Views:
Service
FQDN
Description
Assessment Service
https://assessment-ap5.mgcp.trendmicro.com
Back-end server
https://release-us1.mgcp.trendmicro.com
Assessment tool download
https://cti-us1.mgcp.trendmicro.com
Windows CTI rules download
Download Center
download.xdr.trendmicro.com
Download center for XDR customer
Endpoint Basecamp
api-ap5.xbc.trendmicro.com
Endpoint Basecamp API gateway
tgw-ap5.mgcp.trendmicro.com
Cloud endpoint telemetry agent API Gateway
release-us1.mgcp.trendmicro.com
Download center for endpoint release package
support-connector-api.manage.trendmicro.com
For SCP API connection
supportconnectorpacks.manage.trendmicro.com
Download center for SCP package
rpcollectedthings.manage.trendmicro.com
To upload SCP result
wsc-ap5.xbc.trendmicro.com
WSC persistent connection
Endpoint Inventory
http://cloudendpoint-ap5.mgcp.trendmicro.com
Agent Portal API Gateway
release-us1.mgcp.trendmicro.com
Download center for endpoint release package
supportconnectorpacks.manage.trendmicro.com
Download center for iES tool and LogCounter
Endpoint Response
er-ws-as1.xdr.trendmicro.com
API Gateway
era-as1.xdr.trendmicro.com
ELB FQDN
Endpoint Policies
endpointpolicy-cdn-ap5.xbc.trendmicro.com
Policy content download Cloudfront CDN
Endpoint Sensor
https://files.trendmicro.com
Download center for XDR Linux Sensor Kernel Module
Feedback Service
matomo.xdr.trendmicro.com
User feedback collection
IDP
tm.login.trendmicro.com
iamservice.trendmicro.com
www.google.com (Google Recaptcha)
www.gstatic.com (Google Recaptcha)
Trend Micro login service for Trend Vision One and Customer Licensing Portal
IDP (Legacy)
sso.in.xdr.trendmicro.com
SSO authentication service (Legacy, redirect to tm.login.trendmicro.com)
IDP (UIC)
login.in.xdr.trendmicro.com
SSO authentication service
In-App Guides
data.analytics.trendmicro.com/
Provides in-app guides and customer feedback data
content.analytics.trendmicro.com
Guide content
Log Receiver
xlogr-as1.xdr.trendmicro.com
XDR log receiver service
Mobile Security
rest-g.mars.trendmicro.com
Mobile application reputation smart query for mobile enterprise security
mint.mars.trendmicro.com
Mobile OS vulnerability query for mobile enterprise security
rest-g-au.mars.trendmicro.com
Mobile pattern update for mobile enterprise security
Network Inventory
api-ni-in.xdr.trendmicro.com
DDI registration to Network Inventory
Portal (UIC)
portal.in.xdr.trendmicro.com
Major portal access to XDR console
Risk Insights Log Receiver (Legacy)
ingestor-in.xdr.trendmicro.com
Log receiver for third-parties using the Trend Micro Risk Insights for Splunk app (migrating to unified log receiver)
Sandbox Analysis
sandbox-threatconnect.trendmicro.com
Provides a web encyclopedia for threat objects
upload.in.xdr.trendmicro.com
Sandbox analysis package file download
Service Platform
api.in.xdr.trendmicro.com
api-cert.in.xdr.trendmicro.com
Public API and other connection services
Upload Center
upload.in.xdr.trendmicro.com
File collection or other services that operate by customer to upload files to XDR

Apex One as a Service FQDNs

Description
FQDN
Apex One SaaS console DNS (refer to license email)
<console_DNS>.manage.trendmicro.com
License server
licenseupdate.trendmicro.com
ActiveUpdate server: Windows
osce14-p.activeupdate.trendmicro.com/activeupdate
ActiveUpdate server: Mac
tmsm35-p.activeupdate.trendmicro.com/activeupdate
ActiveUpdate server: Toolbox
toolbox10-p.activeupdate.trendmicro.com/activeupdate
Apex One Telemetry Service
asm01-nabu-prod.aot.trendmicro.com
api-nabu.aot.trendmicro.com
Global Smart Scan Server for Apex One Agent
osce14.icrc.trendmicro.com/tmcss
Web Rating Service for Apex One Agent
osce14-0-en.url.trendmicro.com
Smart Feedback for Apex One Agent
osce140-en.fbs25.trendmicro.com
Goodware File Reputation Service for Apex One Agent
osce14-en.gfrbridge.trendmicro.com
Community File Reputation Service for Apex One Agent
osce14-en-census.trendmicro.com
Predictive Machine Learning (File) for Apex One Agent
osce140-en-f.trx.trendmicro.com
Predictive Machine Learning (Behavior) for Apex One Agent
osce140-en-b.trx.trendmicro.com
MacOS threat smart query
mcs.trendmicro.com

