This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.com. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.com
Check Domain endpointcentral-agent1.manageengine.com
Check Domain endpointcentral-agent2.manageengine.com
Check Domain endpointcentral-agent3.manageengine.com
Check Domain endpointcentral-agent4.manageengine.com
Check Domain endpointcentral-agentp1.manageengine.com
Check Domainendpointcentral-agentp2.manageengine.com
Check Domainendpointcentral-agentp3.manageengine.com
Check Domainendpointcentral-agentp5.manageengine.com
Check Domainendpointcentral-agent5.manageengine.com
Check Domainendpointcentral-agent6.manageengine.com
Check Domainendpointcentral-agent7.manageengine.com
Check Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to us3-dms.zoho.com to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The agent should connect to download-accl.zoho.com in order to download the manually uploaded packages in Software Deployment module. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
The agent should connect to files-me-accl.zoho.com in order to download files from server. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The Distribution server should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.com. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to the domain. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.com
Check Domain endpointcentral-agent1.manageengine.com
Check Domain endpointcentral-agent2.manageengine.com
Check Domain endpointcentral-agent3.manageengine.com
Check Domain endpointcentral-agent4.manageengine.com
Check Domain endpointcentral-agentp1.manageengine.com
Check Domainendpointcentral-agentp2.manageengine.com
Check Domainendpointcentral-agentp3.manageengine.com
Check Domainendpointcentral-agentp5.manageengine.com
Check Domainendpointcentral-agent5.manageengine.com
Check Domainendpointcentral-agent6.manageengine.com
Check Domainendpointcentral-agent7.manageengine.com
Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to us3-dms.zoho.com in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to this domain to perform on-demand operations. Check Domain
The DS should connect to us4-dms.zoho.com in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to this domain to perform on-demand operations. Check Domain
The DS should connect to download-accl.zoho.com in order to download the manually uploaded packages in Software Deployment module. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
The agent should connect to files-me-accl.zoho.com to download files from the server. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.com. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.com
Check Domain endpointcentral-agent1.manageengine.com
Check Domain endpointcentral-agent2.manageengine.com
Check Domain endpointcentral-agent3.manageengine.com
Check Domain endpointcentral-agent4.manageengine.com
Check Domain endpointcentral-agentp1.manageengine.com
Check Domainendpointcentral-agentp2.manageengine.com
Check Domainendpointcentral-agentp3.manageengine.com
Check Domainendpointcentral-agentp5.manageengine.com
Check Domainendpointcentral-agent5.manageengine.com
Check Domainendpointcentral-agent6.manageengine.com
Check Domainendpointcentral-agent7.manageengine.com
Check Domain
The DS agents should connect to us3-dms.zoho.com in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to us4-dms.zoho.com in order to perform the operations involved in installing the agents. Check Domain
The agent should connect to download-accl.zoho.com in order to download some dynamic files from the server. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
The agent should connect to download-accl.zoho.com in order to download some dynamic files from the server. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
However, if you still wish to whitelist IP for the domains:
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.eu. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.eu
Check Domain endpointcentral-agent1.manageengine.eu
Check Domain endpointcentral-agentp1.manageengine.eu
Check Domain endpointcentral-agent2.manageengine.eu
Check Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to eu1-dms.zoho.eu to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The agent should connect to download-accl.zoho.eu in order to download the manually uploaded packages in Software Deployment module. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.eu. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to the domain. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.eu
Check Domain endpointcentral-agent1.manageengine.eu
Check Domain endpointcentral-agentp1.manageengine.eu
Check Domain endpointcentral-agent2.manageengine.eu
Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to eu1-dms.zoho.eu in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to this domain to perform on-demand operations. Check Domain
The DS should connect to eu2-dms.zoho.eu in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to this domain to perform on-demand operations. Check Domain
The DS should connect to download-accl.zoho.eu in order to download the manually uploaded packages in Software Deployment module. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.eu. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.eu
Check Domain endpointcentral-agent1.manageengine.eu
Check Domain endpointcentral-agentp1.manageengine.eu
Check Domain endpointcentral-agent2.manageengine.eu
Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The agent should connect to download-accl.zoho.com in order to download some dynamic files from the server. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
However, if you still wish to whitelist IP for the domains:
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.com.au. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains
endpointcentral-agent0.manageengine.com.auCheck Domain
endpointcentral-agentp1.manageengine.com.auCheck Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to au1-dms.zoho.com.au to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
The Roaming agent should connect to download.zoho.com.au in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.com.au. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to the domain. Check Domain
Endpoint central distribution server will use these domains to contact endpoint central server. If regex based domain whitelisting is not supported whitelist the following domains
endpointcentral-agent0.manageengine.com.auCheck Domain
endpointcentral-agentp1.manageengine.com.auCheck Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to au1-dms.zoho.com.au in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to au2-dms.zoho.com.au in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
The DS should connect to download.zoho.com.au in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.com. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains
endpointcentral-agent0.manageengine.com.auCheck Domain
endpointcentral-agentp1.manageengine.com.auCheck Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
The ds agent should connect to download.zoho.com.au in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
However, if you still wish to whitelist IP for the domains:
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.in. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.in
Check Domain endpointcentral-agent1.manageengine.in
Check Domain endpointcentral-agentp1.manageengine.in
Check Domain endpointcentral-agentp2.manageengine.in
