Jump to content

Recommended Posts

Posted

Hi,

We have a customer site with only whitelisted URLs allowed on the firewall.

Can someone please share with me the URLs that need to whitelist in order for endpoints to communicate/send & receive updates with the cloud security center?

  • Kaspersky Hybrid Cloud - ksc.kaspersky.com
  • Endpoint Kaspersky Endpoint Security 11.11
  • 2 weeks later...
  • 1 month later...
Hassan Izhar
Posted

The URLs that need to be whitelisted for endpoints to communicate with the cloud security center can vary depending on the specific cloud security solution and the configuration of your network. However, here are some URLs that may need to be whitelisted:

*.microsoft.com
*.microsoftonline.com
*.windowsupdate.com
*.cloudappsecurity.com
*.blob.core.windows.net
*.securitycenter.windows.com
*.msftcloudes.com
*.azsec.azure.com
*.msecnd.net
*.nrbf[0-9].com
It's important to note that these are general URLs that may need to be whitelisted and that the specific URLs required for your cloud security solution may be different. You should consult the documentation or support resources for your cloud security solution to obtain the necessary URLs that need to be whitelisted.

Additionally, it's recommended to regularly review and update the whitelisted URLs to ensure that your endpoints can communicate with the cloud security center without any issues while also maintaining a high level of security.

  • 1 year later...
Posted

Hello @shanil

For Kaspersky Hybrid Cloud and Kaspersky Endpoint Security 11.11, you need to whitelist specific URLs to ensure that endpoints can communicate with the cloud security center and receive updates. Below is a list of URLs that you should allow:

Cloud Security Center Communication

  1. ksc.kaspersky.com (Main Cloud Security Center)

Update Servers

Ensure that the following update servers are allowed for downloading antivirus databases and application updates:

  1. dnl-01.geo.kaspersky.com
  2. dnl-02.geo.kaspersky.com
  3. dnl-03.geo.kaspersky.com
  4. dnl-04.geo.kaspersky.com

Cloud Protection and Licensing

For cloud protection services and licensing, include:

  1. license.kaspersky.com
  2. s20.upd.kaspersky.com
  3. stat.kaspersky.com
  4. ksn.kaspersky.com (Kaspersky Security Network, if enabled)

Additional Resources

If you use features such as Kaspersky Web Control, Application Control, or Content Filtering:

  1. crl.kaspersky.com (for certificate revocation checks)
  2. data.kaspersky.com (for cloud-based protection requests)

Ports to Open

Kaspersky services typically require the following ports:

  • TCP 443: For HTTPS communication with cloud services.
  • TCP 80: For fallback HTTP communication (not always required).
  • UDP 53: For DNS resolution.

Make sure that the firewall rules apply to both IPv4 and IPv6 if dual-stack networking is in use. Additionally, check the Kaspersky Online Help for the most up-to-date information as URLs and requirements may change over time.

Thank you

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...