[KB332] Ports and addresses required to use your ESET product with a third-party firewall
Issue
- Your third-party firewall is interfering with the performance of your ESET product(s)
- You use a third-party firewall or your computer is on a network behind a firewall
- You did not receive an email about registration or change of an ESET online service
Solution
Your ESET product communicates with resources on the internet over standard HTTP protocol on Port 80, or over HTTPS on Port 443.
To resolve your issue, the following hosts in each ESET component must be made accessible:
- Download detection engine and module updates
- Download pico updates
- Download product installers, updates
- Expiration date
- Support requests
- ESET Secure Authentication Provisioning Server
- ESET Live Grid
- Advanced Machine Learning
- Anonymous statistics
- Web Control/Parental Control
- Password Manager
- Antispam
- GUI
- Mobile Security
- ESET Data Framework (Anti-Theft, ESET License Administrator, Parental control, Web control)
- ERA 6/ ESMC 7/ ESET PROTECT 8
- ESET Push Notification Service
- ESET Dynamic Threat Defense
- Services
- Online Help
- MSP
- DNS load balancers
- Telemetry
- Certificate Revocation Checks (OCSP)
- Syslog security restrictions and limits
To download detection engine updates:
View list of IP addresses in a text file
| Hostname | IP address |
|---|---|
| um01.eset.com | 91.228.166.13 |
| um02.eset.com | 91.228.166.14 |
| um03.eset.com | 91.228.166.15 |
| um04.eset.com | 91.228.166.16 |
| um05.eset.com | 91.228.167.132 |
| um06.eset.com | 91.228.167.133 |
| um07.eset.com | 38.90.226.36 |
| um08.eset.com | 38.90.226.37 |
| um09.eset.com | 38.90.226.38 |
| um10.eset.com | 38.90.226.39 |
| um11.eset.com | 91.228.166.88 |
| um12.eset.com | 91.228.167.170 |
| um13.eset.com | 38.90.226.40 |
| um14.eset.com | 185.94.157.10 |
| um15.eset.com | 185.94.157.11 |
| um21.eset.com | 91.228.167.26 |
| um23.eset.com | 91.228.167.21 |
| um01.ru.eset.com | 188.225.81.21 |
| um01.cn.eset.com | 119.29.72.159 |
To download detection engine updates, use this hostname:
- update.eset.com
To download detection engine updates only from servers located in a specific region, select one of these hostnames:
- Europe: eu-update.eset.com
- US: us-update.eset.com
To download pico updates (ESET Endpoint Antivirus 7.x / ESET Endpoint Security 7.x):
| Hostname | IP address |
|---|---|
| pico.eset.com | 38.90.226.37 |
| 38.90.226.38 | |
| 38.90.226.39 | |
| 38.90.226.40 | |
| 91.228.166.14 | |
| 91.228.166.15 | |
| 91.228.166.16 | |
| 91.228.166.88 | |
| 91.228.167.21 | |
| 91.228.167.26 | |
| 91.228.167.133 | |
| 91.228.167.170 | |
| 185.94.157.10 | |
| 185.94.157.11 | |
| 119.29.72.159 |
To download product installers, updates:
| Service | IP address |
|---|---|
| download.eset.com | 91.228.166.154 |
| 91.228.167.190 | |
| 38.90.226.111 |
To see the expiration date:
View list of IP addresses in a text file
| Hostname | IP address |
|---|---|
| expire.eset.com | 91.228.165.81 |
| 91.228.167.125 | |
| edf.eset.com | 40.114.143.2 |
| 13.64.117.133 | |
| 13.91.57.145 |
To send support requests using the Support request function:
| Hostname | IP address |
|---|---|
| suppreq.eset.eu | 91.228.165.114 |
| 91.228.167.111 |
To allow communication with ESET Secure Authentication Provisioning Server (two-factor authentication):
View list of IP addresses in a text file
| Hostname | IP address | Port |
|---|---|---|
| ecp.eset.systems | ||
