[KB332] Ports and addresses required to use your ESET product with a third-party firewall

Issue

Solution

TCP/UDP port 53535 must be open

To resolve ESET product that has limited Direct Cloud connectivity issue, TCP/UDP port 53535 must be open.

Your ESET product communicates with resources on the internet over standard HTTP protocol on Port 80, or over HTTPS on Port 443.

To resolve your issue, the following hosts in each ESET component must be made accessible:

To download detection engine updates:

View list of IP addresses in a text file

Hostname
um01.eset.com
um02.eset.com
um03.eset.com
um04.eset.com
um05.eset.com
um06.eset.com
um07.eset.com
um08.eset.com
um09.eset.com
um10.eset.com
um11.eset.com
um12.eset.com
um13.eset.com
um14.eset.com
um15.eset.com
um21.eset.com
um23.eset.com
um01.ru.eset.com
um01.cn.eset.com
IP address
91.228.166.13
91.228.166.14
91.228.166.15
91.228.166.16
91.228.167.132
91.228.167.133
38.90.226.36
38.90.226.37
38.90.226.38
38.90.226.39
91.228.166.88
91.228.167.170
38.90.226.40
185.94.157.10
185.94.157.11
91.228.167.26
91.228.167.21
188.225.81.21
119.29.72.159

To download detection engine updates, use this hostname:

  • update.eset.com

To download detection engine updates only from servers located in a specific region, select one of these hostnames:

  • Europe: eu-update.eset.com
  • US: us-update.eset.com

To download pico updates (ESET Endpoint Antivirus 7.x / ESET Endpoint Security 7.x):

Hostname
pico.eset.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
IP address
38.90.226.37
38.90.226.38
38.90.226.39
38.90.226.40
91.228.166.14
91.228.166.15
91.228.166.16
91.228.166.88
91.228.167.21
91.228.167.26
91.228.167.133
91.228.167.170
185.94.157.10
185.94.157.11
119.29.72.159

To download product installers, updates:

Service
download.eset.com
 
 
IP address
91.228.166.154
91.228.167.190
38.90.226.111


To see the expiration date:

View list of IP addresses in a text file

Hostname
expire.eset.com
 
edf.eset.com
 
 
 
 
IP address
91.228.165.81
91.228.167.125
40.114.143.2
13.64.117.133
13.91.57.145
13.64.23.53
13.91.140.245

To send support requests using the Support request function:

Hostname
suppreq.eset.eu
 
IP address
91.228.165.114
91.228.167.111

To allow communication with ESET Secure Authentication Provisioning Server (two-factor authentication):

View list of IP addresses in a text file

Hostname IP address Port
ecp.eset.systems 13.91.140.245 443
13.64.23.53
esa.eset.com
m.esa.eset.com
91.228.167.115 443
91.228.167.120
91.228.167.122
91.228.167.152

Servers:

Hostname
h3-esa2-01-v.eset.com
h3-esa2-02-v.eset.com
h3-esa2-03-v.eset.com
h3-esa2-04-v.eset.com
repository.eset.com
IP address
91.228.167.115
91.228.167.122
91.228.167.120
91.228.167.152
 

To use the online reputation database (ESET LiveGrid):

  • Ensure the following ports are open: TCP 80, TCP 53535, UDP 53535
  • The IP addresses below have to be enabled for HTTP port 80
  • Access to your local DNS server is required for DNS queries on UDP port 53

View list of IP addresses in a text file

Hostname
h1-c01.eset.com
h1-c02.eset.com
h1-c03.eset.com
h1-c04.eset.com
h1-c05.eset.com
h3-c01.eset.com
h3-c02.eset.com
h3-c03.eset.com
h3-c04.eset.com
h5-c01.eset.com, 38-90-226-11.ptr.eset.com
h5-c02.eset.com, 38-90-226-12.ptr.eset.com
h5-c03.eset.com, 38-90-226-13.ptr.eset.com
IP address
91.228.166.45
91.228.166.46
91.228.165.43
91.228.165.44
91.228.166.52
91.228.167.137
91.228.167.43
91.228.167.46
91.228.167.103
38.90.226.11
38.90.226.12
38.90.226.13

Domains used by ESET LiveGrid:

Hostnames
a.cwip.eset.com
ae.cwip.eset.com
avcloud.e5.sk
c.cwip.eset.com
ce.cwip.eset.com
dnsj.e5.sk
dnsje.e5.sk
i1.cwip.eset.com
i1e.cwip.eset.com
i3.cwip.eset.com
i4.cwip.eset.com
i4e.cwip.eset.com
u.cwip.eset.com
ue.cwip.eset.com
c.eset.com
a.c.eset.com
u.eset.com
i1.c.eset.com
i3.c.eset.com
i4.c.eset.com
i5.c.eset.com

These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53.


