Port numbers, URLs, and IP addresses

Views:

Workload Security components communicate over your network using the following:

IP addresses and port numbers
URLs

Before deployment, your network administrator might need to configure firewalls, AWS security groups, and web proxies to allow those network services.

Default settings are displayed. Many network settings are configurable. For example, if your network has a web proxy, you could configure agents to connect through it on port 1443, instead of directly to Workload Security on port 443. If you change the default settings, then firewalls must allow communications via the new settings.

The following network diagram provides an overview:

ports-diagram-dsaas=1950db5b-9dc0-4473-8179-d0143623f738.png

Required Workload Security IP addresses and port numbers

The following table is organized by source address (the deployment component which starts the TCP connection or UDP session). Replies (packets in the same connection but opposite direction, from the destination address) usually must be allowed, too.

Workload Security servers usually have dynamic IP addresses (that is, other computers in your deployment use DNS queries to find the current IP address of a Workload Security FQDN when required). For the list of Workload Security domain names, see Required Workload Security URLs.

Some ports are required only if you use specific components and features. Some services might have static IP addresses. These exceptions and optional features are indicated.

All ports in the table are destination ports (also known as listening ports). Like many software, Workload Security also uses a range of dynamic, ephemeral source ports when opening a socket. Rarely, ephemeral source ports might be blocked, which causes connectivity issues. If that happens, you must also open the source ports.

Source Address	Destination Address	Port (Default)	Protocol
Administrator's computer	DNS server	53	DNS over UDP
	NTP server	123	NTP over UDP
	Workload Security Accounts created before 2020-11-23: Outbound connections use the following static IP addresses only if your Workload Security or Deep Security as a Service account was created before 2020-11-23. To determine when your account was created, select your tenant name at the top of the console, and then select Account Details. The date appears next to Created. Console (GUI) 34.196.38.94 34.198.27.224 34.198.6.142 34.205.210.199 34.205.219.175 34.205.239.162 34.226.116.82 34.233.153.57 35.153.222.175 35.169.254.68 35.169.43.208 35.172.176.62 50.17.162.194 52.0.124.201 52.0.33.128 52.202.124.22 52.207.138.122 52.22.162.229 52.3.171.31 52.72.111.249 52.72.211.36 52.87.46.150 54.175.211.84 54.80.120.113 3.225.229.14 18.215.67.148 34.195.125.27 3.86.123.174 44.206.92.118 44.194.122.255 34.197.70.194 18.213.159.46 52.203.120.170 44.205.104.224 35.173.89.232 44.196.197.8 54.243.242.11 34.200.138.190 54.162.255.145 52.203.15.159 44.199.124.64 18.210.225.102 18.235.109.2 44.211.7.123 54.160.53.57 18.209.2.38 3.211.162.147 