Scribd
Upload
87 views11 pages

Sangfor Endpoint Secure Required Network Access Address Requirements Guide - 20241111

The Sangfor Endpoint Secure Required Network Access Address Requirements Guide outlines the necessary network access addresses and ports for both On-Premises and SaaS versions of the Sangfor Endpoint Secure product. It includes specific domain names and their corresponding ports required for functionality, as well as a disclaimer regarding the content's applicability based on individual purchase agreements. The document is intended for all users and serves as a reference for ensuring proper network configuration for the product's operation.

Uploaded by

Duc Vu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
87 views11 pages

Sangfor Endpoint Secure Required Network Access Address Requirements Guide - 20241111

The Sangfor Endpoint Secure Required Network Access Address Requirements Guide outlines the necessary network access addresses and ports for both On-Premises and SaaS versions of the Sangfor Endpoint Secure product. It includes specific domain names and their corresponding ports required for functionality, as well as a disclaimer regarding the content's applicability based on individual purchase agreements. The document is intended for all users and serves as a reference for ensuring proper network configuration for the product's operation.

Uploaded by

Duc Vu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Sangfor Endpoint Secure Required Network Access Address Requirements Guide

Sangfor Endpoint Secure


Network Access Address Requirements
Guide

Product Version General

Document Version 01

Released on Nov. 11, 2024

Version 01 (Mar.24, 2021) Confidentiality: Public in Company 1


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

Copyright © Sangfor Technologies 2024. All rights reserved.

Unless otherwise stated or authorized, Sangfor Technologies (hereinafter referred to


as "Sangfor") and its affiliates reserve all intellectual property rights, including but not
limited to copyrights, trademarks, patents, and trade secrets, and related rights to text,
images, pictures, photographs, audio, videos, charts, colors, and layouts as presented
in or concerning this document and content therein. Without prior written consent of
Sangfor, this document and content therein must not be reproduced, forwarded,
adapted, modified or displayed or distributed by any other means for any purpose.

Disclaimer

Products, services or features described in this document, whether wholly or in part,


may be not within your purchase scope or usage scope. The products, services or
features you purchase must be subject to the commercial contract and terms as
agreed by you and Sangfor. Unless otherwise provided in the contract, Sangfor
disclaims warranties of any kind, either express or implied, for the content of this
document.

Due to product version upgrades or other reasons, the content of this document will
be updated from time to time. Unless otherwise agreed, this document is used for
reference only, and all statements, information, and recommendations therein do not
constitute any express or implied warranties.

Version 01 (Nov.11, 2024)


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

Technical Support
For technical support, please visit: https://www.sangfor.com/en/about-
us/contact-us/technical-support

Send information about errors or any product related problem to


[email protected].

Version 01 (Nov.11, 2024) 1


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

About This Document


This document describes the required network access addresses for Sangfor
Endpoint Secure.

Intended Audience
This document is intended for:
⚫ All Users.

Note Icons
English Icon Description

Indicates an imminently hazardous situation which, if not avoided,


will result in death or serious injury.

Indicates a potentially hazardous situation which, if not avoided,


could result in death or serious injury.

Indicates a hazardous situation, which if not avoided, could result


in minor or moderate injury.

Indicates a hazardous situation, which if not avoided, could result


in settings failing to take effect, equipment damage, or data loss.

NOTICE addresses practices not related to personal injury.

Calls attention to important information, best practices, and tips.

NOTE addresses information not related to personal injury or


equipment damage.

Change Log
Date Change Description

Nov. 11, 2024 This is the first release of this document.

Version 01 (Nov.11, 2024) 2


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

Contents
Technical Support ................................................................................................................... 1
Change Log .............................................................................................................................. 2
1 Addresses Requirements for On-Premises Endpoint Secure ........................................ 4
2 Default Ports for On-Premises Endpoint Secure Manager ............................................ 5
3 Addresses Requirements for SaaS Endpoint Secure ...................................................... 7

Version 01 (Nov.11, 2024) 3


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

1 Addresses Requirements for On-


Premises Endpoint Secure
For On-Premises Endpoint Secure, please allow the network traffic of the
corresponding addresses according to the actual usage scenario.

It should be noted that when allowing the traffic of the corresponding domain
name port, the upper-layer protocol must be allowed. For example, if only the
traffic of port 443 is allowed but HTTPS traffic is not allowed, communication
will fail.

Manager Type Domain or IP Port Description

license.sangfor.com TCP: 443 Used to connect to the Online


License Center to obtain
x.sangfor.com TCP: 443 license information.

Used to obtain version


information of rule databases
upd.sangfor.com TCP: 443, 80
such as vulnerability
databases.