Advanced Machine Learning:

Hostname
h1-aidc01.eset.com
h3-aidc01.eset.com
h5-aidc01.eset.com
IP address
91.228.166.137
91.228.167.184
38.90.226.41

To submit suspicious files and anonymous statistical information to ESET's Threat Lab:

View list of IP addresses in a text file

  • tsm09.eset.com - tsm16.eset.com
Hostname
tsm09.eset.com
tsm10.eset.com
tsm11.eset.com
tsm12.eset.com
tsm13.eset.com
tsm14.eset.com
tsm15.eset.com
tsm16.eset.com
IP address
91.228.166.11
91.228.166.148
91.228.166.149
91.228.167.144
91.228.167.145
91.228.167.146
91.228.166.150
91.228.167.151
  • ts.eset.com

To use the Web control/Parental Control module:

View list of IP addresses in a text file

  • Base domain for DNS queries: e5.sk
  • Make sure to open UDP port 53535 for the addresses in the table below and allow requests to your local DNS server (UDP/TCP port 53).
Hostname
h1-arsp01-v.eset.com
h1-arsp02-v.eset.com
h3-arsp01-v.eset.com
h3-arsp02-v.eset.com
h5-arsp01-v.eset.com
h5-arsp02-v.eset.com
IP address
91.228.166.42
91.228.166.43
91.228.167.141
91.228.167.142
38.90.226.14
38.90.226.15

To use ESET Password Manager (version 10+):

View list of IP addresses in a text file

Hostname
ext-pwm.eset.com
eset-870273198.eu-west-1.elb.amazonaws.com
esetpwmdata-1.s3.amazonaws.com
s3-3-w.amazonaws.com
IP addresses
52.209.182.22, 52.48.20.160, 52.50.84.107
52.209.182.22, 52.48.20.160, 52.50.84.107
52.218.64.33
52.218.64.33

To use the Antispam module:

View list of IP addresses in a text file

  • Version 5 and higher: You need to allow requests to your local DNS server (TCP/UDP port 53).
  • Base domain for DNS queries: e5.sk
NOTE:

Make sure to open TCP/UDP port 53535 for the addresses in the table below. Otherwise, the performance and catch rate of antispam will be limited.

Hostname
h1-ars01-v.eset.com
h1-ars02-v.eset.com
h1-ars03-v.eset.com
h1-ars04-v.eset.com
h1-ars05-v.eset.com
h3-ars01-v.eset.com
h3-ars02-v.eset.com
h3-ars03-v.eset.com
h3-ars04-v.eset.com
h3-ars05-v.eset.com
h5-ars01-v.eset.com
h5-ars02-v.eset.com
h5-ars03-v.eset.com
h5-ars04-v.eset.com
h5-ars05-v.eset.com
IP address
91.228.166.61
91.228.166.62
91.228.166.63
91.228.166.64
91.228.166.65
91.228.167.36
91.228.167.67
91.228.167.68
91.228.167.74
91.228.167.116
38.90.226.21
38.90.226.22
38.90.226.23
38.90.226.24
38.90.226.25
  • Version 4: You only need to allow requests to your local DNS server (port 53)
  • Version 3:
    • 82.165.143.243
    • 87.106.222.139
    • 87.106.240.241
    • 82.165.143.242
    • 87.106.131.195

Domains used by the Antispam module:

Hostnames
dns.e5.sk
salt.e5.sk
rsys.e5.sk
arb.e5.sk
asplog.e5.sk
mri.e5.sk
ipt.e5.sk
sample.e5.sk
stat.e5.sk
setting.e5.sk
gid.e5.sk

To use the Antispam module:

(ESET Mail Security 4.x for Microsoft Exchange, ESET Mail Security 4.x for IBM Lotus Domino, ESET Mail Security for Linux/BSD/Solaris 4.0)

  • ds1-uk-rules-1.mailshell.net
  • ds1-uk-rules-2.mailshell.net
  • ds1-uk-rules-3.mailshell.net
  • fh-uk11.mailshell.net

View list of IP addresses in a text file

These IP addresses need to be enabled for HTTP port 80 (used for downloading updates of Antispam database). Also, access to your local DNS server is required for DNS queries on UDP port 53.