Service Gateway FQDNs

Description
Service Gateway Version
FQDN
Smart Protection Network (SPN) Proxy for Smart Protection Services
2.0 and later
ctapi.trendmicro.com
Remote Shell for Troubleshooting Service Gateway
2.0 and later
sgi-tunneling.in.xdr.trendmicro.com
Setting Synchronization for Service Gateway
2.0 and later
sgi-iot.in.xdr.trendmicro.com
Web Reputation Service for Smart Protection Services
All versions
sg-tmsps10-en.url.trendmicro.com
Web Inspection Service for Smart Protection Services
All versions
sg-tmsps10-en-wis.trendmicro.com
Community File Reputation Service for Smart Protection Services
All versions
sg-tmsps100-en-census.trendmicro.com
Community Domain/IP Reputation Service for Smart Protection Services
All versions
sg-tmsps100-en-domaincensus.trendmicro.com
Certified Safe Software Service for Smart Protection Services
All versions
grid-global.trendmicro.com
Mobile App Reputation Service for Smart Protection Services
All versions
rest.mars.trendmicro.com
Goodware File Reputation Service for Smart Protection Services
All versions
sg-tmsps10-en.gfrbridge.trendmicro.com
Service Gateway internal Smart Protection Server
All versions
sg-tmsps10-p.activeupdate.trendmicro.com/activeupdate/
Firmware update for Service Gateway virtual appliance
1.0
as1-external.asg.xdr.trendmicro.com
Services update for Service Gateway virtual appliance, such as Smart Protection Services, ActiveUpdate service, SO List synch service and Third-party intelligence sync service etc.
1.0
049597112809.dkr.ecr.ap-south-1.amazonaws.com
Notification/push channel for Service Gateway virtual appliance.
1.0
a1v3de23inj3up-ats.iot.ap-south-1.amazonaws.com
Debug log collection via CLI and firmware update package for Service Gateway virtual appliance.
1.0
in-v1-sg-cdt-log.s3.ap-south-1.amazonaws.com

Global ActiveUpdate URLs for Service Gateway

Product/Service
Version
ActiveUpdate URL
Apex One
All versions
osce14-p.activeupdate.trendmicro.com/activeupdate
Deep Discovery Inspector
For all versions, replace "<version>" in the FQDN with your Deep Discovery Inspector version number without the period.
For example, if your Deep Discovery Inspector version is 6.5, use the FQDN: ddi65-p.activeupdate.trendmicro.com/activeupdate
ddi<version>-p.activeupdate.trendmicro.com/activeupdate
6.2
ddi62-p.activeupdate.trendmicro.com/activeupdate
6.0
ddi60-p.activeupdate.trendmicro.com/activeupdate
5.8
ddi58-p.activeupdate.trendmicro.com/activeupdate
5.7
ddi57-p.activeupdate.trendmicro.com/activeupdate
5.6
ddi56-p.activeupdate.trendmicro.com/activeupdate
Deep Security
All versions
ipv6-iaus.trendmicro.com/iau_server.dll
OfficeScan
XG
osce12-p.activeupdate.trendmicro.com/activeupdate
11.0
osce11-p.activeupdate.trendmicro.com/activeupdate

Zero Trust Secure Access FQDNs/IP Addresses

Description
FQDN/IP Address
Port
Used By
Internet Access - Client Access
Internet Access - PAC Mode
Private Access - Client Access
Private Access - Browser Access
Private Access Connector
Secure Access Module download and upgrade
prod.ztsaagent.trendmicro.com
TCP: 443
 
   
Secure Access Module User Behavior Tracking data feedback
event-in.ztsaagent.trendmicro.com
TCP: 443
 