| esa.eset.com m.esa.eset.com |
91.228.167.115 | 443 |
| 91.228.167.120 | ||
| 91.228.167.122 | ||
| 91.228.167.152 |
Servers:
| Hostname | IP address |
|---|---|
| h3-esa2-01-v.eset.com | 91.228.167.115 |
| h3-esa2-02-v.eset.com | 91.228.167.122 |
| h3-esa2-03-v.eset.com | 91.228.167.120 |
| h3-esa2-04-v.eset.com | 91.228.167.152 |
| repository.eset.com |
To use the online reputation database (ESET Live Grid):
- Ensure the following ports are open: TCP 80, TCP 53535, UDP 53535
- The IP addresses below have to be enabled for HTTP port 80
- Access to your local DNS server is required for DNS queries on UDP port 53
View list of IP addresses in a text file
| Hostname | IP address |
|---|---|
| h1-c01.eset.com | 91.228.166.45 |
| h1-c02.eset.com | 91.228.166.46 |
| h1-c03.eset.com | 91.228.165.43 |
| h1-c04.eset.com | 91.228.165.44 |
| h1-c05.eset.com | 91.228.166.52 |
| h3-c01.eset.com | 91.228.167.137 |
| h3-c02.eset.com | 91.228.167.43 |
| h3-c03.eset.com | 91.228.167.46 |
| h3-c04.eset.com | 91.228.167.103 |
| h5-c01.eset.com, 38-90-226-11.ptr.eset.com | 38.90.226.11 |
| h5-c02.eset.com, 38-90-226-12.ptr.eset.com | 38.90.226.12 |
| h5-c03.eset.com, 38-90-226-13.ptr.eset.com | 38.90.226.13 |
Domains used by ESET Live Grid:
| Hostnames |
|---|
| a.cwip.eset.com |
| ae.cwip.eset.com |
| avcloud.e5.sk |
| c.cwip.eset.com |
| ce.cwip.eset.com |
| dnsj.e5.sk |
| dnsje.e5.sk |
| i1.cwip.eset.com |
| i1e.cwip.eset.com |
| i3.cwip.eset.com |
| i4.cwip.eset.com |
| i4e.cwip.eset.com |
| u.cwip.eset.com |
| ue.cwip.eset.com |
| c.eset.com |
| a.c.eset.com |
| u.eset.com |
| i1.c.eset.com |
| i3.c.eset.com |
| i4.c.eset.com |
| i5.c.eset.com |
These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53.
Advanced Machine Learning:
| Hostname | IP address |
|---|---|
| h1-aidc01.eset.com | 91.228.166.137 |
| h3-aidc01.eset.com | 91.228.167.184 |
| h5-aidc01.eset.com | 38.90.226.41 |
To submit suspicious files and anonymous statistical information to ESET's Threat Lab:
View list of IP addresses in a text file
- tsm09.eset.com - tsm16.eset.com
| Hostname | IP address |
|---|---|
| tsm09.eset.com | 91.228.166.11 |
| tsm10.eset.com | 91.228.166.148 |
| tsm11.eset.com | 91.228.166.149 |
| tsm12.eset.com | 91.228.167.144 |
| tsm13.eset.com | 91.228.167.145 |
| tsm14.eset.com | 91.228.167.146 |
| tsm15.eset.com | 91.228.166.150 |
| tsm16.eset.com | 91.228.167.151 |
- ts.eset.com
To use the Web control/Parental Control module:
View list of IP addresses in a text file
- Base domain for DNS queries: e5.sk
- Make sure to open UDP port 53535 for the addresses in the table below and allow requests to your local DNS server (UDP/TCP port 53).
| Hostname | IP address |
|---|---|
| h1-arsp01-v.eset.com | 91.228.166.42 |
| h1-arsp02-v.eset.com | 91.228.166.43 |
| h3-arsp01-v.eset.com | 91.228.167.141 |
| h3-arsp02-v.eset.com | 91.228.167.142 |
| h5-arsp01-v.eset.com | 38.90.226.14 |
| h5-arsp02-v.eset.com | 38.90.226.15 |
To use ESET Password Manager (version 10+):
View list of IP addresses in a text file
| Hostname | IP addresses |
|---|---|
| ext-pwm.eset.com | 52.209.182.22, 52.48.20.160, 52.50.84.107 |
| eset-870273198.eu-west-1.elb.amazonaws.com | 52.209.182.22, 52.48.20.160, 52.50.84.107 |
| esetpwmdata-1.s3.amazonaws.com | 52.218.64.33 |
| s3-3-w.amazonaws.com | 52.218.64.33 |
To use the Antispam module:
View list of IP addresses in a text file
- Version 5 and higher: You need to allow requests to your local DNS server (TCP/UDP port 53).
