Appendix 1a: Xcitium Enterprise Services - IP Nos, Host Names and Port Details - EU Customer
Note: This page contains information for customers located in Europe. Click here to see USA information instead.
-
Xcitium Enterprise communicates with Xcitium servers and your devices to issue commands, run virus scans, deploy updates and more.
-
You need to configure your firewall accordingly to allowthese connections .
- All client to server communications
are encrypted over https connections using the strongest TLS protocols, RSA 2048 bit keysand SHA 256 algorithms.
-
The tables on this page show firewall requirements for the following Xcitium services:
Communication Client (CC) |
|||||
---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Criticality and notes |
CC |
Communication between device and Xcitium server |
subdomain.cmdm. comodo.com |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
Enrollment |
To get client certificates |
mdmsupport.comodo.com (up to CCC 6.29) mdmsupport.cmdm. comodo.com (CCC 6.30+) |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
Monitoring and alerts |
Access to Monitoring and alerts server |
plugins.cmdm. comodo.com |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
File rating management |
Access to Local Verdict Server |
subdomain.cmdm. comodo.com |
Dynamic (Amazon load balancing) |
443 |
Optional This is for reporting data from CCS |
Windows push service (XMPP) |
Device communication (push messages) |
xmpp.cmdm. comodo.com |
18.197.167.137 34.227.128.175 |
443 |
Mandatory |
LDAP synchronization |
Synchronization with LDAP via device |
User's LDAP server host |
User's LDAP server IP |
389 636 (LDAPS) |
Optional For LDAP sync via device only. Related to Device to LDAP server connections only |
SSO |
Single Sign On |
one.comodo.com |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
Client Security installation |
Download and install/upgrade Client Security agent. Requests to download. comodo.com are redirected to cdn.download. comodo.com which is managed by The CDN provider, and those IP addresses can change |
download. comodo.com |
178.255.82.5 |
443, 80 |
Optional For CCS installation/upgrade only |
cdn.download. comodo.com |
Cloudflare’s IP range: 104.37.182.3 |
443, 80 |
|||
OCSP |
Client certificate revocation checking |
http://ocsp. comodoca.com/ |
Dynamic load balancing |
80 |
Optional For mobile devices only. The Windows client does not perform OCSP checks. |
CRL |
Client certificate revocation checking |
http://crl. comodoca.com/ |
Dynamic load balancing |
80 |
Optional For mobile devices only. The Windows client does not perform OCSP checks. |
3rd Party Patch Management |
3rd party applications updates |
patchportal.one. comodo.com |
Dynamic (Amazon load balancing) |
443 |
Optional |
Telemetry |
Sending telemetry data for analysis | cescollector.cwatchapi.com | Dynamic (Amazon load balancing) |
443 |
Optional |
Local distribution of packages |
Distribute different types of updates via local network |
Local hostname | Local IP | 6881, 6882 | Optional. Used for updates distribution locally by torrent principle. Ports are bound by Xcitium Service. 6882 is used if 6881 is in use already. |
Xcitium Client - Security (XCS)
Client - Security (CS) |
||||||
---|---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Protocol |
Criticality and notes |
FLS |
FLS lookup |
fls.security. comodo.com |
45.77.153.162 |
4447 (optional), 53 |
UDP |
Mandatory - choose *either* UDP or TCP for FLS |
FLS lookup |
fls.security. comodo.com |
45.77.153.162 |
4448 (optional), 80 |
TCP |
Mandatory - choose *either* UDP or TCP for FLS |
|
Xcitium Verdict Cloud |
Xcitium Verdict Cloud lookup |
valkyrie. comodo.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
Optional |
Submit to Xcitium Verdict Cloud |
valkyrie. comodo.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
Mandatory |
|
cdn. download. comodo.com |
Update / upgrade mirror |
cdn.download. comodo.com |
Cloudflare’s IP range:
104.37.182.3
|
80 |
HTTP |
Mandatory |
cdn.download. comodo.com |
Cloudflare’s IP range: 104.37.182.3 |
443 |
HTTPS |
|||
download. comodo.com |
Update/upgrade. Requests to download. comodo.com are redirected to cdn.download. comodo.com which is managed by The CDN provider, and those IP addresses can change |
download. comodo.com |
178.255.82.5 |
80 |
HTTP |
Mandatory |
download. comodo.com |
178.255.82.5 |
443 |
HTTPS |
|||
LVS |
Download the Xcitium verdicts database |
s3.eu-central-1.amazonaws.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
Mandatory |
LVS lookup |
