Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

URLs to be allowed through the firewall of Trend Micro XDR

    • Updated:
    • 8 Oct 2020
    • Product/Version:
    • Trend Micro XDR All
    • Platform:
    • N/A
Summary

This article lists the different addresses and ports of the services used by Trend Micro XDR that should have the "Allow" rule on firewall.

Details
Public

The following lists contains the addresses and ports that should be allowed through the firewall:

For customers who have never had a Full/Trial iES license or EDR license can get complimentary XDR licenses for 10% of the licensed seats.

The following common URLs will need to be available for the server and agents:

  • *.xdr.trendmicro.com:443
  • *.xbc.trendmicro.com:443
  • *.mgcp.trendmicro.com:443
  • *.manage.trendmicro.com:443

For JP region:

  • *.xdr.trendmicro.com:443
  • *.xbc.trendmicro.com:443
  • *.mgcp.trendmicro.com:443
  • *.manage.trendmicro.com:443
  • *.xdr.trendmicro.co.jp:443

For customers who have Apex One as a Service, Cloud App Security, Cloud One - Workload Security, Deep Discovery Director with corresponded paid XDR Add-on.

Apex One Apex One as a Service

If customer's Apex One SaaS is integrated with Trend Micro XDR, the following address should be allowed for agents uploading activity data up to datalake:

  • *.etdl.trendmicro.com:443

As for accessing the Apex One SaaS manage portal, and the communication between server and agent, refer to KB 1119967.

Cloud App Security

If customer integrates Cloud App Security with Trend Micro XDR, no additional URL need to be allowed.

As for access the Cloud App Security's manage portal, the following URL should be available to customer:

  • *.tmcas.trendmicro.com:443

CloudOne Workload Security

If customer integrates with Trend Micro XDR with Cloud One - Workload Security, the agent basically utilizes the existing connection to the manager.

For URLs that should be allowed between agent and manager or backend services, refer to the Workload Security URLs section in the Cloudone Documentation page.

Deep Discovery

If customer integrates with Trend Micro XDR with Deep Discovery Director On-Prem, the extra addresses should be allowed are the following:

  • *.xdr.trendmicro.com:443
  • *.nacloud.trendmicro.com:443

If customer integrates with Trend Micro XDR with Deep Discovery Director Cloud, the extra addresses should be allowed are the following:

  • *.xdr.trendmicro.com:443
  • *.nacloud.trendmicro.com:443
  • *.dddxdr.trendmicro.com:443

For more details, refer to the KB article: URLs to be allowed through the firewall of Deep Discovery Inspector (DDI) 5.6 Service Pack 1 (SP1).

For customers who only have Endpoint Protection Platform product license, including "Apex One On-Premises and Deep Security On-Premises", and would like to integrate with XDR by using XDR standalone endpoint sensor.

The following common URLs will need to be available for the server and/or agents:

XDR Endpoint Sensor (Windows):

  • *.xdr.trendmicro.com:443
  • *.xbc.trendmicro.com:443
  • *.mgcp.trendmicro.com:443
  • *.manage.trendmicro.com:443

XDR Endpoint Sensor (Linux):

  • *.xdr.trendmicro.com:443
  • *.xbc.trendmicro.com:443
  • *.mgcp.trendmicro.com:443
  • *.activeupdate.trendmicro.com
  • iaus.trendmicro.com
  • ipv6-iaus.trendmicro.com
  • ds200-en.fbs25.trendmicro.com
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000260744
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.