Views:

Zero Trust Secure Access FQDNs/IP Addresses

Description
FQDN/IP Address
Port
Used By
Internet Access - Client Access
Internet Access - PAC Mode
Private Access - Client Access
Private Access - Browser Access
Private Access Connector
Secure Access Module download and upgrade
prod.ztsaagent.trendmicro.com
TCP: 443
 
   
Secure Access Module User Behavior Tracking data feedback
event-sg.ztsaagent.trendmicro.com
TCP: 443
 
   
Secure Access Module debug log upload
upload.sg.xdr.trendmicro.com
TCP: 443
 
   
Internet Access Gateway Proxy Address
proxy.ztsa-iag.trendmicro.com
proxy.sg.ztsa-iag.trendmicro.com
TCP: 80/443
     
Internet Access On-Premises Gateway (via Service Gateway) Proxy Address
FQDN or IP address of the on-premise gateway
TCP: 8088
     
Internet Access On-Premises Gateway (via Service Gateway) NTLM Auth Proxy Address
FQDN or IP address of the on-premise gateway
TCP: 8089
     
Internet Access On-Premises Gateway (via Service Gateway) ICAP Service Address
FQDN or IP address of the on-premise gateway
TCP: 1344/11344
         
Internet Access Gateway PAC file location
pac.sg.ztsa-iag.trendmicro.com
TCP: 80/443
     
General authentication services
  • signin.v1.trendmicro.com (Foundation Services update)
  • tm.login.trendmicro.com
  • iamservice.trendmicro.com
  • Other custom IDP services
Google reCAPTCHA:
  • www.gstatic.com
  • fonts.gstatic.com
  • Plus one of the following:
    • www.google.com (recommended)
    • www.recaptcha.net
TCP: 443
         
Internet Access Gateway authentication service used for:
  • Browser-based or agent-less authentication
  • Diagnostic services
  • Integration with Secure Access modules for retrieving PAC files and other necessary information
auth.ztsa-iag.trendmicro.com
auth.sg.ztsa-iag.trendmicro.com
TCP: 80/443
 
     
Private Access service accessed by Secure Access Module and Private Access Connector
agent-sg-rel.ztna.trendmicro.com
TCP: 443
 
Private Access Connector download by users
download-sg-rel.ztna.trendmicro.com
TCP: 443
         
Private Access Connector CDT collect
saseztnaprodsgsagen2.blob.core.windows.net
TCP: 443
UDP: 443
       
Private Access Connector firmware upgrade
saseztnaprodsgsa.blob.core.windows.net
ztnaextacr.azurecr.io
TCP: 443
UDP: 443
       
Microsoft Azure IoT Hub
sase-ztna-prod-sg-iothub-cntevt.azure-devices.net
TCP: 443
UDP: 443
   
 
Speed test for Secure Access Module, Private Access Connector, and Private Access User Portal
Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following FQDNs:
  • speedtest.anz.ztna.trendmicro.com
  • speedtest.eu.ztna.trendmicro.com
  • speedtest.in.ztna.trendmicro.com
  • speedtest.jp.ztna.trendmicro.com
  • speedtest.sg.ztna.trendmicro.com
  • speedtest.us.ztna.trendmicro.com
  • speedtest.br.ztna.trendmicro.com
  • speedtest.mea.ztna.trendmicro.com
  • speedtest.is.ztna.trendmicro.com
  • speedtest.sa.ztna.trendmicro.com
  • speedtest.uk.ztna.trendmicro.com
TCP: 443
   
Private Access Static IP Pool of Cloud Relay Service
Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following IP pools:
  • 20.5.69.128/28 (for Australia)
  • 20.4.51.32/28 (for Europe)
  • 20.219.254.160/28 (for India)
  • 52.140.246.128/28 (for Japan)
  • 52.187.118.64/28 (for Singapore)
  • 20.7.52.240/28 (for United States)
  • 4.228.193.144/28 (for Brazil)
  • 20.74.229.224/28 (for MEA)
  • 20.217.194.0/28 (for Israel)
  • 4.168.219.16/28 (for South Africa)
  • 20.58.44.64/28 (for United Kingdom)
TCP: 443
UDP: 443
   
Private Access Browser Access End User Portal
{Customer_Specified}.myapplications.sg.ztna.trendmicro.com
TCP: 443
     
 
Private Access Browser Access Proxy
{Customer_Specified}.edge.sg.ztna.trendmicro.com
TCP: 443
TCP: 80
     
 
Private Access Browser Access Proxy for Remote Desktop (RDP)
{Customer_Specified}.rdgw.sg.ztna.trendmicro.com
TCP: 443
TCP: 80
     
 
Private Access Connector NTP server
Default NTP servers are listed as follows. You can configure your own NTP servers.
  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • 3.pool.ntp.org
UDP: 123
       
P2P communication between Private Access Connector and Secure Access Module
Peer's internet IP address
UDP: random port number, greater than 10000