subdomain. cmdm. comodo.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
||
OCSP |
Client certificate revocation checking |
http://ocsp. comodoca.com/ |
Dynamic load balancing |
80 |
- |
Optional |
CRL |
Client certificate revocation checking |
http://crl. comodoca.com/ |
Dynamic load balancing |
80 |
- |
Optional |
Telementry | Sending telemetry data for analysis | tel.security. comodo.com |
159.203.65.195 | 261 | HTTPS | |
FLEVEN |
Sending telemetry data for analysis |
cis.td.security. comodo.com |
Dynamic (Amazon load balancing) | 443 |
HTTPS | |
|
Sending telemetry data for analysis | api.mssp. comodo.com |
Dynamic (Amazon load balancing) | 443 | HTTPS |
Xcitium Server (on premise installation)
Xcitium Server (on premise) |
||||
---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
|
Connection to the configured SMTP server for e-mail sending |
SMTP server hostname |
SMTP server IP |
25 |
LDAP synchronization |
Direct synchronization with LDAP |
User's LDAP server host |
User's LDAP server IP |
389 636 (LDAPS) |
Connection to Xcitium Accounts Manager |
License verification |
https://accounts. comodo.com |
178.255.85.140 |
443 |
Google Cloud Messaging |
To push messages |
https://android. googleapis.com/gcm/send |
Dynamic |
443 |
Local Verdict Server |
File rating management |
Xcitium server hostname |
Xcitium server IP |
443 |
Remote Control |
||||||
---|---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Protocol |
Criticality and notes |
XMPP |
Remote Control Session (with new version of Xcitium RC* |
xmpp.cmdm. comodo.com |
18.196.138.4 18.197.8.210 |
443 |
HTTPS |
Mandatory for both RC host and target device |
STUN server |
To receive possible network configuration, external |
stun.l. google.com |
Dynamic |
19302 |
UDP |
Mandatory for both RC host and target |
Direct connection |
Establish direct connection between RC and target device. |
|
IP of the CRC host AND target host |
|
UDP |
Mandatory for both RC host and target device for direct connections. |
Peer-to-peer connection | Establish |
- | 18.196.107.208 52.29.123.206 34.232.133.48 18.208.23.45 |
3478 | UDP |
Mandatory for both RC host and target device for peer-to-peer connections. |
Relay connection |
Establish |
- | 18.196.107.208 52.29.123.206 34.232.133.48 18.208.23.45 |
3478, 49152 - 65535 | UDP |
Mandatory for both RC host and target device for relay connections. |
* - applicable to both sides - RC host and target
Remote Control – Direct connection by traffic direction*
Outgoing Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
Local IP 1 |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
Local IP 2 |
local port range specified in profile WinXP/2003 default port range: 1025-5000 |
UDP |
Incoming Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
Local IP 2 |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
Local IP 1 |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
* - applicable to both sides - RC and target.
Remote Control - Peer to Peer Connection by traffic direction*
Outgoing Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025 - 5000 |
18.196.107.208 |
3478 |
UDP |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025 - 5000 |
stun.l.google.com |
19302 |
Incoming Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
18.196.107.208 |
3478 |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
stun.l.google.com |
19302 |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
* - applicable to both sides - RC and target.
Remote Control - Relay Connection by traffic direction*
Outgoing Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 — 65535 WinXP/2003 default port range: 1025-5000 |
18.196.107.208 52.29.123.206 34.232.133.48 18.208.23.45 |
49152 - 65535 |
UDP |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 — 65535 WinXP/2003 default port range: 1025-5000 |
19302 |
UDP |
Incoming Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
18.196.107.208 52.29.123.206 34.232.133.48 18.208.23.45 |
3478, 49152 - 65535 |
Local IP |
Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
19302 |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
* - applicable to both sides - CRC and target.
Diagnostics tools |
|||||
---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Criticality and notes |
Cis Report Tool |
Collect event logs to help more effectively troubleshoot issues |
c1report.comodo.com |
178.255.85.136 |
22 |
Optional. For manual log uploads |
This table contains the same information as the other four tables on this page but with services grouped by port number.