23.239.11.145
23.239.13.41
23.239.15.84
23.92.19.91
23.92.26.7
23.92.27.240
50.116.11.250
50.116.14.27
50.116.19.218
50.116.2.121
50.116.3.153
50.116.3.42
50.116.4.68
50.116.50.102
50.116.50.105
50.116.50.109
50.116.50.197
50.116.50.202
50.116.54.198
50.116.61.111
50.116.61.155
50.116.62.242
50.116.63.215
50.116.63.216
66.175.214.89
66.175.223.13
66.228.48.183
74.207.240.108
74.207.252.229
74.208.106.28
74.208.78.224
74.208.79.219
74.208.79.224
74.208.99.25
77.68.39.21
77.68.39.31
80.85.85.133
80.85.85.200
80.85.85.58
85.159.211.160
87.106.104.112
87.106.11.214
87.106.11.38
87.106.12.77
87.106.128.170
87.106.13.61
87.106.141.10
87.106.183.224
87.106.209.135
87.106.209.149
87.106.210.57
87.106.214.177
87.106.240.160
88.208.202.90
88.208.202.91
88.208.248.146
88.208.248.164
88.208.248.199
88.208.248.200
88.80.184.106
88.80.185.201
88.80.190.155
96.126.106.194
96.126.98.211
97.107.134.71
104.131.131.132
104.200.24.34
109.123.106.250
109.74.197.59
151.236.219.57
162.216.16.201
162.216.18.163
173.230.146.110
173.230.152.57
173.255.209.236
173.255.213.36
173.255.214.49
173.255.214.53
173.255.218.51
173.255.226.186
173.255.232.151
173.255.234.245
173.255.234.85
173.255.243.160
173.255.245.232
173.255.253.150
173.255.254.232
176.58.100.154
176.58.101.140
176.58.104.101
176.58.110.248
176.58.111.122
176.58.111.124
176.58.111.163
176.58.112.126
176.58.112.160
176.58.115.138
176.58.115.39
176.58.117.5
176.58.117.75
176.58.119.151
176.58.124.244
176.58.97.188
176.58.98.13
176.58.98.155
176.58.99.196
176.58.99.197
178.79.128.94
178.79.138.31
178.79.140.188
178.79.143.222
178.79.150.32
178.79.152.167
178.79.153.233
178.79.157.41
178.79.159.237
178.79.163.250
178.79.164.196
178.79.181.233
178.79.182.43
178.79.183.81
178.79.186.194
178.79.188.10
178.79.190.135
178.79.190.174
192.155.84.126
192.155.86.247
192.155.87.170
192.81.129.218
192.81.134.251
198.58.97.43
198.74.49.240
198.74.57.188
198.74.58.243
209.157.64.162
209.157.64.163
209.157.64.164
209.157.64.165
209.157.64.166
209.157.64.167
209.157.64.168
209.157.64.169
209.157.64.170
209.157.64.171
209.157.64.172
209.157.64.173
209.157.64.174
209.157.64.175
209.157.64.176
209.157.64.177
209.157.66.226
209.157.66.227
209.157.66.229
209.157.66.230
209.157.66.232
209.157.66.234
209.157.66.235
209.157.66.236
209.157.66.237
209.157.66.238
209.157.66.239
209.157.66.240
209.157.66.241
209.157.66.242
209.157.66.243
209.157.66.244
209.157.66.245
209.157.66.246
209.157.66.247
209.157.66.248
209.157.66.249
209.157.66.253
212.227.96.110
212.71.233.60
212.71.251.168
212.71.251.182
212.71.252.146
213.171.205.141
213.171.205.238
213.171.205.77
213.171.205.78
213.171.206.148
213.171.207.47
213.171.207.48
213.171.207.62
213.171.207.71
213.171.207.72
217.174.248.233
217.174.249.167
217.174.249.223
217.174.249.232
 