   
Secure Access Module debug log upload
upload.in.xdr.trendmicro.com
TCP: 443
 
   
Internet Access Gateway Proxy Address
proxy.ztsa-iag.trendmicro.com
proxy.in.ztsa-iag.trendmicro.com
TCP: 80/443
     
Internet Access On-Premises Gateway (via Service Gateway) Proxy Address
FQDN or IP address of the on-premise gateway
TCP: 8088
     
Internet Access On-Premises Gateway (via Service Gateway) NTLM Auth Proxy Address
FQDN or IP address of the on-premise gateway
TCP: 8089
     
Internet Access On-Premises Gateway (via Service Gateway) ICAP Service Address
FQDN or IP address of the on-premise gateway
TCP: 1344/11344
         
Internet Access Gateway PAC file location
pac.in.ztsa-iag.trendmicro.com
TCP: 80/443
     
General authentication services
  • signin.v1.trendmicro.com (Foundation Services update)
  • tm.login.trendmicro.com
  • iamservice.trendmicro.com
  • Other custom IDP services
Google reCAPTCHA:
  • www.gstatic.com
  • fonts.gstatic.com
  • Plus one of the following:
    • www.google.com (recommended)
    • www.recaptcha.net
TCP: 443
         
Internet Access Gateway authentication service used for:
  • Browser-based or agent-less authentication
  • Diagnostic services
  • Integration with Secure Access modules for retrieving PAC files and other necessary information
auth.ztsa-iag.trendmicro.com
auth.in.ztsa-iag.trendmicro.com
TCP: 80/443
 
     
Private Access service accessed by Secure Access Module and Private Access Connector
agent-in-rel.ztna.trendmicro.com
TCP: 443
 
Private Access Connector download by users
download-in-rel.ztna.trendmicro.com
TCP: 443
         
Private Access Connector CDT collect
saseztnaprodinsagen2.blob.core.windows.net
TCP: 443
UDP: 443
       
Private Access Connector firmware upgrade
saseztnaprodinsa.blob.core.windows.net
ztnaextacr.azurecr.io
TCP: 443
UDP: 443
       
Microsoft Azure IoT Hub
sase-ztna-prod-in-iothub-cntevt.azure-devices.net
TCP: 443
UDP: 443
   
 
Speed test for Secure Access Module, Private Access Connector, and Private Access User Portal
Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following FQDNs:
  • speedtest.anz.ztna.trendmicro.com
  • speedtest.eu.ztna.trendmicro.com
  • speedtest.in.ztna.trendmicro.com
  • speedtest.jp.ztna.trendmicro.com
  • speedtest.sg.ztna.trendmicro.com
  • speedtest.us.ztna.trendmicro.com
  • speedtest.br.ztna.trendmicro.com
  • speedtest.mea.ztna.trendmicro.com
  • speedtest.is.ztna.trendmicro.com
  • speedtest.sa.ztna.trendmicro.com
  • speedtest.uk.ztna.trendmicro.com
TCP: 443
   
Private Access Static IP Pool of Cloud Relay Service
Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following IP pools:
  • 20.5.69.128/28 (for Australia)
  • 20.4.51.32/28 (for Europe)
  • 20.219.254.160/28 (for India)
  • 52.140.246.128/28 (for Japan)
  • 52.187.118.64/28 (for Singapore)
  • 20.7.52.240/28 (for United States)
  • 4.228.193.144/28 (for Brazil)
  • 20.74.229.224/28 (for MEA)
  • 20.217.194.0/28 (for Israel)
  • 4.168.219.16/28 (for South Africa)
  • 20.58.44.64/28 (for United Kingdom)
TCP: 443
UDP: 443
   
Private Access Browser Access End User Portal
{Customer_Specified}.myapplications.in.ztna.trendmicro.com
TCP: 443
     
 
Private Access Browser Access Proxy
{Customer_Specified}.edge.in.ztna.trendmicro.com
TCP: 443
TCP: 80
     
 
Private Access Browser Access Proxy for Remote Desktop (RDP)
{Customer_Specified}.rdgw.in.ztna.trendmicro.com
TCP: 443
TCP: 80
     
 
Private Access Connector NTP server
Default NTP servers are listed as follows. You can configure your own NTP servers.
  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • 3.pool.ntp.org
UDP: 123
       
P2P communication between Private Access Connector and Secure Access Module
Peer's internet IP address
UDP: random port number, greater than 10000