Appendix 1b: Xcitium Enterprise Services - IP Nos, Host Names and Port Details - US Customers
Note: This page contains information for customers located in the USA. Click here to see
-
Xcitium Enterprise communicates with Xcitium servers and your devices to issue commands, run virus scans, deploy updates and more.
-
You need to configure your firewall accordingly to allowthese connections .
- All client to server communications
are encrypted over https connections using the strongest TLS protocols, RSA 2048 bit keysand SHA 256 algorithms.
-
The tables on this page show firewall requirements for the following Xcitium services:
Communication Client (CC) |
|||||
---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Criticality and notes |
CC |
Communication between device and Xcitium server |
subdomain.itsm-us1.comodo.com |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
Enrollment |
To get client certificates |
mdmsupport.comodo.com (up to CCC 6.29) mdmsupport.cmdm. comodo.com (CCC 6.30+) mdmsupport.itsm-us1.comodo.com (CCC 6.30+) |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
Monitoring and alerts |
Access to Monitoring and alerts server |
plugins.itsm-us1.comodo.com |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
File rating management |
Access to Local Verdict Server |
subdomain.itsm-us1.comodo.com |
Dynamic (Amazon load balancing) |
443 |
Optional This is for reporting data from XCS |
Windows push service (XMPP) |
Device communication (push messages) |
xmpp.itsm-us1.comodo.com |
18.197.167.137 34.227.128.175 174.129.244.210 |
443 |
Mandatory |
LDAP synchronization |
Synchronization with LDAP via device |
User's LDAP server host |
User's LDAP server IP |
389 636 (LDAPS) |
Optional For LDAP sync via device only. Related to Device to LDAP server connections only |
SSO |
Single Sign On |
one-us.comodo.com |
Dynamic (Amazon load balancing) |
443 |
Mandatory |
Client Security installation |
Download and install/upgrade Client Security agent. comodo.com are redirected to comodo.com which is managed by |
download.comodo.com |
178.255.82.5 |
443, 80 |
Optional For XCS installation/upgrade only |
cdn.download.comodo.com |
Cloudflare’s IP range: |
||||
OCSP |
Client certificate revocation checking |
http://ocsp.comodoca.com/ |
Dynamic load balancing |
80 |
Optional For mobile devices only. Windows CC do not perform CRL checking yet |
CRL |
Client certificate revocation checking |
http://crl.comodoca.com/ |
Dynamic load balancing |
80 |
Optional For mobile devices only. Windows CC does not perform CRL checks. |
3rd Party Patch Management |
3rd party applications updates |
patchportal.one-us. comodo.com |
Dynamic (Amazon load balancing) |
443 |
Optional |
Telemetry | Sending telemetry data for analysis | cescollector.cwatchapi.com | Dynamic (Amazon load balancing) |
443 | Optional |
Local distribution of packages | Distribute different types of updates via local network | Local hostname | Local IP | 6881, 6882 |
Optional. Used for updates distribution locally by torrent principle. Ports are bound by Xcitium Service. 6882 is used if 6881 is in use already. |
Xcitium Client - Security (XCS)
Client - Security (XCS) |
||||||
---|---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Protocol |
Criticality and notes |
FLS |
FLS lookup |
fls.security. comodo.com |
45.77.153.162 |
4447 (optional), 53 |
UDP |
Mandatory - choose *either* UDP or TCP for FLS |
FLS lookup |
fls.security. comodo.com |
45.77.153.162 |
4448 (optional), 80 |
TCP |
Mandatory - choose *either* UDP or TCP for FLS |
|
Verdict Cloud |
Verdict Cloud lookup |
valkyrie. comodo.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
Optional |
Submit to Verdict Cloud |
valkyrie. comodo.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
Mandatory |
|
cdn.download. comodo.com |
Update / upgrade mirror |
cdn.download. comodo.com |
Cloudflare’s IP range: 104.37.182.3 |
80 |
HTTP |
Mandatory |
cdn.download. comodo.com |
Cloudflare’s IP range: 104.37.182.3 |
443 |
HTTPS |
|||
download. comodo.com |
Update/ upgrade. comodo.com are redirected to comodo.com which is managed by |
download. comodo.com |
178.255.82.5 |
80 |
HTTP |
Mandatory |
download. comodo.com |
178.255.82.5 |
443 |
HTTPS |
Mandatory |
||
LVS |
Download the Xcitium verdicts database |
s3.us-east-1. amazonaws.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
Mandatory |
LVS lookup |
subdomain. itsm-us1.comodo.com |
