Exceptions List of Proxy Server

Certain domains are needed to update the patch details in the patch database. The server reaches out to servers like the APN, FCM and WNS server to contact managed mobile devices.

The following domain needs to be added to the exception list of the proxy server for the Endpoint Central module and upgradation to function without any errors:

• patchdb.manageengine.com
• updates.manageengine.com
• updates-us.managengine.com (For US region)

Ensure that the configured Proxy settings has permission to download the installable files from the below mentioned websites.

For Red Hat Linux machines, the below given website must be given appropriate permissions for it to be accessible from the product server.

• https://access.redhat.com/ (below 11.3.2440 build)
• https://cdn.redhat.com/- (above 11.3.2440 build)

Similarly, for SUSE Linux machines, ensure that the following domains are reachable from the server.

• https://scc.suse.com/subscriptions
• https://updates.suse.com

For log upload and troubleshooting, ensure that the following domains are reachable from the server:

• https://creator.zoho.com
• https://bonitas.zohocorp.com
• bonitas.zohocorp.eu(for EU region users)

Note:

• If you are from the EU region, ensure that all three domains are configured.
• If you are not from the EU region, only the first two domains need to be configured.

For downloading WinPE tools and drivers, ensure that these domains are reachable from the server:

1. https://learn.microsoft.com/ - To download WinPE ADK tool
2. https://www.dell.com/ - To download WinPE drivers
3. https://ftp.hp.com/ - To download WinPE drivers
4. https://support.lenovo.com/ - To download WinPE drivers

List of domains to be added in the exceptions list for the browser security module:

1. For downloading Firefox extensions:

• https://addons.mozilla.org/firefox/downloads/*

2. For downloading Edge extensions:

• https://microsoftedge.microsoft.com/addons/getproductdetailsbycrxid/*
• https://microsoftedge.microsoft.com/insider-addons/getproductdetails/*
• http://store-images.s-microsoft.com/

3. For downloading Chrome extensions:

• https://clients2.google.com/*
• https://clients2.googleusercontent.com/*

4. If the Browser Security Plus extension is enabled in the agent settings, include the domain mentioned below:

• https://downloads.zohocdn.com/bsp-desktop/*

For log upload and troubleshooting, ensure that the following domains are reachable from the server:

1. https://creator.zoho.com
2. https://bonitas.zohocorp.com
3. bonitas.zohocorp.eu(for EU region users)

To manage all mobile devices from a centralized location, the following domains must be open. This will ensure that the product server will be able to reach the APN, FCM and WNS server.

Allowed only in the Server and Device

For iOS:

• https://gateway.push.apple.com
• https://api.push.apple.com
• https://itunes.apple.com:443
• http://itunes.apple.com:80
• https://deploy.apple.com
• https://vpp.itunes.apple.com
• albert.apple.com
• iprofiles.apple.com
• crl3.digicert.com
• crl4.digicert.com
• ocsp.digicert.com
• setup.icloud.com
• gateway.icloud.com

Allowed in the Corporate Network Firewall

For Non-Samsung Devices:

• *.googleapis.com
• play.google.com
• android.com
• google-analytics.com
• googleusercontent.com
• gstatic.com
• *.gvt1.com
• *.gvt2.com
• *.gvt3.com
• *.ggpht.com
• dl.google.com
• dl-ssl.google.com
• androidclients.google.com
• gcm-http.googleapis.com
• gcm-xmpp.googleapis.com
• android.googleapis.com
• fcm.googleapis.com
• fcm-xmpp.googleapis.com
• pki.google.com
• clients1.google.com
• clients[2...6].google.com
• *.zoho.com:443
• *.zohoassist.com:443
• googleapis.com:443
• accounts.google.com:443
• notifications.google.com:443
• https://mdmdatabase.manageengine.com

For Samsung Knox Enrollment:

• *.samsungknox.com:443
• *.samsungknox.com:80
• *.secb2b.com:443
• *.secb2b.com:80
• https://eula.secb2b.com:80
• https://eula.secb2b.com:443
• https://umc-cdn.secb2b.com:80
• https://umc-cdn.secb2b.com:443
• https://dir-apis.samsungdm.com:443
• https://account.samsung.com:443
• https://us-kme.samsungknox.com
• https://us-kme.api.samsungknox.com
• https://us-kme.api.mssl.samsungknox.com
• https://us-kme-reseller.samsungknox.com
• https://mdmdatabase.manageengine.com

Allowed Only in the Server

For All Platforms:

• https://patchdb.manageengine.com
• https://creator.zoho.com
• https://mdm.manageengine.com:443

For iOS:

• https://uclient-api.itunes.apple.com
• *.zohoassist.com:443

For Windows:

• https://login.live.com
• https://*.notify.windows.com
• https://*.wns.windows.com
• https://*notify.live.net

For Non-Samsung Devices:

• *.googleapis.com
• *.zoho.com:443
• *.zohoassist.com:443
• googleapis.com:443
• accounts.google.com:443

Allowed Only in the Device

For iOS:

• https://ax.init.itunes.apple.com
• https://ppq.apple.com
• http://is2.mzstatic.com
• ocsp.apple.com
• https://buy.itunes.apple.com/

For Non-Samsung Devices:

• https://www.google.com
• mtalk.google.com:5228
• mtalk.google.com:5229
• mtalk.google.com:5230
• android.clients.google.com:443

For Samsung Devices:

1. China-only:

• https://china-gslb.secb2b.com.cn:443
• https://china-elm.secb2b.com.cn:443
• https://china-knox.secb2b.com.cn:443
• https://china-b2c-klm.secb2b.com.cn:443
• https://china-prod-klm.secb2b.com.cn:443

2. United States of America-only:

• https://gslb.secb2b.com:443
• https://gsl.samsunggsl.com:443
• https://us-prod-klm-b2c.secb2b.com:443
• https://us-prod-klm.secb2b.com:443
• https://usprod-knoxlog.secb2b.com
• https://us-elm.secb2b.com:443
• https://us-knox.secb2b.com:443
• https://us-b2c-klm.secb2b.com:443

3. All Other Countries:

• https://gslb.secb2b.com:443
• https://gsl.samsunggsl.com:443
• https://eu-elm.secb2b.com:443
• https://eu-knox.secb2b.com:443
• https://eu-prod-klm-b2c.secb2b.com:443
• https://eu-prod-klm.secb2b.com:443