
|
||
API clients
|
Deep Security APIs
|
|
||
Legacy REST API clients
|
Deep Security legacy REST API's Status Monitoring API
|
|
||
Deep Security Manager, Deep Security Agent, Deep Security Relay
|
Download Center or web
server
Hosts software.
|
|
||
Deep Security Manager
|
Smart Protection Network -
Certified Safe Software Service (CSSS)
Used for event tagging with Integrity Monitoring.
|
|
||
Deep Security Manager
|
Trend Micro Vision One
|
|
||
Deep Security Agent
|
Smart Protection Network -
Global Census Service
Used for behavior monitoring, and predictive machine learning.
|
20.0 and later agents connect
to:
12.0 and later agents connect
to:
11.0 and later agents connect
to:
10.2 and 10.3 agents connect
to:
10.1 and 10.0 agents connect
to:
|
||
Deep Security Agent
|
Smart Protection Network -
Good File Reputation Service
|
20.0 and later agents connect
to:
12.0 and later agents connect
to:
11.0 and later agents connect
to:
10.2 and 10.3 agents connect
to:
10.1 and 10.0 agents connect
to:
|
||
Deep Security Agent
|
Smart Protection Network - Smart Feedback
|
20.0 and later agents connect
to:
12.0 and later agent connect
to:
11.0 and later agents connect
to:
10.0 agents connect to:
|
||
Deep Security Agent
|
Smart Protection Network - Smart Scan Service
|
20.0 and later agents
connects to:
12.0 and later agents connect
to:
11.0 and later agents connect
to:
10.2 and 10.3 agents connect
to:
10.1 and 10.0 agents connect
to:
9.6 and 9.5 agents connect
to:
|
||
Deep Security Agent
|
Smart Protection Network -
|
20.0 and later agents connect
to:
12.0 and later agents connect
to:
11.0 and later agents connect
to:
10.2 and 10.3 agents connect
to:
|
||
Deep Security Agent
|
Smart Protection Network - Web Reputation Service
|
20.0 and later agents connect
to:
12.0 and later agents connect
to:
The 11.0 and later agents
connect to:
10.2 and 10.3 agents connect
to:
10.1 and 10.0 agents connect
to:
9.6 and 9.5 agents connect
to:
|
||
Deep Security Manager
|
Help and support
|
|
||
Deep Security Manager
|
Licensing and registration servers
|
|
||
Deep Security Manager
|
News feed
|
|
||
Browser on Deep Security Agent computers, and the computer used to log in to Deep
Security Manager
|
Optional. There are links to the URLs below within the manager UI and on the
agent's 'Your administrator has blocked access to this page for your safety'
page.
|
|||
Deep Security Relay, and Deep Security Agent
|
Update Server (also called Active Update)
Hosts security updates.
|
|
||
Deep Security Manager
|
AWS and Azure URLs
Used for
adding AWS
accounts, Azure accounts and Google Cloud Platform
(GCP) service accounts to Deep Security Manager.
|
AWS URLs
Azure URLs
GCP URLs
|
||
Deep Security Manager
|
Telemetry service
Used for protected Deep Security
Product Usage Data Collection.
|
|
||
Deep Security Manager
|
Activation
Used for activating Deep Security Manager with an
activation code and for integrating with Trend Vision One.
|
|