Port numbers, URLs, and IP addresses

Deep Security default port numbers, URLs, IP addresses, and protocols are listed in the sections below. If a port, URL or IP address is configurable, a link is provided to the relevant configuration page.

If your network uses a proxy or load balancer, you can configure Deep Security to connect to it instead of directly to the components listed on this page. For details, see Configure proxies and Load Balancers.

In addition to the ports on this page, Deep Security uses ephemeral ports when opening a socket (source port). Under rare circumstances these may be blocked, causing connectivity issues. For details, see Activation Failed - Blocked port.

Deep Security port numbers

The following diagram shows the default ports in a Deep Security system. For details, see the table below the diagram.

In the table below:

  • 'Mandatory ports' refer to ports that must be opened to ensure the proper functioning of the Deep Security system.
  • 'Optional ports' refer to ports that may be opened depending on the feature or component you want to deploy.
  • 'Port' is used in place of 'port number' for brevity.

Port type Default port number and protocol
Deep Security Agent/Appliance listening (inbound) port

Mandatory port:

  • 4118/HTTPS — Deep Security Agent/appliance port. Leave 4118/HTTPS closed if you plan on using agent-initiated communication. Only open it if you plan on using bidirectional or manager-initiated communication. By default, bidirectional communication is used, which is why 4118/HTTPS is listed here as 'mandatory'. See Agent-manager communication for details.
Deep Security Agent/Appliance outbound ports

Mandatory ports:

  • 53/DNS over TCP or UDP — DNS server port
  • 80/HTTP, 443/HTTPS — Smart Protection Network port
  • 123/NTP over UDP — NTP server port
  • 4119/HTTPS — Deep Security Manager GUI and API port
  • 4120/HTTPS — Deep Security Manager agent heartbeat port. Allow 4120/HTTPS if you are using bidirectional or agent-initiated communication. Close it if you are using manager-initiated communication. By default, bidirectional communication is used, which is why 4120/HTTPS is listed here as 'mandatory'. See Agent-manager communication for details.
  • 4122/HTTPS — Deep Security Relay port.

Optional ports:

Deep Security Relay listening (inbound) ports
  • Allow the agent listening port, since it applies to the relay too
  • 4122/HTTPS — Deep Security Replay port
  • 4123 — This port is for communication between the agent and its own internal relay

Port 4123 should not be listening to connections from other computers, and you don't need to configure it in network firewall policies. But if you have firewall software (such as Windows Firewall or iptables) on the relay itself, verify that it does not block this connection to itself. Also verify that other applications do not use the same port (a port conflict).

Deep Security Relay outbound ports
  • 80/HTTP, 443/HTTPS — Trend Micro Update Server/Active Update and Download Center ports
  • 4122 — port of other Deep Security Relays
Deep Security Manager listening (inbound) ports

Mandatory ports:

  • 4119/HTTPS — Deep Security Manager GUI and API port
  • 4120/HTTPS — Deep Security Manager agent heartbeat port. Allow 4120/HTTPS if you are using bidirectional or agent-initiated communication. Close it if you are using manager-initiated communication. By default, bidirectional communication is used, which is why 4120/HTTPS is listed here as 'mandatory'. See Agent-manager communication for details.

Deep Security Manager (outbound ports)

Mandatory ports:

  • 53/DNS over TCP or UDP — DNS server port
  • 80/HTTP, 443/HTTPS — These ports are used by various Deep Security cloud services, Smart Protection Network services, Trend Micro Apex Central, Deep Discovery Analyzer, VMware components (vCenter, ESXi, NSX), Whois server, AWS API, and Azure API, and Google Cloud Platform (GCP) API) 80 and 443 are configurable depending on the service being accessed. You can configure Trend Micro Apex Central and Deep Discovery Analyzer ports, NSX and vCenter ports, and the Whois port.
  • 123/NTP over UDP — NTP server port number. The NTP server can be Trend Micro Apex Central.
  • Deep Security Manager's database server port numbers. Select from:
    • 1433/SQL over TCP or UDP  — Microsoft SQL database port
    • 1433/SQL over TCP — Azure SQL Database port
    • 1521/SQL over TCP — Oracle database port
    • 5432/SQL over TCP — PostgreSQL database port
    • 11000-11999/SQL and 14000-14999/SQL over TCP — These are additional Azure SQL Database ports. Allow ports 11000-11999 and 14000-14999—in addition to 1433—if you are using Azure SQL Database and your Deep Security Manager runs within the Azure cloud boundary. If your manager runs outside the Azure cloud boundary, you only need to allow port 1433 to Azure SQL Database. For details, see this Azure document.
  • 4118/HTTPS — Deep Security Agent/appliance port. Leave 4118/HTTPS closed if you plan on using agent-initiated communication. Only open it if you plan on using bidirectional or manager-initiated communication. By default, bidirectional communication is used, which is why 4118/HTTPS is listed here as 'mandatory'. See Agent-manager communication for details.
  • 4122/HTTPS — Deep Security Relay port.

Optional ports:

Deep Security URLs

If you need to restrict the URLs that are allowed in your environment, read this section.

You'll need to make sure your firewall allows traffic from the 'Source' to the 'Destinations' listed in the table below. For each FQDN, make sure you allow access to its associated HTTP and HTTPS URLs. For example, for the FQDN files.trendmicro.com, allow access to http://files.trendmicro.com:80 and https://files.trendmicro.com:443.

Source Destination server or service name Destination fully-qualified domain name (FQDN)
API clients Deep Security APIs
  • <manager FQDN or IP>:4119/webservice/Manager?WSDL
  • <manager FQDN or IP>:4119/api
  • <manager FQDN or IP>:4119/rest
Legacy REST API clients Deep Security legacy REST API's Status Monitoring API
  • <manager FQDN or IP>:4119/rest/status/manager/ping
Deep Security Manager, Deep Security Agent/Appliance, Deep Security Relay

Download Center or web server

Hosts software.

  • files.trendmicro.com
Deep Security Manager

Smart Protection Network -
Certified Safe Software Service (CSSS)

Used for event tagging with Integrity Monitoring.

  • gacl.trendmicro.com
  • grid-global.trendmicro.com
  • grid.trendmicro.com
Deep Security Manager

XDR

Used to Integrate with XDR.

  • *.xdr.trendmicro.com:443
  • *.xbc.trendmicro.com:443
  • *.mgcp.trendmicro.com:443
  • *.manage.trendmicro.com:443
  • *.xdr.trendmicro.co.jp:443 (for Japanese regions)
Deep Security Agent/Appliance

Smart Protection Network -
Global Census Service

Used for behavior monitoring, and predictive machine learning.

20.0 and later agents/appliances connect to:

  • ds2000-en-census.trendmicro.com
  • ds2000-jp-census.trendmicro.com

12.0 and later agents/appliances connect to:

  • ds1200-en-census.trendmicro.com
  • ds1200-jp-census.trendmicro.com

11.0 and later agents/appliances connect to:

  • ds1100-en-census.trendmicro.com
  • ds1100-jp-census.trendmicro.com

10.2 and 10.3 agents/appliances connect to:

  • ds1020-en-census.trendmicro.com
  • ds1020-jp-census.trendmicro.com
  • ds1020-sc-census.trendmicro.com

10.1 and 10.0 agents/appliances connect to:

  • ds1000-en.census.trendmicro.com
  • ds1000-jp.census.trendmicro.com
  • ds1000-sc.census.trendmicro.com
  • ds1000-tc.census.trendmicro.com
Deep Security Agent/Appliance

Smart Protection Network -
Good File Reputation Service

Used for behavior monitoring, predictive machine learning, and process memory scans.