Check Domain endpointcentral-agentp3.manageengine.in
Check Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to in1-dms.zoho.in to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The agent should connect to download-accl.zoho.in in order to download the manually uploaded packages in Software Deployment module. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.in. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to this domain. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.in
Check Domain endpointcentral-agent1.manageengine.in
Check Domainendpointcentral-agentp1.manageengine.in
Check Domain endpointcentral-agentp2.manageengine.in
Check Domain endpointcentral-agentp3.manageengine.in
Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to in1-dms.zoho.in in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to this domain in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to download-accl.zoho.in in order to download the manually uploaded packages in Software Deployment module. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.com. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.in
Check Domain endpointcentral-agent1.manageengine.in
Check Domain endpointcentral-agentp1.manageengine.in
Check Domain endpointcentral-agentp2.manageengine.in
Check Domain endpointcentral-agentp3.manageengine.in
Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The agent should connect to download-accl.zoho.com in order to download some dynamic files from the server. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
However, if you still wish to whitelist IP for the domains:
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.jp. Check Domain
Endpoint central agents will use this domain to contact endpoint central serversCheck Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to jp1-dms.zoho.jp to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
The Roaming agent should connect to download.zoho.jp in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.jp. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to this domain. Check Domain
Endpoint central distribution server will use this domain to contact endpoint central server.Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to jp1-dms.zoho.jp in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to jp2-dms.zoho.jp in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
The DS should connect to download.zoho.jp in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.jp. Check Domain
Endpoint central agents will use this domain to contact endpoint central serversCheck Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
The ds agent should connect to download.zoho.jp in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
However, if you still wish to whitelist IP for the domains:
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.cn. Check Domain
Endpoint central agents will use this domain to contact endpoint central servers Check Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to cn2-dms.zoho.com.cn to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to cn3-dms.zoho.com.cn for the user to be able to scan his system immediately. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
The Roaming agent should connect to download.zoho.com.cn in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.cn. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to this domain. Check Domain
Endpoint central distribution server will use this domain to contact endpoint central server. Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to cn2-dms.zoho.com.cn in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to this website to perform on-demand operations. Check Domain
The DS should connect to cn3-dms.zoho.com.cn in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to this website to perform on-demand operations. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
The DS should connect to download.zoho.com.cn in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.com. Check Domain
Endpoint central agents will use this domain to contact endpoint central servers Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
The ds agent should connect to download.zoho.com.cn in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
However, if you still wish to whitelist IP for the domains:
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.ca. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.ca
Check Domain endpointcentral-agentp1.manageengine.ca
Check Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to ca1-dms.zohocloud.ca to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
The Roaming agent should connect to download.zohoone.ca in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.ca. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to this domain. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.ca
Check Domain endpointcentral-agentp1.manageengine.ca
Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to ca1-dms.zohocloud.ca in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to ca2-dms.zohocloud.ca in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
The DS should connect to download.zohoone.ca in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.ca. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.ca
Check Domain endpointcentral-agentp1.manageengine.ca
Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
The ds agent should connect to download.zohoone.ca in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
However, if you still wish to whitelist IP for the domains:
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
This is the server's URL. The roaming agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.uk. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.uk
Check Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to uk1-dms.zoho.uk to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The Roaming agent should connect to downloads.zohocdn.com in order to download new agent binaries that are required during upgrade process. Check Domain
The Roaming agent should connect to download.zoho.ca in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
The replication of patches is done in the DS. The DS will then update the replication status to the server, for which it has to connect to desktopcentral.manageengine.uk. The remote office/WAN agents will contact the server to update the task status, for which it has to connect to this domain. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.uk
Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to uk1-dms.zoho.uk in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to uk2-dms.zoho.uk in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to downloads.zohocdn.com in order to download new agent/DS binaries that are required during upgrade process. Check Domain
The DS should connect to download.zoho.uk in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
The DS agent updates the task status to the cloud server and in order to ensure seamless agent-server communication, the agent has to connect to desktopcentral.manageengine.uk. Check Domain
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.uk
Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
The ds agent should connect to download.zoho.uk in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
However, if you still wish to whitelist IP for the domains:
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
This document provides the list of approved domains and IP addresses which are required for seamless agent-server communication.