- Base domain for DNS queries: e5.sk
| Hostname | IP address |
|---|---|
| h1-ars01-v.eset.com | 91.228.166.61 |
| h1-ars02-v.eset.com | 91.228.166.62 |
| h1-ars03-v.eset.com | 91.228.166.63 |
| h1-ars04-v.eset.com | 91.228.166.64 |
| h1-ars05-v.eset.com | 91.228.166.65 |
| h3-ars01-v.eset.com | 91.228.167.36 |
| h3-ars02-v.eset.com | 91.228.167.67 |
| h3-ars03-v.eset.com | 91.228.167.68 |
| h3-ars04-v.eset.com | 91.228.167.74 |
| h3-ars05-v.eset.com | 91.228.167.116 |
| h5-ars01-v.eset.com | 38.90.226.21 |
| h5-ars02-v.eset.com | 38.90.226.22 |
| h5-ars03-v.eset.com | 38.90.226.23 |
| h5-ars04-v.eset.com | 38.90.226.24 |
| h5-ars05-v.eset.com | 38.90.226.25 |
- Version 4: You only need to allow requests to your local DNS server (port 53)
- Version 3:
- 82.165.143.243
- 87.106.222.139
- 87.106.240.241
- 82.165.143.242
- 87.106.131.195
Domains used by the Antispam module:
| Hostnames |
|---|
| dns.e5.sk |
| salt.e5.sk |
| rsys.e5.sk |
| arb.e5.sk |
| asplog.e5.sk |
| mri.e5.sk |
| ipt.e5.sk |
| sample.e5.sk |
| stat.e5.sk |
| setting.e5.sk |
| gid.e5.sk |
To use the Antispam module:
(ESET Mail Security 4.x for Microsoft Exchange, ESET Mail Security 4.x for IBM Lotus Domino, ESET Mail Security for Linux/BSD/Solaris 4.0)
- ds1-uk-rules-1.mailshell.net
- ds1-uk-rules-2.mailshell.net
- ds1-uk-rules-3.mailshell.net
- fh-uk11.mailshell.net
View list of IP addresses in a text file
| 23.239.11.145 | 85.159.211.160 | 173.255.218.51 | 178.79.164.196 | 209.157.66.235 |
| 23.239.13.41 | 87.106.104.112 | 173.255.226.186 | 178.79.181.233 | 209.157.66.236 |
| 23.239.15.84 | 87.106.11.214 | 173.255.232.151 | 178.79.182.43 | 209.157.66.237 |
| 23.92.19.91 | 87.106.11.38 | 173.255.234.245 | 178.79.183.81 | 209.157.66.238 |
| 23.92.26.7 | 87.106.12.77 | 173.255.234.85 | 178.79.186.194 | 209.157.66.239 |
| 23.92.27.240 | 87.106.128.170 | 173.255.243.160 | 178.79.188.10 | 209.157.66.240 |
| 50.116.11.250 | 87.106.13.61 | 173.255.245.232 | 178.79.190.135 | 209.157.66.241 |
| 50.116.14.27 | 87.106.141.10 | 173.255.253.150 | 178.79.190.174 | 209.157.66.242 |
| 50.116.19.218 | 87.106.183.224 | 173.255.254.232 | 192.155.84.126 | 209.157.66.243 |
| 50.116.2.121 | 87.106.209.135 | 176.58.100.154 | 192.155.86.247 | 209.157.66.244 |
| 50.116.3.153 | 87.106.209.149 | 176.58.101.140 | 192.155.87.170 | 209.157.66.245 |
| 50.116.3.42 | 87.106.210.57 | 176.58.104.101 | 192.81.129.218 | 209.157.66.246 |
| 50.116.4.68 | 87.106.214.177 | 176.58.110.248 | 192.81.134.251 | 209.157.66.247 |
| 50.116.50.102 | 87.106.240.160 | 176.58.111.122 | 198.58.97.43 | 209.157.66.248 |
| 50.116.50.105 | 88.208.202.90 | 176.58.111.124 | 198.74.49.240 | 209.157.66.249 |
| 50.116.50.109 | 88.208.202.91 | 176.58.111.163 | 198.74.57.188 | 209.157.66.253 |
| 50.116.50.197 | 88.208.248.146 | 176.58.112.126 | 198.74.58.243 | 212.227.96.110 |
| 50.116.50.202 | 88.208.248.164 | 176.58.112.160 | 209.157.64.162 | 212.71.233.60 |
| 50.116.54.198 | 88.208.248.199 | 176.58.115.138 | 209.157.64.163 | 212.71.251.168 |
| 50.116.61.111 | 88.208.248.200 | 176.58.115.39 | 209.157.64.164 | 212.71.251.182 |
| 50.116.61.155 | 88.80.184.106 | 176.58.117.5 | 209.157.64.165 | 212.71.252.146 |
| 50.116.62.242 | 88.80.185.201 | 176.58.117.75 | 209.157.64.166 | 213.171.205.141 |
| 50.116.63.215 | 88.80.190.155 | 176.58.119.151 | 209.157.64.167 | 213.171.205.238 |
| 50.116.63.216 | 96.126.106.194 | 176.58.124.244 | 209.157.64.168 | 213.171.205.77 |
