The following list contains the addresses and ports that should be whitelisted to allow access through the firewall:

• ddi60-p.activeupdate.trendmicro.com/activeupdate:443
• grid-global.trendmicro.com:443
• ddi600-en-domaincensus.trendmicro.com:443
• ddi600-en-census.trendmicro.com:443
• licenseupdate.trendmicro.com:443
• ddi6-0-en-t0.url.trendmicro.com:443
• rest.mars.trendmicro.com:443
• ddi60-en-f.trx.trendmicro.com:443
• intelliconnect.trendmicro.com:443
• ddi60-retroscan.trendmicro.com:443
• ddaaas.trendmicro.com:443
• ddi600-en.fbs25.trendmicro.com:443
• ddi60-threatconnect.trendmicro.com:443
• ddi6-0-en-wis.trendmicro.com:443
• ddi6-0-en.url.trendmicro.com:443

If you are using the vDDI and have enabled the Deep Discovery Analyzer as a Service Add-on (A hosted service that analyze possible threats), the following address should also be added:

• *.ddcloud.trendmicro.com:443

If DDI integrates with Deep Discovery Director-Network Analytics as a Service, the following address should also be added:

• *.nacloud.trendmicro.com:443

If DDI integrates with Trend Micro Vision One – Network Inventory, the following addresses should also be added:

• *.xdr.trendmicro.com:443
• *.dddxdr.trendmicro.com:443

If you use other features for example, Service Gateway in Trend Micro Vision One, other URLs should also be allowed based on services you use. Please refer Trend Micro Vision One Online Help: Firewall Requirements for Trend Micro Vision One.

It is highly recommended to test communications with Trend Micro backend services via the Network Service Diagnostics feature.

To run the Network Service Diagnostics, go to https://DDI_IP/html/troubleshooting.htm then click Network Service Diagnostics > Test.

For more service addresses and ports used by DDI 6.0, refer to Appendix D of the official Administration Guide.