URLs/IP addresses and ports required for Advanced EPDR/EDR products

URLs/IP addresses and ports required for Advanced EPDR/EDR products

By November 26, 2020May 10th, 2023Support
+34 900 840 407
support@cytomic.ai

URLs/IP addresses and ports required for Advanced EPDR/EDR products to communicate with the server

Related Products_
  • Advanced EPDR
  • Advanced EDR

In order to install and operate Advanced EPDR/EDR products or if you have a firewall, a proxy server or other network restrictions, you need to allow access to certain URLs/IPs and ports.

Communications with the server/console, with the Updates and Upgrades server and with the Collective Intelligence server_
  • https://*.pandasecurity.com
    • Download of installers, generic uninstaller and policies
    • Agent communications (registry, configuration, tasks, actions, states, etc.)
    • Comunications of the protection and the Collective Intelligence
    • Download of signature files
    • Performance counters (CPU, memory and disk)
    • Notifications every 15 minutes if no real time is available
    • Connectivity test for Windows protection versions lower than v8.00.16
  • https://*.rc.pandasecurity.com
    • Remote Access from Advanced EPDR/EDR
    • Remote Access from Orion
  • https://rp.cloud.threatseeker.com
    • Web Access Control
  • https://pandasecurity.devo.com
    • Access to Advanced Visualization Tool
Root certificates_

Root certificates must be updated, and, additionally it is required that the endpoints can access the following URLs, regardless of the proxy settings defined centrally defined from the web console:

  • http://*.globalsign.com
  • http://*.globalsign.net
  • http://*.digicert.com
  • http://*.sectigo.com

For detailed information on how to update the root certificates, please check this article.

Incoming and outgoing traffic (Antispam and URL Filtering)_
  • For Windows protection version lower than v8.00.18, allow:
    • http://*.ctmail.com
  • For Windows protection version equal to or later than v8.00.18, allow:
    • https://rp.cloud.threatseeker.com

*NOTE: Due to a change of technology between protection versions v8.00.17 and v8.00.18 and until all the computers in the network are in versions v8.00.18 or later, it is advisable to maintain access to both URLs. Once all computers are upgraded with the latest version, then you will be able to remove access to the first URL.

Necessary ports_
  • Port 80 (HTTP)
  • Port 443 (HTTPS, websocket)
  • Port 8080 (remote access from Orion)
IP addresses required in case it is not possible to allow URLs_
  • 91.216.218.0/24
  • 20.234.90.191
  • 137.135.229.184

For Windows protection version lower than v8.00.18 included in Release XI:

  • 84.39.157.9
  • 84.39.157.1
  • 216.163.188.45

For connections with the remote shell from Orion:

  • 142.4.215.12
  • 51.91.126.6
  • 51.91.126.20
  • 54.38.188.203
  • 54.38.189.99
  • 51.77.149.216
  • 51.77.149.200
Related information_

URLs required for Cytomic Patch to work