Settings Grouped by Port |
|||||
Port |
Service |
IP |
URL / Hostname |
Protocol |
Component |
---|---|---|---|---|---|
443 |
CC |
Dynamic (Amazon load balancing) |
subdomain.cmdm. comodo.com |
HTTPS |
Client Communication |
Enrollment |
Dynamic (Amazon load balancing) |
mdmsupport.comodo.com |
HTTPS |
||
Monitoring and alerts |
Dynamic (Amazon load balancing) |
plugins.cmdm. comodo.com |
HTTPS |
||
File rating management |
Dynamic (Amazon load balancing) |
subdomain.cmdm. comodo.com |
HTTPS |
||
Windows push service (XMPP) |
18.197.167.137 34.227.128.175 |
xmpp.cmdm. comodo.com |
HTTPS |
||
SSO |
69.4.89.244 |
one.comodo.com |
HTTPS |
||
3rd party patch management |
Dynamic (Amazon load balancing) |
patchportal.one. comodo.com |
HTTPS |
||
Client Security installation |
178.255.82.5 |
download. comodo.com |
HTTPS |
||
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
|||
Telemetry |
Dynamic (Amazon load balancing) |
cescollector.cwatchapi.com |
HTTPS |
||
Xcitium Verdict Cloud |
178.255.87.4 |
valkyrie.comodo.com |
HTTPS |
Xcitium Client Security |
|
Update/upgrade. Requests to download. comodo.com are redirected to cdn.download. comodo.com which is managed by The CDN provider, and those IP addresses can change |
178.255.82.5 |
download. comodo.com |
HTTPS |
||
Updates/upgrades mirror |
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
||
FLEVEN | Dynamic (Amazon load balancing) | cis.td.security. comodo.com |
HTTPS | ||
CWATCH | Dynamic (Amazon load balancing) | api.mssp. comodo.com |
HTTPS | ||
LVS |
Dynamic (Amazon load balancing) |
s3.eu-central-1.amazonaws.com |
HTTPS |
||
Dynamic (Amazon load balancing) |
subdomain.cmdm. comodo.com |
HTTPS |
|||
License verification |
178.255.85.140 |
accounts.comodo.com |
HTTPS |
Xcitium server (on premise) |
|
Google cloud messaging |
Dynamic |
android.googleapis. com/gcm/send |
HTTPS |
||
Apple push notifications |
Dynamic |
gateway.push. apple.com |
HTTPS |
||
Local Verdict Server |
Xcitium server IP |
Xcitium server hostname |
HTTPS |
||
XMPP |
18.196.138.4 18.197.8.210 |
xmpp.cmdm. comodo.com |
HTTPS |
Remote Control |
|
80 |
Client Security installation |
178.255.82.5 |
download. comodo.com |
HTTPS |
Client Communication |
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
|||
OCSP |
Dynamic load balancing |
http://ocsp. comodoca.com/ |
HTTPS |
||
CRL |
Dynamic load balancing |
http://crl.comodoca.com/ |
HTTPS |
||
FLS Lookup |
45.77.153.162 |
fls.security. comodo.com |
HTTPS |
Xcitium Client Security |
|
Update/upgrade. Requests to download. comodo.com are redirected to cdn.download. comodo.com which is managed by The CDN provider, and those IP addresses can change |
178.255.82.5 |
download. comodo.com |
HTTPS |
||
Updates/upgrades mirror |
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
||
OCSP |
Dynamic load balancing |
http://ocsp. comodoca.com/ |
HTTPS |
||
CRL |
Dynamic load balancing |
http://crl. comodoca.com/ |
HTTPS |
||
Apple push notifications |
Dynamic |
gateway.push.apple.com |
HTTPS |
Xcitium server (on premise) |
|
22 |
CCS Report Tool |
178.255.85.136 |
C1report.comodo.com |
SSH |
Xcitium Client Security |
25 | SMTP server IP |
SMTP server hostname |
SMTP | Xcitium server (on premise) | |
53 |
FLS Lookup |
45.77.153.162 |
fls.security. comodo.com |
UDP |
Xcitium Client Security |
4447 (Optional) |
FLS Lookup |
45.77.153.162 |
fls.security. comodo.com |
UDP |
Xcitium Client Security |
4448 (Optional) |
FLS Lookup |
45.77.153.162 |
fls.security. comodo.com |
UDP |
Xcitium Client Security |
389 |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
- |
Communication Client |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
- |
Xcitium server (on premise) |
|
636 |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
- |
Client Communication |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
- |
Xcitium server (on premise) |
|
2195 |
Apple push notifications |
Dynamic |
gateway.push. apple.com |
- |
Xcitium server (on premise) |
6881, 6882 | Local distribution of packages | Local IP | Local hostname | TCP | Communication Client |
2196 |
Apple push notifications |
Dynamic |
gateway.push. apple.com |
- |
Xcitium server (on premise) |
19302 |
STUN server |
Dynamic (Amazon load balancing) |
stun.l. google.com |
UDP |
Remote Control |
261 | Telementry | 159.203.65.195 | tel.security. comodo.com |
HTTPS | Xcitium Client Security |
1025-65535 |
Direct connection |
IP of the CRC host AND target host |
N/A |
UDP |
Remote Control |
3478 | Peer-to-peer connection | 18.196.107.208 52.29.123.206 34.232.133.48 18.208.23.45 |
- | UDP | |
3478, 49152 - 65535 | Relay connection | 18.196.107.208 52.29.123.206 34.232.133.48 18.208.23.45 |
- | UDP |