Communication across remote offices is possible in the following ways:
Direct communication (Roaming users)
Roaming users directly contact the cloud server. Since these users are constantly roaming, they can't be managed by a central server. Therefore, the roaming agents should connect to these websites:
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.uk
Check Domain
This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com. Check Domain
The roaming agent has to connect to patchdatabase.manageengine.com in order to download dependent patches from the Endpoint Central Server. Check Domain
The roaming agent has to connect to in1-dms.zoho.in to perform on-demand operations. For instance, a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. Check Domain
The agent should connect to this domain for the user to be able to scan his system immediately. Check Domain
The agent should connect to download-accl.zoho.in in order to download the manually uploaded packages in Software Deployment module. Check Domain
The Roaming agent should connect to files.zoho.sa in order to download new agent binaries that are required during upgrade process. Check Domain
Through Distribution Server
Distribution server is a component which allows you to download patch binaries from the respective vendor websites and distribute it to all the remote office computers managed under the DS. The DS should connect to these websites:
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.uk
Check Domain
The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com. Check Domain
The DS has to connect to this website in order to download the dependent patches from the Endpoint Central Server. Check Domain
The DS should connect to sa1-dms.zoho.sa in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to this domain in order to perform the operations involved in installing the agents using local AD without being interrupted. The remote office/WAN agents should connect to these websites to perform on-demand operations. Check Domain
The DS should connect to download-accl.zoho.in in order to download the manually uploaded packages in Software Deployment module. Check Domain
The DS should connect to files.zoho.sa in order to download new agent/DS binaries that are required during upgrade process. Check Domain
Distribution Server agents
The agents which belong to remote office/WAN should connect to these domains:
Endpoint central agents will use these domains to contact endpoint central servers. If regex based domain whitelisting is not supported whitelist the following domains:
endpointcentral-agent0.manageengine.uk
Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The DS agents should connect to this domain in order to perform the operations involved in installing the agents. Check Domain
The agent should connect to download-accl.zoho.com in order to download some dynamic files from the server. Check Domain
The ds agent should connect to downloads.zohocdn.com in order to download localization contents. Check Domain
Here's the list of IP addresses that are required to be added to the whitelist
It is strongly recommended to whitelist the domain instead of whitelisting the IP address as these domains are using GeoDNS , i.e. The IP address of the domain's will change based on geolocation of the user.
However, if you still wish to whitelist IP for the domains:
Navigate to the command prompt and execute the command- nslookup <domain> and get the IP as shown in the images below.
These Ports must be enabled for communication between the agent and the server
Port | Purpose | Type | Connection |
---|---|---|---|
443 | For communication between the agent or distribution server and the Endpoint Central server. Source: Agent/Distribution server Destination: Endpoint Central server | HTTPS | Outbound from Agent/DS |
443 | The Notification server port is responsible for communicating on-demand operations from the server to the agent. Source: Agent/Distribution server Destination: Notification server | WSS | Outbound from Agent/DS |
8384 | For communication between remote agent and distribution server Source: Agent Destination: distribution server | HTTPS | Inbound to distribution server |
Exclude these Domains in the firewall and proxy settings -
Allow the following ports in your firewall settings -
TCP and WebSocket ports 443.
Exclude the following directories from your firewall and anti-virus settings -