Supportartiklar WithSecure Elements Announcements

Network addresses for WithSecure Elements (cloud-managed products)

For most customers, WithSecure Elements products will function correctly without needing to know which servers the products connect to.

However, some administrators tightly control which network addresses they allow their clients to connect to (“Egress control” or “outbound connections”), and it is mandatory that they allow connections to the following addresses. WithSecure cannot guarantee the functionality of the products if access to these addresses is blocked.

The product may not function correctly if access to these network addresses is not allowed.

Please note that all the following require outbound connections to TCP/443 unless otherwise stated.

Additionally, any products listed in this document also includes F-Secure branded versions of the same products.

Recommendations

WithSecure recommends, where possible, that administrators allow outbound access to all address under the withsecure.com and fsapi.com domains. We do appreciate that this is not always possible due to firewall configuration limitations, or even from an operational perspective, so we are publishing an explicit list of server addresses.

In addition, there are some addresses from other domains (such as amazonaws.com), and these should be explicitly added as individual addresses, and never added as a wildcard firewall entry

Please note that we do not guarantee this list of addresses is complete or will stay unchanged, so we strongly recommend bookmarking these articles for future reference. We will update these articles whenever needed.

WithSecure Elements endpoint agents will be updated automatically, but administrators should prepare for this in advance by ensuring endpoints can reach the following addresses.

Important notes

Some service addresses are specific to geographical regions

For example, some servers are dedicated to customers in EMEA (Europe, Middle East, Africa), AMER (the Americas), and APAC (Asia Pacific). We indicate these where relevant, and administrators only need to grant access to the ones relevant to their installations.

Release Dates and Versions

At the moment, we are actively planning the releases of the Elements products that will use these new versions. Unfortunately, we cannot give the dates or versions, but we will update this article with that information as soon as possible. In the meantime, we advise our customers with egress rules for their firewalls to already pre-configure the required access.

WithSecure Elements

Unless explicitly marked as "Existing Address" or "New Address", the following are applicable before and after the change.

Remote fsdiag upload server

ane1-fsdiag-upload.s3.ap-northeast-1.amazonaws.com (APAC)
ew1-fsdiag-upload.s3.eu-west-1.amazonaws.com (EMEA)
ue1-fsdiag-upload.s3.amazonaws.com (AMER)

WithSecure COSMOS Server

client-api.public.prod.ew1.cosmos-prd.fsapi.com (EMEA)
client-api.public.prod.ue1.cosmos-prd.fsapi.com (AMER)
client-api.public.prod.ane1.cosmos-prd.fsapi.com (APAC)

WithSecure Doorman server

psb-emea.doorman.fsapi.com (EMEA)
psb-amer.doorman.fsapi.com (AMER)
psb-apac.doorman.fsapi.com (APAC)
baseguard.doorman.fsapi.com
api.doorman.fsapi.com

WithSecure Entitlements server

provisioning.ew1.entitlements.fsapi.com (EMEA)
provisioning.ue1.entitlements.fsapi.com (AMER)
provisioning.ane1.entitlements.fsapi.com (APAC)
provisioning.global.entitlements.fsapi.com

WithSecure Download Servers (Existing addresses)

download.sp.f-secure.com
download.f-secure.com
download.withsecure.com

WithSecure Download Servers (New address)

download.fsapi.com

WithSecure EDR response servers

ac3ujg1ortm4c-ats.iot.eu-west-1.amazonaws.com (also TCP/8883) (EMEA)
ac3ujg1ortm4c-ats.iot.us-east-1.amazonaws.com (also TCP/8883) (AMER)
ac3ujg1ortm4c-ats.iot.ap-northeast-1.amazonaws.com (also TCP/8883) (APAC)

c3hquxgihnj763.credentials.iot.eu-west-1.amazonaws.com (EMEA)
c3hquxgihnj763.credentials.iot.us-east-1.amazonaws.com (AMER)
c3hquxgihnj763.credentials.iot.ap-northeast-1.amazonaws.com (APAC)