34.233.239.156 44.207.171.40 18.96.96.27 18.96.96.128 18.97.19.0/27 18.97.133.160 18.97.133.27 34.205.5.0 34.205.5.27 3.140.136.224 3.140.136.27 18.98.162.128 18.98.162.27 18.169.230.160 18.169.230.27 18.99.38.64 18.99.38.27 13.214.15.0 13.214.15.27 35.75.131.96 35.75.131.27 18.96.226.0 18.96.226.27 3.108.13.32 3.108.13.27 18.96.34.160 18.96.34.27 3.69.198.64 3.69.198.27 18.99.0.224 18.99.0.27 3.99.65.64 3.99.65.27 18.98.193.32 18.98.193.27 3.26.127.96 3.26.127.27	443	HTTPS over TCP
Workload Security Subnets: Australia: 3.26.127.96/27 18.98.193.32/27 Canada: 3.99.65.64/27 18.99.0.224/27 Germany: 3.69.198.64/27 18.96.34.160/27 India: 3.108.13.32/27 18.96.226.0/27 Japan: 35.75.131.96/27 18.99.69.160/27 Singapore: 13.214.15.0/27 18.99.38.64/27 UK: 18.169.230.160/27 18.98.162.128/27 USA: 3.140.136.224/27 34.205.5.0/27 18.97.133.160/27 18.97.19.0/27	SIEM or Syslog server (if any)	514	Syslog over UDP
	SIEM or Syslog server (if any)	6514	Syslog over TLS
	Agents, relays (if any) Only required if you enable bidirectional or manager-initiated communication.	4118	HTTPS over TCP
Agents	DNS server	53	DNS over UDP
	NTP server	123	NTP over UDP
	SIEM or Syslog server (if any)	514	Syslog over UDP
	Workload Security	443	HTTPS over TCP
	Relays (if any)	4122	HTTPS over TCP
	Smart Protection Network	80	HTTP over TCP
	Smart Protection Network	443	HTTPS over TCP
	Service Gateway (if any, instead of Smart Protection Network, for File Reputation feature)	8080	HTTP over TCP
	Smart Protection Server (if any, instead of Smart Protection Network, for File Reputation feature)	80	HTTP over TCP
		443	HTTPS over TCP
	Smart Protection Server (if any, instead of Smart Protection Network, for Web Reputation feature)	5274	HTTP over TCP
		5275	HTTPS over TCP
Relays (if any)	All destination addresses, ports, and protocols required by agents (each relay contains an agent)
	Other relays (if any)	4122	HTTPS over TCP
	Localhost (on relays, its agent connects locally, not to a remote relay) Only configure if the server's other software uses the same port (a port conflict), or if host firewalls such as iptables or Windows Firewall block localhost connections (server connecting internally to itself). Network firewalls do not need to allow this port because localhost connections do not reach the network.	4123	N/A
	Trend Micro Update Server / Active Update	80	HTTP over TCP
	Trend Micro Update Server / Active Update	443	HTTPS over TCP
	Download Center, or its mirror on a local web server (if any)	443	HTTPS over TCP
Data Center Gateway (if any)	DNS server	53	DNS over UDP
	NTP server	123	NTP over UDP
	Workload Security	443	HTTPS over TCP
	VMware vCenter	443	HTTPS over TCP
	Microsoft Active Directory	389	STARTTLS and LDAP over TCP and UDP
	Microsoft Active Directory	636	LDAPS over TCP and UDP
Service Gateway (if any)	DNS server	53	DNS over UDP
	NTP server	123	NTP over UDP
	Trend Micro Smart Protection Network (for File Reputation feature)	80	HTTP over TCP
		443	HTTPS over TCP
API clients (if any)	Workload Security	443	HTTPS over TCP