Used to obtain commonly used


signature databases, such as
download.sangfor.com TCP: 443, 80
vulnerability databases, virus
databases, IOC, IOA, etc.

update1.sangfor.net
update2.sangfor.net TCP: 443, 80
update3.sangfor.net
On Premises
sp.sangfor.com Used to update SP patches.

sp1.sangfor.com
TCP: 443
sp2.sangfor.com
sp3.sangfor.com

device.sangfor.com TCP: 443, 80 Used to connect to the


Platform-X platform and

device.scloud.sangfor.com TCP: 443, 80 integrate with SaaS Omni


Command/Cyber Guardian.

dlauth.sangfor.com TCP: 443 Used to integrate with SaaS


Omni Command and upload
datalake.sangfor.com TCP: 443 data to the data lake.

analysis.sangfor.com TCP: 443 Cloud-based threat analysis

intelligence.sangfor.com TCP: 443 Used to obtain IOC popular

Version 01 (Nov.11, 2024) 4


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

threat information.

Microsoft's official server for


download.windowsupdate.com TCP: 443, 80 storing operating system
vulnerability patches.

When integrated with Neural-X,


auth.sangfor.com TCP: 443 used for authentication of
Neural-X.

When integrated with Neural-X,


used for authentication of
auth.sea.sangfor.com TCP: 443 Neural-X. This domain is only
used when integrating with the
Cyber Guardian platform.

After you accept the Data


Processing Agreement and End
User License Agreement,
Endpoint Secure will collect
clt.sangfor.com TCP: 443, 80 suspicious files to the cloud for
analysis purposes, to provide
better security services. We are
committed to protecting your
privacy.

After you accept the Data


Processing Agreement and End
User License Agreement,
Endpoint Secure will collect
suspicious files to the cloud for
clt.sea.sangfor.com TCP: 443, 80 analysis purposes, to provide
better security services. We are
committed to protecting your
privacy. This domain is only
used when integrating with the
Cyber Guardian platform.

2 Default Ports for On-Premises


Endpoint Secure Manager
The following ports need to be allowed between the Endpoint Secure Agent
and the on-premises manager:

Destination Address Port Functionality

Version 01 (Nov.11, 2024) 5


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

TCP: 443 WebUI access.

For Endpoint Secure Agent upgrade.


TCP: 4430 4430 is the default port in use, you can change
it to other ports if needed.

TCP: 8083 Endpoint Secure Agent's communication

TCP: 54120 channel with the manager.

For advanced troubleshooting.


On-premises manager IP
TCP: 22345
This port is closed by default, you can enable it
via WebUI when needed.

Only used when integrating with Sangfor


Network Secure, Cyber Command, etc.

TCP: 4460
If you do not have Sangfor Network Secure,
Cyber Command yet, it is not necessary to allow
this port.

The ports listed in the table above are the default fixed ports. The ports that the manager

uses to connect to services such as cloud servers, proxy servers, mail servers, and syslog

servers are random, and not fixed.

Version 01 (Nov.11, 2024) 6


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

3 Addresses Requirements for SaaS


Endpoint Secure
For SaaS Endpoint Secure, please allow the network traffic of the
corresponding addresses according to the actual usage scenario.

It should be noted that when allowing traffic of the corresponding domain


name port, the upper-layer protocol must be allowed. For example, if only the
traffic of port 443 is allowed but HTTPS traffic is not allowed, communication
will fail.

Manager
Domain or IP Ports Description
Type

Used to obtain version information


upd.sangfor.com TCP: 443, 80 of rule databases such as
vulnerability databases.

Used to obtain commonly used


signature databases, such as
download.sangfor.com TCP: 443, 80
vulnerability databases, virus
databases, IOC, IOA, etc.

Used to obtain commonly used


signature databases, such as
vulnerability databases, virus
download.sangfor.com.cn TCP: 443, 80 databases, IOC, IOA, etc. This
domain name is no longer used
from Endpoint Secure 6.0.4 and
later versions.
SaaS
TCP: 8083, 443, One of the addresses of SaaS
edrsaas.sangfor.com
54120, 80 Endpoint Secure Manager.

Used for communication between


TCP: 8083, 443,
edragent.sangfor.com SaaS Endpoint Secure Manager
54120, 80
and Agent.

For SaaS Endpoint Secure


edrlinkage.sangfor.com TCP: 443, integration with on-premises
security appliances.

The fixed address of SaaS Endpoint


13.94.16.103 ALL Secure, is used to provide syslog
services.

Microsoft's official server for


download.windowsupdate.com TCP: 443, 80
storing operating system

Version 01 (Nov.11, 2024) 7


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

vulnerability patches.

update1.sangfor.net
update2.sangfor.net TCP: 443, 80
update3.sangfor.net

sp.sangfor.com Used to update SP patches.

sp1.sangfor.com
TCP: 443
sp2.sangfor.com
sp3.sangfor.com

Version 01 (Nov.11, 2024) 8


Sangfor Endpoint Secure Required Network Access Address Requirements Guide

Version 01 (Nov.11, 2024) 9

You might also like