ew1-famp-prd-system-transfer.s3.eu-west-1.amazonaws.com (EMEA)
ew1-famp-prd-system-transfer.s3.us-east-1.amazonaws.com (AMER)
ew1-famp-prd-system-transfer.s3.ap-northeast-1.amazonaws.com (APAC)

agent-api.ew1.famp.fsapi.com (EMEA)
agent-api.ue1.famp.fsapi.com (AMER)
agent-api.ane1.famp.fsapi.com (APAC)

WithSecure GUTS2 Server (Existing address)

guts2.sp.f-secure.com (also TCP/80)

WithSecure GUTS2 Server (New address)

guts2.fsapi.com (also TCP/80)

WithSecure KARMA Server

a.karma.sc2.fsapi.com

WithSecure Mind Server

restmc.mind.sc2.fsapi.com

WithSecure Push Poll Server

poll.push.fsapi.com (EMEA)
poll.push-na.fsapi.com (AMER)
poll.push-apac.fsapi.com (APAC)

Push Register Server

registrar.push.fsapi.com (EMEA)
registrar.push-na.fsapi.com (AMER)
registrar.push-apac.fsapi.com (APAC)

WithSecure DIS Server

api.disobus.fsapi.com

WithSecure SPI Server

eu1.spi.psb.fsapi.com (EMEA)
us2.spi.psb.fsapi.com (AMER)
jp3.spi.psb.fsapi.com (APAC)
eu4.spi.psb.fsapi.com (EMEA)
eu-smi-eu.spi.psb.fsapi.com (EMEA)

Update Service (New address)

api.prd.glb.us-prd.fsapi.com

CCR Service

692.psb.prd.gw.fsapi.com (APAC)
apac.psb.prd.gw.fsapi.com (APAC)
691.psb.prd.gw.fsapi.com (EMEA)
6910.psb.prd.gw.fsapi.com (EMEA)
694.psb.prd.gw.fsapi.com (EMEA)
emea.psb.prd.gw.fsapi.com (EMEA)
emea2.psb.prd.gw.fsapi.com (EMEA)
emea3.psb.prd.gw.fsapi.com (EMEA)
710.psb.prd.gw.fsapi.com (AMER)
amer.psb.prd.gw.fsapi.com (AMER)

WithSecure Elements Vulnerability Management

If you are using WithSecure Elements Vulnerability Management, you additionally need to grant access to the following services

After the change

api.radar-prd.fsapi.com

This is the main address of the Elements VM REST API, that is used by customers and Scan Nodes.
NOTE: Any customer or partner integrations will need to change to this address to avoid loss of functionality. This change can already be made, the new DNS name is already functional and working as a direct replacement.

sn-api.radar-prd.fsapi.com

Radar Update Service address, used to manage Scan Nodes and deliver product and engines updates to them.

updates-api.radar-prd.fsapi.com

Secondary Radar Update Service address used to manage all VM Portals, publish vulnerability coverage and serve some smaller use cases.

accessory.radar-prd.fsapi.com

Callback service used by scanning engines to verify remote code execution vulnerabilities.

Before the change

api.radar.f-secure.com

Main address of the Elements VM REST API, that is uses by customers and Scan Nodes.
Note: This address will be retired. This means that any integrations to the VM REST API will stop working. The replacement address api.radar-prd.fsapi.com is already functional and can be used as a drop-in replacement when using the REST API.

updates.radar.f-secure.com

Radar Update Service address, used to manage Scan Nodes and deliver product and engines updates to them.

updates-api.radar.f-secure.com

Secondary Radar Update Service address used to manage all VM Portals, publish vulnerability coverage and serve some smaller use cases.

accessory.radar.f-secure.com

Callback service used by scanning engines to verify remote code execution vulnerabilities.