Required Workload Security URLs

Web proxies and URL filters can inspect the HTTP layer of connections: valid certificates, URL (such as /index), fully-qualified domain name (FQDN) (such as Host: store.example.com:8080), and more. Allow all URLs on every FQDN listed in the following table.

For example, agents and relays must be able to download software updates from files.trendmicro.com on port 80 or 443. You have allowed that TCP/IP connection on your firewall. However, the connection contains the HTTP or HTTPS protocol, which can be blocked not only by firewalls, but also by web proxies and web filters. Therefore you must configure them to allow https://files.trendmicro.com/ or http://files.trendmicro.com/ and all sub-URLs.

Some FQDNs are required only if you use specific components and features, as indicated.

Source Address	Destination Address	Host FQDN	Protocols
Agents,relays (if any)	Workload Security	Agent 20.0 build 1541 and later: The FQDNs for your region: Australia: workload.au-1.cloudone.trendmicro.com Canada: workload.ca-1.cloudone.trendmicro.com Germany: workload.de-1.cloudone.trendmicro.com India: workload.in-1.cloudone.trendmicro.com Japan: workload.jp-1.cloudone.trendmicro.com Singapore: workload.sg-1.cloudone.trendmicro.com UK: workload.gb-1.cloudone.trendmicro.com USA: workload.us-1.cloudone.trendmicro.com deepsecurity.trendmicro.com If your firewall does not support wild card FQDNs (such as `workload.<region>.cloudone.trendmicro.com`), then instead you must individually allow every required FQDN. Australia: workload.au-1.cloudone.trendmicro.com agents.workload.au-1.cloudone.trendmicro.com agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com agent-comm.workload.au-1.cloudone.trendmicro.com dsmim.workload.au-1.cloudone.trendmicro.com relay.workload.au-1.cloudone.trendmicro.com xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com Canada: workload.ca-1.cloudone.trendmicro.com agents.workload.ca-1.cloudone.trendmicro.com agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com agent-comm.workload.ca-1.cloudone.trendmicro.com dsmim.workload.ca-1.cloudone.trendmicro.com relay.workload.ca-1.cloudone.trendmicro.com xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com Germany: workload.de-1.cloudone.trendmicro.com agents.workload.de-1.cloudone.trendmicro.com agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com agent-comm.workload.de-1.cloudone.trendmicro.com dsmim.workload.de-1.cloudone.trendmicro.com relay.workload.de-1.cloudone.trendmicro.com xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com India: workload.in-1.cloudone.trendmicro.com agents.workload.in-1.cloudone.trendmicro.com agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com agent-comm.workload.in-1.cloudone.trendmicro.com dsmim.workload.in-1.cloudone.trendmicro.com relay.workload.in-1.cloudone.trendmicro.com xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com Japan: workload.jp-1.cloudone.trendmicro.com agents.workload.jp-1.cloudone.trendmicro.com agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com agent-comm.workload.jp-1.cloudone.trendmicro.com dsmim.workload.jp-1.cloudone.trendmicro.com relay.workload.jp-1.cloudone.trendmicro.com xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com Singapore: workload.sg-1.cloudone.trendmicro.com agents.workload.sg-1.cloudone.trendmicro.com agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com agent-comm.workload.sg-1.cloudone.trendmicro.com dsmim.workload.sg-1.cloudone.trendmicro.com relay.workload.sg-1.cloudone.trendmicro.com xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com UK: workload.gb-1.cloudone.trendmicro.com agents.workload.gb-1.cloudone.trendmicro.com agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com agent-comm.workload.gb-1.cloudone.trendmicro.com dsmim.workload.gb-1.cloudone.trendmicro.com relay.workload.gb-1.cloudone.trendmicro.com xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com USA: workload.us-1.cloudone.trendmicro.com deepsecurity.trendmicro.com agents.deepsecurity.trendmicro.com agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com agent-comm.workload.us-1.cloudone.trendmicro.com dsmim.deepsecurity.trendmicro.com relay.deepsecurity.trendmicro.com xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com	HTTPS HTTP