Dynamic (Amazon load balancing) |
443 |
HTTPS |
||
OCSP |
Client certificate revocation checking |
http://ocsp. comodoca.com/ |
Dynamic load balancing |
80 |
- |
Optional |
CRL |
Client certificate revocation checking |
http://crl. comodoca.com/ |
Dynamic load balancing |
80 |
- |
Optional |
|
Sending telemetry data for analysis |
cis.td.security. comodo.com |
Dynamic (Amazon load balancing) | 443 | HTTPS | |
|
Sending telemetry data for analysis | tel.security. comodo.com |
159.203.65.195 | 261 | HTTPS | |
|
Sending telemetry data for analysis | api.mssp. comodo.com |
Dynamic (Amazon load balancing) | 443 | HTTPS |
Xcitium Server (on premise installation)
Xcitium Server ( |
||||
---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
|
Connection to the configured SMTP server for e-mail sending |
SMTP server hostname |
SMTP server IP |
25 |
LDAP synchronization |
Direct synchronization with LDAP |
User's LDAP server host |
User's LDAP server IP |
389 636 (LDAPS) |
Connection to Comodo Accounts Manager |
License verification |
https://accounts.comodo.com |
178.255.85.140 |
443 |
Google Cloud Messaging |
To push messages |
https://android.googleapis.com/gcm/send |
Dynamic |
443 |
Local Verdict Server |
File rating management |
Xcitium server hostname |
Xcitium server IP |
443 |
Remote Control |
||||||
---|---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Protocol |
Criticality and notes |
XMPP |
Remote Control Session (with new version of Comodo RC* |
xmpp.itsm-us1. comodo.com |
18.197.167.137 34.227.128.175 174.129.244.210 |
443 |
HTTPS |
Mandatory for both RC host and target device |
STUN server |
To receive possible network configuration, external |
stun.l. google.com |
Dynamic |
19302 |
UDP |
Mandatory for both RC host and target device for peer-to-peer and relay connections. |
Direct connection |
Establish RC and target device |
- |
IP of the |
49152 - 65535 =1025-5000 |
UDP |
Mandatory for both RC host and target device for direct connections. |
Peer-to-peer connection | Establish |
- |
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
3478 |
UDP | Mandatory for both RC host and target device for peer-to-peer connections. |
Relay connection | Establish |
- |
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
3478, 49152 - 65535 |
UDP | Mandatory for both RC host and target device for relay connections. |
Remote Control – Direct connection by traffic direction*
Outgoing Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
Local IP 1 |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
Local IP 2 |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
Incoming Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
Local IP 2 |
local port range specified in profile |
Local IP 1 |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
* - applicable to both sides - RC and target.
Remote Control - Peer to Peer Connection by traffic direction*
Outgoing Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
3478 |
UDP |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 — 65535 WinXP/2003 default port range: 1025-5000 |
stun.l.google.com |
19302 |
Incoming Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
3478 |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
stun.l.google.com |
19302 |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
* - applicable to both sides - RC and target.
Remote Control - Relay Connection by traffic direction*
Outgoing Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
49152 - 65535 |
UDP |
|
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025 - 5000 |
19302 |
UDP |
Incoming Traffic |
||||
---|---|---|---|---|
Source |
Destination |
Protocol |
||
IP |
Port |
IP |
Port |
|
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
3478, 49152 - 65535 |
Local IP |
Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
19302 |
Local IP |
local port range specified in profile Win7+/MacOS default port range: 49152 - 65535 WinXP/2003 default port range: 1025-5000 |
UDP |
* - applicable to both sides - RC and target.
Diagnostics Tools |
|||||
---|---|---|---|---|---|
Service |
Purpose |
Hostname |
IP |
Port |
Criticality and notes |
CCS Report Tool |
Collect event logs to help more effectively troubleshoot issues |
c1report.comodo.com |
178.255.85.136 |
22 |
Optional. For manual logs uploads |
This table contains the same information as the other four tables on this page but with services grouped by port number.