 
 
 


To ensure proper functionality of linking and redirection from your ESET product's graphical user interface:

Hostname
go.eset.com
go.eset.eu
 
support-go.eset.eu
h1-redir02-v.eset.com
h3-redir02-v.eset.com
IP address
52.166.8.11
91.228.166.47
91.228.167.128
91.228.166.78
91.228.167.98


To activate ESET Mobile Security:

  • reg01.eset.com/mob_activate - reg04.eset.com/mob_activate
  • reg01.eset.com/mob_register - reg04.eset.com/mob_register

ESET Data Framework (Anti-Theft, ESET License Administrator, Parental control, Web control):

View list of IP addresses in a text file

Hostname
edf.eset.com
edf.eset.com
edf.eset.com
edf.eset.com
edf.eset.com
h1-edfspy02-v.eset.com
h1-edfspy02-v.eset.com
h1-arse01-v.eset.com
h1-arse02-v.eset.com
h3-arse01-v.eset.com
h3-arse02-v.eset.com
h5-arse01-v.eset.com
h5-arse02-v.eset.com
h5-arse03-v.eset.com
h5-arse04-v.eset.com
ecp.eset.systems
ecp.eset.systems
IP address
40.114.143.2
13.64.117.133
13.91.57.145
13.64.23.53
13.91.140.245
91.228.165.74
91.228.167.40
91.228.166.104
91.228.166.71
91.228.167.64
91.228.167.81
38.90.226.16
38.90.226.17
38.90.226.42
38.90.226.34
13.91.140.245
13.64.23.53
Note
 
 
 
 
 
Old ESET products only
Old ESET products only
 
 
 
 
 
 
 
 
 
 

ESET Repository - repository.eset.com (ESET Remote Administrator 6.x, ESET Security Management Center 7.x and ESET PROTECT 8.x):

View list of IP addresses in a text file

Hostname
repository.eset.com
 
 
IP address
38.90.226.20
91.228.166.23
91.228.167.25

The IP address of the ESET repository server in China: 161.189.152.208
Some locations (such as Japan, Australia, or New Zealand) might have different IP addresses because of using CDN.
Use repositorynocdn.eset.com to connect ESET repository servers only, however in this case the best Internet connection cannot be guaranteed.

Make sure you have HTTP 1.1 enabled when accessing the repository or ESET update servers via 3rd party proxy. This applies to all products that have access to ESET repository.

For more information see


ESET Push Notification Service

View list of IP addresses in a text file

Hostname
epns.eset.com
h1-epnsbroker01.eset.com
h1-epnsbroker02.eset.com
h1-epnsbroker03.eset.com
h1-epnsbroker04.eset.com
h1-epnsbroker05.eset.com
h1-epnsbroker06.eset.com
h1-epnsbroker07.eset.com
h3-epnsbroker01.eset.com
h3-epnsbroker02.eset.com
h3-epnsbroker03.eset.com
h3-epnsbroker04.eset.com
h3-epnsbroker05.eset.com
h3-epnsbroker06.eset.com
h3-epnsbroker07.eset.com
h5-epnsbroker01.eset.com
h5-epnsbroker02.eset.com
h5-epnsbroker03.eset.com
h5-epnsbroker04.eset.com
h5-epnsbroker05.eset.com
h5-epnsbroker06.eset.com
h5-epnsbroker07.eset.com
IP address
 
91.228.165.144
91.228.165.145
91.228.165.146
91.228.165.147
91.228.165.148
91.228.165.159
91.228.165.160
91.228.167.171
91.228.167.172
91.228.167.187
91.228.167.188
91.228.167.192
91.228.167.193
91.228.167.194
38.90.226.51
38.90.226.52
38.90.226.62
38.90.226.63
38.90.226.64
38.90.226.65
38.90.226.66
Port
8883, 443
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

ESET Push Notification Service (EPNS) sends Wake-Up calls between ESET Management Agents and ESMC/ESET PROTECT/ESET PROTECT Cloud server.