	Workload Security	Agent 20.0 build 1540 and earlier: The FQDNs for your region: Australia: workload.au-1.cloudone.trendmicro.com Canada: workload.ca-1.cloudone.trendmicro.com Germany: workload.de-1.cloudone.trendmicro.com India: workload.in-1.cloudone.trendmicro.com Japan: workload.jp-1.cloudone.trendmicro.com Singapore: workload.sg-1.cloudone.trendmicro.com UK: workload.gb-1.cloudone.trendmicro.com USA: workload.us-1.cloudone.trendmicro.com deepsecurity.trendmicro.com and the legacy domain names: app.deepsecurity.trendmicro.com agents.deepsecurity.trendmicro.com dsmim.deepsecurity.trendmicro.com relay.deepsecurity.trendmicro.com If your firewall does not support wild card FQDNs (such as `workload.<region>.cloudone.trendmicro.com`), then instead you must individually allow every required FQDN. Australia: workload.au-1.cloudone.trendmicro.com agents.workload.au-1.cloudone.trendmicro.com agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com agent-comm.workload.au-1.cloudone.trendmicro.com dsmim.workload.au-1.cloudone.trendmicro.com relay.workload.au-1.cloudone.trendmicro.com xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com Canada: workload.ca-1.cloudone.trendmicro.com agents.workload.ca-1.cloudone.trendmicro.com agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com agent-comm.workload.ca-1.cloudone.trendmicro.com dsmim.workload.ca-1.cloudone.trendmicro.com relay.workload.ca-1.cloudone.trendmicro.com xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com Germany: workload.de-1.cloudone.trendmicro.com agents.workload.de-1.cloudone.trendmicro.com agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com agent-comm.workload.de-1.cloudone.trendmicro.com dsmim.workload.de-1.cloudone.trendmicro.com relay.workload.de-1.cloudone.trendmicro.com xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com India: workload.in-1.cloudone.trendmicro.com agents.workload.in-1.cloudone.trendmicro.com agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com agent-comm.workload.in-1.cloudone.trendmicro.com dsmim.workload.in-1.cloudone.trendmicro.com relay.workload.in-1.cloudone.trendmicro.com xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com Japan: workload.jp-1.cloudone.trendmicro.com agents.workload.jp-1.cloudone.trendmicro.com agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com agent-comm.workload.jp-1.cloudone.trendmicro.com dsmim.workload.jp-1.cloudone.trendmicro.com relay.workload.jp-1.cloudone.trendmicro.com xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com Singapore: workload.sg-1.cloudone.trendmicro.com agents.workload.sg-1.cloudone.trendmicro.com agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com agent-comm.workload.sg-1.cloudone.trendmicro.com dsmim.workload.sg-1.cloudone.trendmicro.com relay.workload.sg-1.cloudone.trendmicro.com xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com UK: workload.gb-1.cloudone.trendmicro.com agents.workload.gb-1.cloudone.trendmicro.com agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com agent-comm.workload.gb-1.cloudone.trendmicro.com dsmim.workload.gb-1.cloudone.trendmicro.com relay.workload.gb-1.cloudone.trendmicro.com xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com USA: workload.us-1.cloudone.trendmicro.com agents.deepsecurity.trendmicro.com agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com agent-comm.workload.us-1.cloudone.trendmicro.com dsmim.deepsecurity.trendmicro.com relay.deepsecurity.trendmicro.com xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com	HTTPS HTTP
	Download Center, or its mirror on a local web server (if any)	files.trendmicro.com or the local web server's FQDN	HTTPS HTTP
	Trend Micro Update Server / Active Update	iaus.activeupdate.trendmicro.com iaus.trendmicro.com ipv6-iaus.trendmicro.com ipv6-iaus.activeupdate.trendmicro.com	HTTPS HTTP
	Trend Vision One	.xdr.trendmicro.com .xdr.trendmicro.co.jp	HTTPS HTTP
Agents	Smart Protection Network	dsaas1100-en-census.trendmicro.com Only required for the Global Census feature's behavior monitoring, and predictive machine learning.	HTTPS HTTP
		Agent 20.0 and later: ds200-en.fbs25.trendmicro.com ds200-jp.fbs25.trendmicro.com Agent 12.0: ds120-en.fbs25.trendmicro.com ds120-jp.fbs25.trendmicro.com Agent 11.0: deepsecurity1100-en.fbs25.trendmicro.com deepsecurity1100-jp.fbs25.trendmicro.com Agent 10.0: deepsecurity1000-en.fbs20.trendmicro.com deepsecurity1000-jp.fbs20.trendmicro.com deepsecurity1000-sc.fbs20.trendmicro.com Only required for Smart Feedback.	HTTPS HTTP
		dsaas.icrc.trendmicro.com Only required for Smart Scan.	HTTPS HTTP
		dsaas-en-f.trx.trendmicro.com dsaas-en-b.trx.trendmicro.com Only required for predictive machine learning.	HTTPS HTTP