| 66.175.214.89 | 96.126.98.211 | 176.58.97.188 | 209.157.64.169 | 213.171.205.78 |
| 66.175.223.13 | 97.107.134.71 | 176.58.98.13 | 209.157.64.170 | 213.171.206.148 |
| 66.228.48.183 | 104.131.131.132 | 176.58.98.155 | 209.157.64.171 | 213.171.207.47 |
| 74.207.240.108 | 104.200.24.34 | 176.58.99.196 | 209.157.64.172 | 213.171.207.48 |
| 74.207.252.229 | 109.123.106.250 | 176.58.99.197 | 209.157.64.173 | 213.171.207.62 |
| 74.208.106.28 | 109.74.197.59 | 178.79.128.94 | 209.157.64.174 | 213.171.207.71 |
| 74.208.78.224 | 151.236.219.57 | 178.79.138.31 | 209.157.64.175 | 213.171.207.72 |
| 74.208.79.219 | 162.216.16.201 | 178.79.140.188 | 209.157.64.176 | 217.174.248.233 |
| 74.208.79.224 | 162.216.18.163 | 178.79.143.222 | 209.157.64.177 | 217.174.249.167 |
| 74.208.99.25 | 173.230.146.110 | 178.79.150.32 | 209.157.66.226 | 217.174.249.223 |
| 77.68.39.21 | 173.230.152.57 | 178.79.152.167 | 209.157.66.227 | 217.174.249.232 |
| 77.68.39.31 | 173.255.209.236 | 178.79.153.233 | 209.157.66.229 | |
| 80.85.85.133 | 173.255.213.36 | 178.79.157.41 | 209.157.66.230 | |
| 80.85.85.200 | 173.255.214.49 | 178.79.159.237 | 209.157.66.232 | |
| 80.85.85.58 | 173.255.214.53 | 178.79.163.250 | 209.157.66.234 |
These IP addresses need to be enabled for HTTP port 80 (used for downloading updates of Antispam database). Also, an access to your local DNS server is required for DNS queries on UDP port 53.
To ensure proper functionality of linking and redirection from your ESET product's graphical user interface:
View list of IP addresses in a text file
| Hostname | IP address |
|---|---|
| go.eset.eu | 91.228.165.134 |
| 91.228.167.134 | |
| support-go.eset.eu h1-redir02-v.eset.com h3-redir02-v.eset.com |
91.228.166.78 |
| 91.228.167.98 |
To activate ESET Mobile Security:
- reg01.eset.com/mob_activate - reg04.eset.com/mob_activate
- reg01.eset.com/mob_register - reg04.eset.com/mob_register
ESET Data Framework (Anti-Theft, ESET License Administrator, Parental control, Web control):
View list of IP addresses in a text file
ESET Repository - repository.eset.com (ESET Remote Administrator 6.x, ESET Security Management Center 7.x and ESET PROTECT 8.x):
View list of IP addresses in a text file
| Hostname | IP address |
|---|---|
| repository.eset.com | 38.90.226.20 |
| 91.228.166.23 | |
| 91.228.167.25 |
The IP address of ESET repository server in China: 161.189.152.208
Some locations (like Japan, Australia or New Zealand) might have different IP addresses because of using CDN.
Use repositorynocdn.eset.com to connect ESET repository servers only, however in this case the best Internet connection cannot be guaranteed.
Make sure you have HTTP 1.1 enabled when accessing the repository or ESET update servers via 3rd party proxy. This applies to all products that have access to ESET repository.
For more information see
ESET Push Notification Service
View list of IP addresses in a text file
| Hostname | IP address | Port |
|---|---|---|
| epns.eset.com | 8883, 443 | |
| h1-epnsbroker01.eset.com | 91.228.165.144 | |
| h1-epnsbroker02.eset.com | 91.228.165.145 | |
| h3-epnsbroker01.eset.com | 91.228.167.171 | |
| h3-epnsbroker02.eset.com | 91.228.167.172 | |
| h5-epnsbroker01.eset.com | 38.90.226.51 | |
| h5-epnsbroker02.eset.com | 38.90.226.52 |
ESET Push Notification Service (EPNS) sends Wake-Up calls between ESET Management Agents and ESMC/ESET PROTECT/ESET PROTECT Cloud server.