ESET Dynamic Threat Defense:

Users need to whitelist both addresses for each hostname.

Hostname
r.edtd.eset.com
 
d.edtd.eset.com
 
IP address
137.117.138.135 (Europe)
13.83.244.211 (USA)
137.117.138.135 (Europe)
13.83.244.211 (USA)


Services (activation, expiration, IP location, trace, version check, redirector, in-product images & messages, SSL certificate check):

View list of IP addresses in a text file

Linking and redirection:

Hostname
proxy.eset.com
proxy.eset.com
proxy.eset.com
proxy.eset.com
h1-weblb01-v.eset.com
h3-weblb01-v.eset.com
IP address
91.228.165.81
91.228.165.85
91.228.167.55
91.228.167.125
91.228.165.79
91.228.167.123

Activation:

Hostname
register.eset.com
 
h1-weblb01-v.eset.com
h3-weblb01-v.eset.com
iploc.eset.com
 
 
 
pki.eset.com
 
versioncheck.eset.com
 
edf.eset.com
 
 
 
 
IP address
91.228.165.81
91.228.167.125
91.228.165.79
91.228.167.123
91.228.165.81
91.228.167.125
13.91.140.245
13.64.23.53
91.228.166.181
91.228.167.181
91.228.165.81
91.228.167.125
40.114.143.2
13.64.117.133
13.91.57.145
13.64.23.53
13.91.140.245
Note
 
 
Old Activation services
Old Activation services
 
 
 
 
 
 
 
 
 
 
 
 
 

Trace - Installation statistics:

Hostname IP address
trace.eset.com 91.228.165.81
91.228.167.125

In-product images & messages:

Hostname IP address
ipm.eset.com

ipm.eset.systems

157.56.166.70
banner.eset.com 91.228.167.30

SSL Certificate check:

Hostname IP address
proxy-detection.eset.com 38.90.226.28
91.228.166.91
91.228.167.91


Online help and Knowledgebase:

View list of IP addresses in a text file

Hostname
help.eset.com
 
 
support.eset.com
 
int.form.eset.com
IP address
91.228.165.46
91.228.167.61
38.90.227.28
34.198.154.246
52.4.210.140
91.228.166.22
91.228.166.154

91.228.166.154


ESET MSP Utility (EMU)

View list of IP addresses in a text file

Hostname IP address Port
ftp.eset.sk 91.228.166.130 80
mspapi.esetsoftware.com 168.62.212.42 443


DNS load balancers

ESET DNS service for eset.com domains is often used for optimal distribution of requests to ESET’s resources.

Hostname
h1-f5lb01-s.eset.com
h3-f5lb01-s.eset.com
h5-f5lb01-s.eset.com
h1-f5gtm01-s.eset.com
h3-f5gtm01-s.eset.com
h5-f5gtm01-s.eset.com
IP address
91.228.165.117
91.228.167.16
38.90.226.53
91.228.165.72
91.228.167.185
38.90.226.59


Telemetry

Telemetry services:

  • gallup.eset.com:443


Certificate Revocation Checks (OCSP)

Some third-party applications (for example, web browsers) check the revocation status of SSL/TLS certificates via Online Certificate Status Protocol (OCSP).

  • 93.184.220.29
  • 72.21.91.29
  • 192.16.58.8
  • 117.18.237.29
  • 66.225.197.197
OCSP status has to be requested over HTTP

For some certificates to verify an OCSP status has to be requested over HTTP. Make sure that your ESET product does not block such requests to avoid problems, e.g. long verification times due to timeouts.

For more information see the DigiCert KB article.


Syslog security restrictions and limits

Additional security settings:

Administrators should configure their Syslog server's firewall to allow incoming Syslog Export events only from the following IP ranges:
  • Outgoing IP addresses from ESET PROTECT Cloud in the Europe region:
    51.136.106.164/30
  • Outgoing IP addresses from ESET PROTECT Cloud in the USA region:
    40.81.8.148/30
  • Outgoing IP addresses from ESET PROTECT Cloud in the Japan region:
    20.78.10.184/30

See our online help article for more information on Syslog security restrictions and limits.

Back to top 🡅