		deepsecaas11-en.gfrbridge.trendmicro.com Only required for the File Reputation feature's behavior monitoring, predictive machine learning, and process memory scans.	HTTPS HTTP
		dsaas.url.trendmicro.com Only required for Web Reputation.	HTTPS HTTP
	Smart Protection Server (if any, instead of Smart Protection Network)	Your Smart Protection Server's FQDN Only required for File Reputation and Web Reputation. Other features still require the Smart Protection Network, and cannot use this local server.	HTTPS HTTP
Workload Security	Agents Relays (if any) Only required if you enable bidirectional or manager-initiated communication.	Agent 20.0 build 1559 and later: The FQDNs for your region: Australia: agents.workload.au-1.cloudone.trendmicro.com Canada: agents.workload.ca-1.cloudone.trendmicro.com Germany: agents.workload.de-1.cloudone.trendmicro.com India: agents.workload.in-1.cloudone.trendmicro.com Japan: agents.workload.jp-1.cloudone.trendmicro.com Singapore: agents.workload.sg-1.cloudone.trendmicro.com UK: agents.workload.gb-1.cloudone.trendmicro.com USA: agents.workload.us-1.cloudone.trendmicro.com If your firewall does not support wild card FQDNs (such as `*workload.<region>.cloudone.trendmicro.com`), then instead you must individually allow every required FQDN. Australia: agents.workload.au-1.cloudone.trendmicro.com agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com Canada: agents.workload.ca-1.cloudone.trendmicro.com agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com Germany: agents.workload.de-1.cloudone.trendmicro.com agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com India: agents.workload.in-1.cloudone.trendmicro.com agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com Japan: agents.workload.jp-1.cloudone.trendmicro.com agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com Singapore: agents.workload.sg-1.cloudone.trendmicro.com agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com UK: agents.workload.gb-1.cloudone.trendmicro.com agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com USA: agents.deepsecurity.trendmicro.com agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com	HTTPS
		Agent 20.0 build 1558 and earlier: The FQDNs for your region: Australia: agents.workload.au-1.cloudone.trendmicro.com Canada: agents.workload.ca-1.cloudone.trendmicro.com Germany: agents.workload.de-1.cloudone.trendmicro.com India: agents.workload.in-1.cloudone.trendmicro.com Japan: agents.workload.jp-1.cloudone.trendmicro.com Singapore: agents.workload.sg-1.cloudone.trendmicro.com UK: agents.workload.gb-1.cloudone.trendmicro.com USA: agents.workload.us-1.cloudone.trendmicro.com and the legacy domain name: agents.deepsecurity.trendmicro.com If your firewall does not support wild card FQDNs (such as `*workload.<region>.cloudone.trendmicro.com`), then instead you must individually allow every required FQDN. Australia: agents.workload.au-1.cloudone.trendmicro.com agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com Canada: agents.workload.ca-1.cloudone.trendmicro.com agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com Germany: agents.workload.de-1.cloudone.trendmicro.com agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com India: agents.workload.in-1.cloudone.trendmicro.com agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com Japan: agents.workload.jp-1.cloudone.trendmicro.com agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com Singapore: agents.workload.sg-1.cloudone.trendmicro.com agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com UK: agents.workload.gb-1.cloudone.trendmicro.com agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com USA: agents.deepsecurity.trendmicro.com agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com	HTTPS
Data Center Gateway (if any)	Workload Security	The FQDNs for your region: Australia: gateway.workload.au-1.cloudone.trendmicro.com gateway-control.workload.au-1.cloudone.trendmicro.com Canada: gateway.workload.ca-1.cloudone.trendmicro.com gateway-control.workload.ca-1.cloudone.trendmicro.com Germany: gateway.workload.de-1.cloudone.trendmicro.com gateway-control.workload.de-1.cloudone.trendmicro.com India: gateway.workload.in-1.cloudone.trendmicro.com gateway-control.workload.in-1.cloudone.trendmicro.com Japan: gateway.workload.jp-1.cloudone.trendmicro.com gateway-control.workload.jp-1.cloudone.trendmicro.com Singapore: gateway.workload.sg-1.cloudone.trendmicro.com gateway-control.workload.sg-1.cloudone.trendmicro.com UK: gateway.workload.gb-1.cloudone.trendmicro.com gateway-control.workload.gb-1.cloudone.trendmicro.com USA: gateway.workload.us-1.cloudone.trendmicro.com gateway-control.workload.us-1.cloudone.trendmicro.com	HTTPS
