Views:

Zero Trust Secure Access FQDNs/IP Addresses

Description
FQDN/IP Address
Port
Used By
Internet Access - Client Access
Internet Access - PAC Mode
Private Access - Client Access
Private Access - Browser Access
Private Access Connector
Secure Access Module download and upgrade
prod.ztsaagent.trendmicro.com
TCP: 443
 
   
Secure Access Module User Behavior Tracking data feedback
event-mea.ztsaagent.trendmicro.com
TCP: 443
 
   
Secure Access Module debug log upload
upload.xdr.trendmicro.com
TCP: 443
 
   
Internet Access Gateway Proxy Address
proxy.ztsa-iag.trendmicro.com
proxy.mea.ztsa-iag.trendmicro.com
TCP: 80/8080
     
Internet Access On-Premises Gateway (via Service Gateway) Proxy Address
FQDN or IP address of the on-premise gateway
TCP: 8088
     
Internet Access On-Premises Gateway (via Service Gateway) NTLM Auth Proxy Address
FQDN or IP address of the on-premise gateway
TCP: 8089
     
Internet Access On-Premises Gateway (via Service Gateway) ICAP Service Address
FQDN or IP address of the on-premise gateway
TCP: 1344/11344
          
Internet Access Gateway PAC file location
pac.mea.ztsa-iag.trendmicro.com
TCP: 80/443
     
General authentication services
  • signin.v1.trendmicro.com (Foundation Services update)
  • tm.login.trendmicro.com
  • iamservice.trendmicro.com
  • Other custom IDP services
Google reCAPTCHA:
  • www.gstatic.com
  • fonts.gstatic.com
  • Plus one of the following:
    • www.google.com (recommended)
    • www.recaptcha.net
TCP: 443
          
Internet Access Gateway authentication service used for:
  • Browser-based or agent-less authentication
  • Diagnostic services
  • Integration with Secure Access modules for retrieving PAC files and other necessary information
auth.ztsa-iag.trendmicro.com
auth.mea.ztsa-iag.trendmicro.com
TCP: 80/443
  
     
Private Access service accessed by Secure Access Module and Private Access Connector
agent-mea-rel.ztna.trendmicro.com
TCP: 443
 
Private Access Connector download by users
download-mea-rel.ztna.trendmicro.com
TCP: 443
          
Private Access Connector CDT collect
saseztnaprodmeasagen2.blob.core.windows.net
TCP: 443
UDP: 443
        
Private Access Connector firmware upgrade
saseztnaprodmeasa.blob.core.windows.net
saseztnaprodussa.blob.core.windows.net
UDP: 443
        
Microsoft Azure IoT Hub
szn-prod-mea-cntevt-ihb.azure-devices.net
TCP: 443
UDP: 443
    
 
Speed test for Secure Access Module, Private Access Connector, and Private Access User Portal
Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following FQDNs:
  • speedtest.anz.ztna.trendmicro.com
  • speedtest.eu.ztna.trendmicro.com
  • speedtest.es.ztna.trendmicro.com
  • speedtest.de.ztna.trendmicro.com
  • speedtest.in.ztna.trendmicro.com
  • speedtest.jp.ztna.trendmicro.com
  • speedtest.tw.ztna.trendmicro.com
  • speedtest.sg.ztna.trendmicro.com
  • speedtest.us.ztna.trendmicro.com
  • speedtest.us2.ztna.trendmicro.com
  • speedtest.br.ztna.trendmicro.com
  • speedtest.mea.ztna.trendmicro.com
  • speedtest.qa.ztna.trendmicro.com
  • speedtest.is.ztna.trendmicro.com
  • speedtest.sa.ztna.trendmicro.com
  • speedtest.uk.ztna.trendmicro.com
  • speedtest.mx.ztna.trendmicro.com
  • speedtest.th.ztna.trendmicro.com
  • speedtest.co.ztna.trendmicro.com
  • speedtest.ca.ztna.trendmicro.com
TCP: 443
    
Private Access Static IP Pool of Cloud Relay Service
Private Access Connector automatically selects the site that has the lowest network latency. If you have configured firewalls, Trend Micro recommends adding all of the following IP pools:
  • 20.5.69.128/28 (for Australia)
  • 20.4.51.32/28 (for Europe)
  • 20.79.20.80/28 (for Germany)
  • 68.221.67.176/28 (for Spain)
  • 20.219.254.160/28 (for India)
  • 52.140.246.128/28 (for Japan)
  • 43.212.150.19 (for Taiwan)
  • 43.212.163.52 (for Taiwan)
  • 43.212.166.201 (for Taiwan
  • 43.212.91.165 (for Taiwan)
  • 43.212.97.18 (for Taiwan)
  • 43.213.14.43 (for Taiwan)
  • 43.213.21.117 (for Taiwan)
  • 43.213.33.189 (for Taiwan)
  • 52.187.118.64/28 (for Singapore)
  • 20.7.52.240/28 (for United States)
  • 40.65.58.32/28 (for Western United States)
  • 4.228.193.144/28 (for Brazil)
  • 20.74.229.224/28 (for MEA)
  • 20.21.245.64/28 (for Qatar - Private Preview)
  • 20.217.194.0/28 (for Israel)
  • 4.168.219.16/28 (for South Africa)
  • 20.58.44.64/28 (for United Kingdom)
  • 58.247.125.93 (for Colombia)
  • 149.130.184.138 (for Colombia)
  • 149.130.162.160 (for Colombia)
  • 149.130.183.98 (for Colombia)
  • 149.130.160.88 (for Colombia)
  • 149.130.190.146 (for Colombia)
  • 149.130.175.84 (for Colombia)
  • 149.130.166.108 (for Colombia)
  • 15.220.187.200 (for Mexico)
  • 15.220.190.4 (for Mexico)
  • 15.220.190.122 (for Mexico)
  • 15.220.190.204 (for Mexico)
  • 15.220.184.81 (for Mexico)
  • 15.220.190.169 (for Mexico)
  • 15.220.190.244 (for Mexico)
  • 15.220.190.68 (for Mexico)
  • 43.208.120.32 (for Thailand)
  • 43.208.208.14 (for Thailand)
  • 43.208.90.87 (for Thailand)
  • 43.209.32.217 (for Thailand)
  • 43.209.62.65 (for Thailand)
  • 43.209.72.106 (for Thailand)
  • 43.209.73.106 (for Thailand)
  • 43.209.82.71 (for Thailand)
  • 4.205.111.208/28 (for Canada)
TCP: 443
UDP: 443
    
Private Access Browser Access End User Portal
{Customer_Specified}.myapplications.mea.ztna.trendmicro.com
TCP: 443
      
 
Private Access Browser Access Proxy
{Customer_Specified}.edge.mea.ztna.trendmicro.com
TCP: 443
TCP: 8443
TCP: 80
      
 
Private Access Browser Access Proxy for Remote Desktop (RDP)
{Customer_Specified}.rdgw.mea.ztna.trendmicro.com
TCP: 443
TCP: 80
      
 
Private Access Connector NTP server
Default NTP servers are listed as follows. You can configure your own NTP servers.
  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • 3.pool.ntp.org
UDP: 123
        
P2P communication between Private Access Connector and Secure Access Module
Peer's internet IP address
UDP: random port number, greater than 10000