Europe - Zero Trust Secure Access FQDNs/IP addresses

Views:

Zero Trust Secure Access FQDNs/IP Addresses

Description	FQDN/IP Address	Port	Used By
Description	FQDN/IP Address	Port	Internet Access - Client Access	Internet Access - PAC Mode	Private Access - Client Access	Private Access - Browser Access	Private Access Connector
Secure Access Module download and upgrade	`prod.ztsaagent.trendmicro.com`	TCP: 443	√		√
Secure Access Module User Behavior Tracking data feedback	`event-eu.ztsaagent.trendmicro.com`	TCP: 443	√		√
Secure Access Module debug log upload	`upload.eu.xdr.trendmicro.com/`	TCP: 443	√		√
Internet Access Gateway Proxy Address	`proxy.ztsa-iag.trendmicro.com` `proxy.eu.ztsa-iag.trendmicro.com` `proxy-uk.eu.ztsa-iag.trendmicro.com` (for United Kingdom) `proxy-fr.eu.ztsa-iag.trendmicro.com` (for France) `proxy-sa.eu.ztsa-iag.trendmicro.com` (for South Africa) `proxy-me.eu.ztsa-iag.trendmicro.com` (for Middle East) `proxy-il.eu.ztsa-iag.trendmicro.com` (for Israel) `proxy-it.eu.ztsa-iag.trendmicro.com` (for Italy) `proxy-es.eu.ztsa-iag.trendmicro.com` (for Spain)	TCP: 80/443	√	√
Internet Access On-Premises Gateway (via Service Gateway) Proxy Address	FQDN or IP address of the on-premise gateway	TCP: 8088	√	√
Internet Access On-Premises Gateway (via Service Gateway) NTLM Auth Proxy Address	FQDN or IP address of the on-premise gateway	TCP: 8089	√	√
Internet Access Gateway PAC file location	`pac.eu.ztsa-iag.trendmicro.com`	TCP: 80/443	√	√
General authentication services	`signin.v1.trendmicro.com` (Foundation Services update) `tm.login.trendmicro.com` `iamservice.trendmicro.com` Other custom IDP services Google reCAPTCHA: www.gstatic.com fonts.gstatic.com Plus one of the following: www.google.com (recommended) www.recaptcha.net	TCP: 443
Internet Access Gateway authentication service used for: Browser-based or agent-less authentication Diagnostic services Integration with Secure Access modules for retrieving PAC files and other necessary information	`auth.ztsa-iag.trendmicro.com` `auth.eu.ztsa-iag.trendmicro.com`	TCP: 80/443		√
Private Access service accessed by Secure Access Module and Private Access Connector	`agent-eu-rel.ztna.trendmicro.com`	TCP: 443	√		√	√	√
Private Access Connector download by users	`download-eu-rel.ztna.trendmicro.com`	TCP: 443
Private Access Connector CDT collect	`saseztnaprodeusagen2.blob.core.windows.net`	TCP: 443 UDP: 443					√
Private Access Connector firmware upgrade	`saseztnaprodeusa.blob.core.windows.net` `ztnaextacr.azurecr.io`	TCP: 443 UDP: 443					√
Microsoft Azure IoT Hub	`sase-ztna-prod-eu-iothub-cntevt.azure-devices.net`	TCP: 443 UDP: 443			√		√
Speed test for Secure Access Module, Private Access Connector, and Private Access User Portal	Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following FQDNs: `speedtest.anz.ztna.trendmicro.com` `speedtest.eu.ztna.trendmicro.com` `speedtest.in.ztna.trendmicro.com` `speedtest.jp.ztna.trendmicro.com` `speedtest.sg.ztna.trendmicro.com` `speedtest.us.ztna.trendmicro.com` `speedtest.br.ztna.trendmicro.com` `speedtest.mea.ztna.trendmicro.com` `speedtest.is.ztna.trendmicro.com` `speedtest.sa.ztna.trendmicro.com` `speedtest.uk.ztna.trendmicro.com`	TCP: 443			√	√	√
Private Access Static IP Pool of Cloud Relay Service	Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following IP pools: `20.5.69.128/28 (for Australia)` `20.4.51.32/28 (for Europe)` `20.219.254.160/28 (for India)` `52.140.246.128/28 (for Japan)` `52.187.118.64/28 (for Singapore)` `20.7.52.240/28 (for United States)` `4.228.193.144/28 (for Brazil)` `20.74.229.224/28 (for MEA)` `20.217.194.0/28 (for Israel)` `4.168.219.16/28 (for South Africa)` `20.58.44.64/28 (for United Kingdom)`	TCP: 443 UDP: 443			√	√	√
Private Access Browser Access End User Portal	`{Customer_Specified}.myapplications.eu.ztna.trendmicro.com`	TCP: 443				√
Private Access Browser Access Proxy	`{Customer_Specified}.edge.eu.ztna.trendmicro.com`	TCP: 443 TCP: 80				√
Private Access Browser Access Proxy for Remote Desktop (RDP)	`{Customer_Specified}.rdgw.eu.ztna.trendmicro.com`	TCP: 443 TCP: 80				√
Private Access Connector NTP server	Default NTP servers are listed as follows. You can configure your own NTP servers. 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org	UDP: 123					√
P2P communication between Private Access Connector and Secure Access Module	Peer's internet IP address	UDP: random port number, greater than 10000			√		√