Zero Trust Secure Access FQDNs/IP Addresses
Description
|
FQDN/IP Address
|
Port
|
Used By
|
||||
Internet Access - Client Access
|
Internet Access - PAC Mode
|
Private Access - Client Access
|
Private Access - Browser Access
|
Private Access Connector
|
|||
Secure Access Module download and upgrade
|
prod.ztsaagent.trendmicro.com |
TCP: 443
|
√
|
√
|
|||
Secure Access Module User Behavior Tracking data
feedback
|
event-us.ztsaagent.trendmicro.com |
TCP: 443
|
√
|
√
|
|||
Secure Access Module debug log upload
|
upload.xdr.trendmicro.com |
TCP: 443
|
√
|
√
|
|||
Internet Access Gateway Proxy Address
|
proxy.ztsa-iag.trendmicro.com proxy.us.ztsa-iag.trendmicro.com proxy.ztsa-iag.trendmicro.com proxy-or.us.ztsa-iag.trendmicro.com (for Oregon)proxy-br.us.ztsa-iag.trendmicro.com (for Brazil)proxy-co.us.ztsa-iag.trendmicro.com (for Columbia) |
TCP: 80/443
|
√
|
√
|
|||
Internet Access On-Premises Gateway (via Service Gateway)
Proxy Address
|
FQDN or IP address of the on-premise gateway
|
TCP: 8088
|
√
|
√
|
|||
Internet Access On-Premises Gateway (via Service Gateway) NTLM
Auth Proxy Address
|
FQDN or IP address of the on-premise gateway
|
TCP: 8089
|
√
|
√
|
|||
Internet Access On-Premises Gateway (via Service Gateway) ICAP
Service Address
|
FQDN or IP address of the on-premise gateway
|
TCP: 1344/11344
|
|||||
Internet Access Gateway PAC file location
|
pac.us.ztsa-iag.trendmicro.com |
TCP: 80/443
|
√
|
√
|
|||
General authentication services
|
Google reCAPTCHA:
|
TCP: 443
|
|||||
Internet Access Gateway authentication service
used for:
|
auth.ztsa-iag.trendmicro.com auth.us.ztsa-iag.trendmicro.com |
TCP: 80/443
|
√
|
||||
Private Access service accessed by Secure Access Module
and Private Access Connector
|
agent-us-rel.ztna.trendmicro.com |
TCP: 443
|
√
|
√
|
√
|
√
|
|
Private Access Connector download by users
|
download-us-rel.ztna.trendmicro.com |
TCP: 443
|
|||||
Private Access Connector CDT collect
|
saseztnaprodussagen2.blob.core.windows.net |
TCP: 443
UDP: 443
|
√
|
||||
Private Access Connector firmware upgrade
|
saseztnaprodussa.blob.core.windows.net ztnaextacr.azurecr.io |
TCP: 443
UDP: 443
|
√
|
||||
Microsoft Azure IoT Hub
|
sase-ztna-prod-us-iothub-cntevt.azure-devices.net |
TCP: 443
UDP: 443
|
√
|
√
|
|||
Speed test for Secure Access Module, Private Access Connector,
and Private Access User Portal
|
Private Access Connector automatically selects the site that
has the lowest network latency. If you have configured firewalls, Trend Micro
recommends adding all of the following FQDNs:
|
TCP: 443
|
√
|
√
|
√
|
||
Private Access Static IP Pool of Cloud Relay Service
|
Private Access Connector automatically selects the site that
has the lowest network latency. If you have configured firewalls, Trend Micro
recommends adding all of the following IP pools:
|
TCP: 443
UDP: 443
|
√
|
√
|
√
|
||
Private Access Browser Access End User Portal
|
{Customer_Specified}.myapplications.us.ztna.trendmicro.com |
TCP: 443
|
√
|
||||
Private Access Browser Access Proxy
|
{Customer_Specified}.edge.us.ztna.trendmicro.com |
TCP: 443
TCP: 80
|
√
|
||||
Private Access Browser Access Proxy for Remote Desktop
(RDP)
|
{Customer_Specified}.rdgw.us.ztna.trendmicro.com |
TCP: 443
TCP: 80
|
√
|
||||
Private Access Connector NTP server
|
Default NTP servers are listed as follows. You can configure
your own NTP servers.
|
UDP: 123
|
√
|
||||
P2P communication between Private Access Connector and Secure
Access Module
|
Peer's internet IP address
|
UDP: random port number, greater than 10000
|
√
|
√
|