This article lists the most common inquiries on Hosted Email Security (HES) 2.0 migration.
The IP ranges 220.127.116.11/24 & 18.104.22.168/24 are already in allowed in our firewalls. Do we still need to add the following IP ranges: 22.214.171.124/19 & 126.96.36.199/20)?
There is no need to add these IPs. However, it is highly recommended to edit the firewall settings to allow these higher IPs.
This is a large range 188.8.131.52/16? Is HES using this? Do I need to add it?
Yes, these IPs are being used by HES inside our own network and some fallback Mail Transfer Agents (MTAs) as well. If something happens to the main network, we can revert to this IPs to send the emails to our customers.
Do I need to add both of the new additional ranges (184.108.40.206/25 & 220.127.116.11/26) in our allowed IP list on our firewall?
Yes, this is the main network of HES 2.0 to send emails to customer. You need to allow these ranges in your firewall.
Can I directly upgrade to the new version?
The upgrade will be done by Trend Micro backend team. However, you still need to do the required changes that were sent to your email. Refer to the following KB article for more information: Required actions to perform before or after migrating from Hosted Email Security (HES) 1.9 to 2.0.
Do I need to update my current Sender Policy Framework (SPF) for this migration?
Yes. For more information, refer to the following KB article: Emails sent via Hosted Email Security (HES) outbound filtering are blocked by some destination mail servers.
Our domain is already pointed to in.hes.trendmicro.com. Do we still need to change the MX record based on the given instruction?
There is no need to change the MX record. You are already using 2.0.