20.0 and later agents/appliances connect to:

  • deepsec20-en.gfrbridge.trendmicro.com
  • deepsec20-jp.gfrbridge.trendmicro.com

12.0 and later agents/appliances connect to:

  • deepsec12-en.gfrbridge.trendmicro.com
  • deepsec12-jp.gfrbridge.trendmicro.com

11.0 and later agents/appliances connect to:

  • deepsec11-en.gfrbridge.trendmicro.com
  • deepsec11-jp.gfrbridge.trendmicro.com

10.2 and 10.3 agents/appliances connect to:

  • deepsec102-en.gfrbridge.trendmicro.com
  • deepsec102-jp.gfrbridge.trendmicro.com

10.1 and 10.0 agents/appliances connect to:

  • deepsec10-en.grid-gfr.trendmicro.com
  • deepsec10-jp.grid-gfr.trendmicro.com
  • deepsec10-cn.grid-gfr.trendmicro.com
Deep Security Agent/Appliance Smart Protection Network -
Smart Feedback

20.0 and later agents/appliances connect to:

  • ds200-en.fbs25.trendmicro.com
  • ds200-en.fbs25.trendmicro.com

12.0 and later agent/appliance connect to:

  • ds120-en.fbs25.trendmicro.com
  • ds120-jp.fbs25.trendmicro.com

11.0 and later agents/appliances connect to:

  • deepsecurity1100-en.fbs25.trendmicro.com
  • deepsecurity1100-jp.fbs25.trendmicro.com

10.0 agents/appliances connect to:

  • deepsecurity1000-en.fbs20.trendmicro.com 
  • deepsecurity1000-jp.fbs20.trendmicro.com
  • deepsecurity1000-sc.fbs20.trendmicro.com
Deep Security Agent/Appliance Smart Protection Network -
Smart Scan Service

20.0 and later agents/appliances connects to:

  • ds20.icrc.trendmicro.com
  • ds20-jp.icrc.trendmicro.com

12.0 and later agents/appliances connect to:

  • ds120.icrc.trendmicro.com
  • ds120-jp.icrc.trendmicro.com

11.0 and later agents/appliances connect to:

  • ds110.icrc.trendmicro.com
  • ds110-jp.icrc.trendmicro.com

10.2 and 10.3 agents/appliances connect to:

  • ds102.icrc.trendmicro.com
  • ds102-jp.icrc.trendmicro.com
  • ds102-sc.icrc.trendmicro.com.cn

10.1 and 10.0 agents/appliances connect to:

  • ds10.icrc.trendmicro.com
  • ds10.icrc.trendmicro.com/tmcss/
  • ds10-jp.icrc.trendmicro.com/tmcss/
  • ds10-sc.icrc.trendmicro.com.cn/tmcss/

9.6 and 9.5 agents/appliances connect to:

  • iaufdbk.trendmicro.com
  • ds96.icrc.trendmicro.com
  • ds96-jp.icrc.trendmicro.com
  • ds96-sc.icrc.trendmicro.com.cn
  • ds95.icrc.trendmicro.com
  • ds95-jp.icrc.trendmicro.com
  • ds95-sc.icrc.trendmicro.com.cn
Deep Security Agent/Appliance

Smart Protection Network -
predictive machine learning

20.0 and later agents/appliances connect to:

  • ds20-en-b.trx.trendmicro.com
  • ds20-jp-b.trx.trendmicro.com
  • ds20-en-f.trx.trendmicro.com
  • ds20-jp-f.trx.trendmicro.com

12.0 and later agents/appliances connect to:

  • ds120-en-b.trx.trendmicro.com
  • ds120-jp-b.trx.trendmicro.com
  • ds120-en-f.trx.trendmicro.com
  • ds120-jp-f.trx.trendmicro.com

11.0 and later agents/appliances connect to:

  • ds110-en-b.trx.trendmicro.com
  • ds110-jp-b.trx.trendmicro.com
  • ds110-en-f.trx.trendmicro.com
  • ds110-jp-f.trx.trendmicro.com