Settings Grouped by Port |
|||||
Port |
Service |
IP |
URL / Hostname |
Protocol |
Component |
---|---|---|---|---|---|
443 |
CC |
Dynamic (Amazon load balancing) |
subdomain.itsm-us1.comodo.com |
HTTPS |
Communication Client |
Enrollment |
Dynamic (Amazon load balancing) |
mdmsupport.comodo.com (up to CCC 6.29) comodo.com (CCC 6.30+) (CCC 6.30+) |
HTTPS |
||
Monitoring and alerts |
Dynamic (Amazon load balancing) |
plugins.itsm-us1.comodo.com |
HTTPS |
||
File rating management |
Dynamic (Amazon load balancing) |
subdomain.itsm-us1.comodo.com |
HTTPS |
||
Windows push service (XMPP) |
18.197.167.137 34.227.128.175 174.129.244.210 |
xmpp.itsm-us1.comodo.com |
HTTPS |
||
SSO |
69.4.89.244 |
one-us. comodo.com |
HTTPS |
||
3rd party patch management |
Dynamic (Amazon load balancing) |
patchportal.one-us. comodo.com |
HTTPS |
||
Client Security installation |
178.255.82.5 |
download. comodo.com |
HTTPS |
||
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
|||
Telemetry |
Dynamic (Amazon load balancing) |
cescollector. cwatchapi.com |
HTTPS |
||
Verdict Cloud |
178.255.87.4 |
valkyrie. comodo.com |
HTTPS |
Xcitium Client Security |
|
Update/upgrade. comodo.com are redirected to comodo.com which is managed by |
178.255.82.5 |
download. comodo.com |
HTTPS |
||
Updates/upgrades mirror |
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
||
FLEVEN | Dynamic (Amazon load balancing) | cis.td.security. comodo.com |
HTTPS | ||
CWATCH | Dynamic (Amazon load balancing) | api.mssp. comodo.com |
HTTPS | ||
LVS |
Dynamic (Amazon load balancing) |
s3.us-east-1. amazonaws.com |
HTTPS |
||
Dynamic (Amazon load balancing) |
subdomain.itsm-us1.comodo.com |
HTTPS |
|||
License verification |
178.255.85.140 |
accounts. comodo.com |
HTTPS |
Xcitium server (on premise) |
|
Google cloud messaging |
Dynamic |
android.googleapis. com/gcm/send |
HTTPS |
||
Apple push notifications |
Dynamic |
gateway.push. apple.com |
HTTPS |
||
Local Verdict Server |
Xcitium server IP |
Xcitium server hostname |
HTTPS |
||
XMPP |
18.197.167.137 34.227.128.175 174.129.244.210 |
xmpp.itsm-us1.comodo.com |
HTTPS |
Remote Control |
|
80 |
Client Security installation |
178.255.82.5 |
download. comodo.com |
HTTPS |
Communication Client |
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
|||
OCSP |
Dynamic load balancing |
http://ocsp.comodoca.com/ |
HTTPS |
||
CRL |
Dynamic load balancing |
http://crl. comodoca.com/ |
HTTPS |
||
FLS Lookup |
45.77.153.162 |
fls.security. comodo.com |
HTTPS |
Xcitium Client Security |
|
Update/upgrade. comodo.com are redirected to comodo.com which is managed by |
178.255.82.5 |
download. comodo.com |
HTTPS |
||
Updates/upgrades mirror |
Cloudflare’s IP range: |
cdn.download. comodo.com |
HTTPS |
||
OCSP |
Dynamic load balancing |
http://ocsp.comodoca.com/ |
HTTPS |
||
CRL |
Dynamic load balancing |
http://crl.comodoca.com/ |
HTTPS |
||
Apple push notifications |
Dynamic |
gateway.push.apple.com |
HTTPS |
Xcitium server (on premise) |
|
22 |
XCS Report Tool |
178.255.85.136 |
C1report.comodo.com |
SSH |
Xcitium Client Security |
25 | SMTP server IP |
SMTP server hostname | SMTP |
Xcitium server (on premise) | |
53 |
FLS Lookup |
45.77.153.162 |
fls.security.comodo.com |
UDP |
Xcitium Client Security |
4447 (Optional) |
FLS Lookup |
45.77.153.162 |
fls.security.comodo.com |
UDP |
Xcitium Client Security |
4448 (Optional) |
FLS Lookup |
45.77.153.162 |
fls.security.comodo.com |
UDP |
Xcitium Client Security |
389 |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
|
Comodo Client Communication |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
|
Xcitium server (on premise) |
|
636 |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
|
Communication Client |
LDAP synchronization |
User's LDAP server IP |
User's LDAP server IP |
|
Xcitium server (on premise) |
|
2195 |
Apple push notifications |
Dynamic |
gateway.push.apple.com |
|
Xcitium server (on premise) |
2196 |
Apple push notifications |
Dynamic |
gateway.push.apple.com |
|
Xcitium server (on premise) |
6881, 6882 | Local distribution of packages | Local IP | Local hostname | TCP | Communication Client |
261 | Telementry | 159.203.65.195 | tel.security. comodo.com
|
HTTPS | Xcitium Client Security |
19302 |
STUN server |
Dynamic (Amazon load balancing) |
stun.l.google.com |
UDP |
Remote Control |
Win7+/MacOS. Default port range = 49152-65535 |
Direct connection |
IP of the RC host AND target host |
N/A |
UDP |
|
3478 | Peer-to-peer connection |
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
- | UDP | |
3478, 49152 - 65535 | Relay connection |
18.196.107.208
52.29.123.206
34.232.133.48
18.208.23.45
|
- | UDP |