ESET Dynamic Threat Defense:
Users need to whitelist both addresses for each hostname.
| Hostname | IP address |
|---|---|
| r.edtd.eset.com |
137.117.138.135 (Europe) 13.83.244.211 (USA) |
| d.edtd.eset.com |
137.117.138.135 (Europe) 13.83.244.211 (USA) |
Services (activation, expiration, IP location, trace, version check, redirector, in-product images & messages, SSL certificate check):
View list of IP addresses in a text file
Linking and redirection:
| Hostname | IP address |
|---|---|
| proxy.eset.com | 91.228.165.81 |
| 91.228.165.85 | |
| 91.228.167.55 | |
| 91.228.167.125 | |
| h1-weblb01-v.eset.com | 91.228.165.79 |
| h3-weblb01-v.eset.com | 91.228.167.123 |
Activation:
| Hostname | IP address | Note |
|---|---|---|
| register.eset.com | 91.228.165.81 | |
| 91.228.167.125 | ||
| h1-weblb01-v.eset.com | 91.228.165.79 | Old Activation services |
| h3-weblb01-v.eset.com | 91.228.167.123 | Old Activation services |
| iploc.eset.com | 91.228.165.81 | |
| 91.228.167.125 | ||
| 13.91.140.245 | ||
| 13.91.207.10 | ||
| pki.eset.com | 91.228.166.181 | |
| 91.228.167.181 | ||
| versioncheck.eset.com | 91.228.165.81 | |
| 91.228.167.125 |
Trace - Installation statistics:
| Hostname | IP address |
|---|---|
| trace.eset.com | 91.228.165.81 |
| 91.228.167.125 |
In-product images & messages:
| Hostname | IP address |
|---|---|
| ipm.eset.com
ipm.eset.systems |
157.56.166.70 |
| banner.eset.com | 91.228.167.30 |
SSL Certificate check:
| Hostname | IP address |
|---|---|
| proxy-detection.eset.com | 38.90.226.28 |
| 91.228.166.91 | |
| 91.228.167.91 |
Online help and Knowledgebase:
View list of IP addresses in a text file
| Hostname | IP address |
|---|---|
| help.eset.com | 91.228.165.46 |
| 91.228.167.61 | |
| 38.90.227.28 | |
| support.eset.com | 34.198.154.246 |
| 52.4.210.140 | |
| int.form.eset.com | 91.228.166.22 |
91.228.166.154
ESET MSP Utility (EMU)
View list of IP addresses in a text file
| Hostname | IP address | Port |
|---|---|---|
| ftp.eset.sk | 91.228.166.130 | 80 |
| mspapi.esetsoftware.com | 168.62.212.42 | 443 |
| go.eset.com | 72.32.32.10 | 80 |
DNS load balancers
ESET DNS service for eset.com domains is often used for optimal distribution of requests to ESET’s resources.
| Hostname | IP address |
|---|---|
| h1-f5lb01-s.eset.com | 91.228.165.117 |
| h3-f5lb01-s.eset.com | 91.228.167.16 |
| h5-f5lb01-s.eset.com | 38.90.226.53 |
| h1-f5gtm01-s.eset.com | 91.228.165.72 |
| h3-f5gtm01-s.eset.com | 91.228.167.185 |
| h5-f5gtm01-s.eset.com | 38.90.226.59 |
Telemetry
- gallup.eset.com:443
Certificate Revocation Checks (OCSP)
Some third-party applications (e.g. web browsers) check the revocation status of SSL/TLS certificates via Online Certificate Status Protocol (OCSP).
- 93.184.220.29
- 72.21.91.29
- 192.16.58.8
- 117.18.237.29
- 66.225.197.197
For more information see the DigiCert KB article.
Syslog security restrictions and limits
Additional security settings:
Administrators should configure their Syslog server's firewall to allow incoming Syslog Export events only from the following IP ranges:
- Outgoing IP addresses from ESET PROTECT Cloud in the Europe region: 51.136.106.164/30
- Outgoing IP addresses from ESET PROTECT Cloud in the USA region: 40.81.8.148/30
See our online help article for more information on Syslog security restrictions and limits.
Last Updated: Mar 25, 2021