10.2 and 10.3 agents/appliances connect to:

  • ds102-en-f.trx.trendmicro.com
  • ds102-jp-f.trx.trendmicro.com
  • ds102-sc-f.trx.trendmicro.com
Deep Security Agent/Appliance Smart Protection Network -
Web Reputation Service

20.0 and later agents/appliances connect to:

  • ds20-0-en.url.trendmicro.com
  • ds20-0-jp.url.trendmicro.com

12.0 and later agents/appliances connect to:

  • ds12-0-en.url.trendmicro.com
  • ds12-0-jp.url.trendmicro.com

The 11.0 and later agents/appliances connect to:

  • ds11-0-en.url.trendmicro.com
  • ds11-0-jp.url.trendmicro.com

10.2 and 10.3 agents/appliances connect to:

  • ds10-2-en.url.trendmicro.com
  • ds10-2-sc.url.trendmicro.com.cn
  • ds10-2-jp.url.trendmicro.com

10.1 and 10.0 agents/appliances connect to:

  • ds100-en.url.trendmicro.com
  • ds100-sc.url.trendmicro.com
  • ds100-jp.url.trendmicro.com

9.6 and 9.5 agents/appliances connect to:

  • ds96-en.url.trendmicro.com
  • ds96-jp.url.trendmicro.com
  • ds95-en.url.trendmicro.com
  • ds95-jp.url.trendmicro.com
Deep Security Manager Help and support
  • help.deepsecurity.trendmicro.com
  • success.trendmicro.com/product-support/deep-security
Deep Security Manager Licensing and registration servers
  • licenseupdate.trendmicro.com
  • clp.trendmicro.com
  • olr.trendmicro.com
Deep Security Manager News feed
  • news.deepsecurity.trendmicro.com
  • news.deepsecurity.trendmicro.com/news.atom
  • news.deepsecurity.trendmicro.com/news_ja.atom
Browser on Deep Security Agent computers, and the computer used to log in to Deep Security Manager Site Safety

Optional. There are links to the URLs below within the manager UI and on the agent's 'Your administrator has blocked access to this page for your safety' page.

  • sitesafety.trendmicro.com
  • jp.sitesafety.trendmicro.com
Deep Security Relay, and Deep Security Agent/Appliance

Update Server (also called Active Update)

Hosts security updates.

  • iaus.activeupdate.trendmicro.com
  • iaus.trendmicro.com
  • ipv6-iaus.trendmicro.com
  • ipv6-iaus.activeupdate.trendmicro.com
Deep Security Manager

AWS and Azure URLs

Used for
adding AWS accounts, Azure accounts and Google Cloud Platform (GCP) service accounts to Deep Security Manager.

 

AWS URLs

  • URLs of AWS endpoints listed on this AWS page, under these headings:
    • Amazon Elastic Compute Cloud (Amazon EC2)
    • AWS Security Token Service (AWS STS)
    • AWS Identity and Access Management (IAM)
    • Amazon WorkSpaces

Azure URLs

  • login.windows.net (authentication)
  • login.microsoftonline.com (authentication)
  • management.azure.com (Azure API)
  • login.microsoftonline.us (authentication to Azure Government)
  • management.usgovcloudapi.net (authentication to Azure Government)
  • management.core.windows.net (Azure API)

The management.core.windows.net URL is only required if you used the v1 Azure connector available in Deep Security Manager 9.6 to add an Azure account to the manager. With Deep Security Manager 10.0 and later, a v2 connector is used, and does not require access to this URL.

GCP URLs

  • oauth2.googleapis.com (authentication)
  • www.googleapis.com (GCP API)
  • cloudresourcemanager.googleapis.com (GCP API)
Deep Security Manager

Telemetry service

Used for anonymous Deep Security Product Usage Data Collection.

  • telemetry.deepsecurity.trendmicro.com