API clients (if any)	Workload Security	The FQDNs for your region: Australia: workload.au-1.cloudone.trendmicro.com Canada: workload.ca-1.cloudone.trendmicro.com Germany: workload.de-1.cloudone.trendmicro.com India: workload.in-1.cloudone.trendmicro.com Japan: workload.jp-1.cloudone.trendmicro.com Singapore: workload.sg-1.cloudone.trendmicro.com UK: workload.gb-1.cloudone.trendmicro.com USA:* workload.us-1.cloudone.trendmicro.com deepsecurity.trendmicro.com and depending on which API you use, one of the following legacy domain names: app.deepsecurity.trendmicro.com/api app.deepsecurity.trendmicro.com/webservice/Manager?WSDL (deprecated) app.deepsecurity.trendmicro.com/rest (deprecated) If your web filter does not support wild card FQDNs (such as `*workload.<region>.cloudone.trendmicro.com`), then instead you must individually allow every required FQDN. Australia: workload.au-1.cloudone.trendmicro.com agents.workload.au-1.cloudone.trendmicro.com agents-001 through agents-010.workload.au-1.cloudone.trendmicro.com agent-comm.workload.au-1.cloudone.trendmicro.com dsmim.workload.au-1.cloudone.trendmicro.com relay.workload.au-1.cloudone.trendmicro.com xdr-resp-ioc.workload.au-1.cloudone.trendmicro.com Canada: workload.ca-1.cloudone.trendmicro.com agents.workload.ca-1.cloudone.trendmicro.com agents-001 through agents-010.workload.ca-1.cloudone.trendmicro.com agent-comm.workload.ca-1.cloudone.trendmicro.com dsmim.workload.ca-1.cloudone.trendmicro.com relay.workload.ca-1.cloudone.trendmicro.com xdr-resp-ioc.workload.ca-1.cloudone.trendmicro.com Germany: workload.de-1.cloudone.trendmicro.com agents.workload.de-1.cloudone.trendmicro.com agents-001 through agents-010.workload.de-1.cloudone.trendmicro.com agent-comm.workload.de-1.cloudone.trendmicro.com dsmim.workload.de-1.cloudone.trendmicro.com relay.workload.de-1.cloudone.trendmicro.com xdr-resp-ioc.workload.de-1.cloudone.trendmicro.com India: workload.in-1.cloudone.trendmicro.com agents.workload.in-1.cloudone.trendmicro.com agents-001 through agents-010.workload.in-1.cloudone.trendmicro.com agent-comm.workload.in-1.cloudone.trendmicro.com dsmim.workload.in-1.cloudone.trendmicro.com relay.workload.in-1.cloudone.trendmicro.com xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com Japan: workload.jp-1.cloudone.trendmicro.com agents.workload.jp-1.cloudone.trendmicro.com agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com agent-comm.workload.jp-1.cloudone.trendmicro.com dsmim.workload.jp-1.cloudone.trendmicro.com relay.workload.jp-1.cloudone.trendmicro.com xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com Singapore: workload.sg-1.cloudone.trendmicro.com agents.workload.sg-1.cloudone.trendmicro.com agents-001 through agents-010.workload.sg-1.cloudone.trendmicro.com agent-comm.workload.sg-1.cloudone.trendmicro.com dsmim.workload.sg-1.cloudone.trendmicro.com relay.workload.sg-1.cloudone.trendmicro.com xdr-resp-ioc.workload.sg-1.cloudone.trendmicro.com UK: workload.gb-1.cloudone.trendmicro.com agents.workload.gb-1.cloudone.trendmicro.com agents-001 through agents-010.workload.gb-1.cloudone.trendmicro.com agent-comm.workload.gb-1.cloudone.trendmicro.com dsmim.workload.gb-1.cloudone.trendmicro.com relay.workload.gb-1.cloudone.trendmicro.com xdr-resp-ioc.workload.gb-1.cloudone.trendmicro.com USA: workload.us-1.cloudone.trendmicro.com agents.deepsecurity.trendmicro.com agents-001 through agents-010.workload.us-1.cloudone.trendmicro.com agent-comm.workload.us-1.cloudone.trendmicro.com dsmim.deepsecurity.trendmicro.com relay.deepsecurity.trendmicro.com xdr-resp-ioc.workload.us-1.cloudone.trendmicro.com	HTTPS
Notification Service	Workload Security	The FQDNs for your region: Australia: workload.au-1.cloudone.trendmicro.com Canada: workload.ca-1.cloudone.trendmicro.com Germany: workload.de-1.cloudone.trendmicro.com India: workload.in-1.cloudone.trendmicro.com Japan: workload.jp-1.cloudone.trendmicro.com Singapore: workload.sg-1.cloudone.trendmicro.com UK: workload.gb-1.cloudone.trendmicro.com USA: workload.us-1.cloudone.trendmicro.com deepsecurity.trendmicro.com UAE: workload.ae-1.cloudone.trendmicro.com If your firewall does not support wild card FQDNs such as `c1ws-notification.<region>.cloudone.trendmicro.com`, then you must individually allow every FQDN.	HTTPS