For many customers, WithSecure products will function correctly without needing to know which servers the products connect to.
However, some administrators tightly control which network addresses they allow their clients to connect to (“Egress control” or “outbound connections”), and it is mandatory that they allow connections to the following addresses. WithSecure cannot guarantee the functionality of the products if access to these addresses is blocked.
Please note that all the following require outbound connections to TCP/443 unless otherwise stated.
Additionally, any products listed in this document also includes F-Secure branded versions of the same products.
Recommendations
WithSecure recommends, where possible, that administrators allow outbound access to all address under the withsecure.com and fsapi.com domains. We do appreciate that this is not always possible due to firewall configuration limitations, or even from an operational perspective, so we are publishing an explicit list of server addresses.
Please note that we do not guarantee this list of addresses is complete or will stay unchanged, so we strongly recommend bookmarking these articles for future reference. We will update these articles whenever needed.
WithSecure Business Suite
Business Suite includes:
- WithSecure Policy Manager (Windows & Linux)
- WithSecure Policy Manager Proxy (Windows & Linux)
- WithSecure Client Security (including Premium, Mac)
- WithSecure Server Security (including Premium)
- WithSecure Linux Security 64
For environments that only connect to the internet via the Policy Manager, it is enough to ensure that the Policy Manager (or Policy Manager Proxy) can reach these services. For environments using a combination of Business Suite and Endpoint Detection and Response, the EDR endpoints will need direct access to some of these services.
Business Suite 16 onwards
corp-reg.fsapi.com
- This server is used by Policy Manager for license registration. Blocking this server will prevent license validation.
guts2-old.fsapi.com (also TCP/80)
- This server is used by Policy Manager to serve updates for 15.x clients. Please note that this service will cease on 30 September 2024
guts2.fsapi.com (also TCP/80)
- This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.
a.karma.sc2.fsapi.com
restmc.mind.sc2.fsapi.com
api.doorman.fsapi.com
- Backend services needed for Security Cloud functionality
baseguard.doorman.fsapi.com
api.disobus.fsapi.com
- Backend services required for EDR for Business Suite to function
api.prd.glb.us-prd.fsapi.com
- Used to control updates for Linux Security
Business Suite 15 and earlier (only valid until September 30th 2024)
corp-reg.f-secure.com
- This server is used by Policy Manager for license registration. Blocking this server will prevent license validation.
guts2.sp.f-secure.com (also TCP/80)
- This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.Note: This service ends on September 30th 2024
a.karma.sc2.fsapi.com
api.doorman.fsapi.com
restmc.mind.sc2.fsapi.com
- Backend services needed for Security Cloud functionality
baseguard.doorman.fsapi.com
api.disobus.fsapi.com
- Backend services required for EDR for Business Suite to function
update.sebe.fsapi.com
- Used to control updates for Linux Security
WithSecure Email and Server Security
While WithSecure Email and Server Security is not part of Business Suite, the network addresses needed are the same as for Business Suite, with the addition of a couple of extra address
ESS version 16 onwards
aspam.sp.f-secure.com
aspam.fsapi.com
- These services are used to check email content for Spam in the ESS product.
ESS version 15 and earlier
aspam.sp.f-secure.com
- This service is used to check email content for Spam in the ESS product.
WithSecure Atlant
Future versions (version number to be confirmed)
guts2.fsapi.com (also TCP/80)
- This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.
api.prd.glb.us-prd.fsapi.com
- Used to control updates for WithSecure Atlant
aspam.sp.f-secure.com
aspam.fsapi.com
- These services are used to check email content for Spam in the Atlant product.
rpmrepo.fsapi.com
- This service is used to deliver updates to the Atlant Virtual Appliance
a.karma.sc2.fsapi.com
baseguard.doorman.fsapi.com
- Backend services needed for Security Cloud functionality
provisioning.ew1.entitlements.fsapi.com
api.disobus.fsapi.com
- These services are only used when license key is used for Atlant. They are not required when a license file is used
Older versions (version number to be confirmed)
guts2.sp.f-secure.com (also TCP/80)
- This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.
update.sebe.fsapi.com
- Used to control updates for WithSecure Atlant
orsp.f-secure.com (also TCP/80)
*.orsp.f-secure.com (also TCP/80)
- These services are used to handle cloud reputation requests
aspam.sp.f-secure.com
- These services are used to check email content for Spam in the Atlant product.
rpmrepo.sp.f-secure.com
- This service is used to deliver updates to the Atlant Virtual Appliance
baseguard.doorman.fsapi.com
provisioning.ew1.entitlements.fsapi.com
api.disobus.fsapi.com
- These services are only used when license key is used for Atlant. They are not required when a license file is used