【ES】Network Access Address Requirements Guide_All Versions
Addresses Requirements for On-Premises Endpoint Secure
For On-Premises Endpoint Secure, please allow the network traffic of the corresponding addresses according to the actual usage scenario.
It should be noted that when allowing the traffic of the corresponding domain name port, the upper-layer protocol must be allowed. For example, if only the traffic of port 443 is allowed but HTTPS traffic is not allowed, communication will fail.
| Manager Type | Domain or IP | Port | Description |
|---|---|---|---|
| On Premises | license.sangfor.com | TCP: 443 | Used to connect to the Online License Center to obtain license information. |
| On Premises | x.sangfor.com | TCP: 443 | Used to connect to the Online License Center to obtain license information. |
| On Premises | upd.sangfor.com | TCP: 443, 80 | Used to obtain version information of rule databases such as vulnerability databases. |
| On Premises | download.sangfor.com | TCP: 443, 80 | Used to obtain commonly used signature databases, such as vulnerability databases, virus databases, IOC, IOA, etc. |
| On Premises | update1.sangfor.net update2.sangfor.net update3.sangfor.net |
TCP: 443, 80 | Used to update SP patches. |
| On Premises | sp.sangfor.com sp1.sangfor.com sp2.sangfor.com sp3.sangfor.com |
TCP: 443 | Used to update SP patches. |
| On Premises | device.sangfor.com | TCP: 443, 80 | Used to connect to the Platform-X platform and integrate with SaaS Omni Command/Cyber Guardian. |
| On Premises | device.scloud.sangfor.com | TCP: 443, 80 | Used to connect to the Platform-X platform and integrate with SaaS Omni Command/Cyber Guardian. |
| On Premises | dlauth.sangfor.com | TCP: 443 | Used to integrate with SaaS Omni Command and upload data to the data lake. |
| On Premises | datalake.sangfor.com | TCP: 443 | Used to integrate with SaaS Omni Command and upload data to the data lake. |
| On Premises | analysis.sangfor.com | TCP: 443 | Cloud-based threat analysis |
| On Premises | intelligence.sangfor.com | TCP: 443 | Used to obtain IOC popular threat information. |
| On Premises | download.windowsupdate.com | TCP: 443, 80 | Microsoft’s official server for storing operating system vulnerability patches. |
| On Premises | auth.sangfor.com | TCP: 443 | When integrated with Neural-X, used for authentication of Neural-X. |
| On Premises | auth.sea.sangfor.com | TCP: 443 | When integrated with Neural-X, used for authentication of Neural-X. This domain is only used when integrating with the Cyber Guardian platform. |
| On Premises | clt.sangfor.com | TCP: 443, 80 | After you accept the Data Processing Agreement and End User License Agreement, Endpoint Secure will collect suspicious files to the cloud for analysis purposes, to provide better security services. We are committed to protecting your privacy. |
| On Premises | clt.sea.sangfor.com | TCP: 443, 80 | After you accept the Data Processing Agreement and End User License Agreement, Endpoint Secure will collect suspicious files to the cloud for analysis purposes, to provide better security services. We are committed to protecting your privacy. This domain is only used when integrating with the Cyber Guardian platform. |
Default Ports for On-Premises Endpoint Secure Manager
The following ports need to be allowed between the Endpoint Secure Agent and the on-premises manager:
| Destination Address | Port | Functionality |
|---|---|---|
| On-premises manager IP | TCP: 443 | WebUI access. |
| On-premises manager IP | TCP: 4430 | For Endpoint Secure Agent upgrade. 4430 is the default port in use, you can change it to other ports if needed. |
| On-premises manager IP | TCP: 8083 | Endpoint Secure Agent’s communication channel with the manager. |
| On-premises manager IP | TCP: 54120 | Endpoint Secure Agent’s communication channel with the manager. |
| On-premises manager IP | TCP: 22345 | For advanced troubleshooting. This port is closed by default, you can enable it via WebUI when needed. |
| On-premises manager IP | TCP: 4460 | Only used when integrating with Sangfor Network Secure, Cyber Command, etc. If you do not have Sangfor Network Secure, Cyber Command yet, it is not necessary to allow this port. |
Note:
The ports listed in the table above are the default fixed ports. The ports that the manager uses to connect to services such as cloud servers, proxy servers, mail servers, and syslog servers are random, and not fixed.
Addresses Requirements for SaaS Endpoint Secure
For SaaS Endpoint Secure, please allow the network traffic of the corresponding addresses according to the actual usage scenario.
It should be noted that when allowing traffic of the corresponding domain name port, the upper-layer protocol must be allowed. For example, if only the traffic of port 443 is allowed but HTTPS traffic is not allowed, communication will fail.
| Manager Type | Domain or IP | Ports | Description |
|---|---|---|---|
| SaaS | upd.sangfor.com | TCP: 443, 80 | Used to obtain version information of rule databases such as vulnerability databases. |
| SaaS | download.sangfor.com | TCP: 443, 80 | Used to obtain commonly used signature databases, such as vulnerability databases, virus databases, IOC, IOA, etc. |
| SaaS | download.sangfor.com.cn | TCP: 443, 80 | Used to obtain commonly used signature databases, such as vulnerability databases, virus databases, IOC, IOA, etc. This domain name is no longer used from Endpoint Secure 6.0.4 and later versions. |
| SaaS | edrsaas.sangfor.com | TCP: 8083, 443, 54120, 80 | One of the addresses of SaaS Endpoint Secure Manager. |
| SaaS | edragent.sangfor.com | TCP: 8083, 443, 54120, 80 | Used for communication between SaaS Endpoint Secure Manager and Agent. |
| SaaS | edrlinkage.sangfor.com | TCP: 443, | For SaaS Endpoint Secure integration with on-premises security appliances. |
| SaaS | 13.94.16.103 | ALL | The fixed address of SaaS Endpoint Secure, is used to provide syslog services. |
| SaaS | download.windowsupdate.com | TCP: 443, 80 | Microsoft’s official server for storing operating system vulnerability patches. |
| SaaS | update1.sangfor.net update2.sangfor.net update3.sangfor.net |
TCP: 443, 80 | Used to update SP patches. |
| SaaS | sp.sangfor.com sp1.sangfor.com sp2.sangfor.com sp3.sangfor.com |
TCP: 443 | Used to update SP patches. |