Here is a list of communication ports that TMCM  Apex Central uses:

HTTP console port of TMCM / Apex Central

• Source: Trend Micro products and administrators who will connect to the web browser
• Destination: TMCM / Apex Central
• Destination Port: TCP port 80 by default. This can vary, depending on the IIS settings of each customer.
• Details: HTTP port of website where TMCM / Apex Centralis configured. TMCM / Apex Centralis placed in the default website. MCP agents use this port to connect to the TMCM
  / Apex Central server, and vice versa if the low security option is selected, or when the medium option is selected and HTTPS is unavailable. Products also connect to the HTTP port to download updates.

HTTPS console port of TMCM / Apex Central

• Source: Trend Micro products and administrators who will connect to the web browser
• Destination: TMCM / Apex Central
• Destination Port: TCP port 443 by default. This may vary depending on the IIS settings of each customer.
• Details: HTTPS port of website where TMCM / Apex Centralis configured. TMCM / Apex Central is placed in the default website. MCP agents use this port to connect to the TMCM / Apex Central server, and vice versa if the low security option is selected, or when the medium option is selected and HTTPS is unavailable. Some products also connect to the HTTPS port to download updates.

TMI proprietary port (From TMCM/ Apex Central to TMI Agent)

• Source: Trend Micro products that use TMI Agent
• Destination: TMCM / Apex Central
• Destination Port: TCP port 10319
• Details: TMI-based agents use this port to connect to the server and vice versa. Examples are Trend Micro ServerProtect and ScanMail for Domino for AS400.

MI proprietary port (From TMI Agent to TMCM/ Apex Central)

• Source: TMCM / Apex Central
• Destination: Trend Micro products that use TMI Agent
• Destination Port: TCP port 10319
• Details: TMI-based agents use this port to connect to the server and vice versa. Examples are Trend Micro ServerProtect and ScanMail for Domino for AS400.

TMI Interprocess port

• Source: Control Manager / Apex Central server
• Destination: TMCM / Apex Central server
• Destination Port: TCP port 10198
• Details: In case that customers enable server firewall, please make sure to port this internal communication port.

Heartbeat processes of TMCM/ Apex Central agents

• Source: Trend Micro products
• Destination: TMCM / Apex Central server
• Destination Ports:

  UDP 10319 – Heartbeat port for TMI-based agents
  UDP 10323 – Heartbeat port for MCP-based agents

• Details: This port is used by the Control Manager / Apex Central server to listen if the products are still alive.

Web service-based agents

• Description: For Web Service-based agents, the TMCM / Apex Central server must be able to connect to the console of the product.
• Source: TMCM / Apex Central server
• Destination: Trend Micro products

  TCP port 4119 – Deep Security port, Vulnerability Protection
  TCP port 4343 – Officescan console port, Trend Micro Security for Macintosh port
  TCP port 8080 – Endpoint Encryption port

Cloud-based products

• Source: TMCM / Apex Central server
• Destination: sco-nabu.trendmicro.com
• Destination ports: TCP ports 80 and 443
• Details: The TMCM / Apex Central server connects to the this website to get information about cloud-based products (Hosted Email Security, Interscan Web Security as a Service, Worry-free Business Security Services).

SMTP port for notifications (Optional)

• Source: TMCM / Apex Central server
• Destination: SMTP Service
• Destination Port: TCP 25 by default. This can vary depending on the SMTP service used by customers.
• Details: TMCM / Apex Central may send notifications by SMTP service

Syslog port for notifications (Optional)

• Source: TMCM / Apex Central server
• Destination: Syslog server used by customers
• Destination Port: UDP 514. This can vary depending on the Syslog servers used by customers.
• This is the default destination port for sending TMCM / Apex Central data to a named syslog server.

MSN Instant Messaging Protocol for notifications (Optional)

• Source: TMCM / Apex Central server
• Destination: MSN online services. http://*.messenger.msn.com.
• Destination Port: TCP 1863
• Details: Msn ports for notifications.

Trend Micro Network Time protocol (in case service is started; Optional)

• Source: Trend Micro products
• Destination: TMCM
• Destination Port: UDP 123
• Details: It is possible to use TMCM as a Network Time Server. This is done by enabling the Trend Micro Network Time Service and disabling the Windows time service on the local machine. This is mostly for appliance-based products, to allow TMCM and appliance to have the same time. This is not recommended to be used anymore.