Related Articles

Domains required for Agent communication

This document provides the list of domains which are required for seamless agent communication with the server.

  • Domain Whitelist
  • IP Whitelist

Communication across remote offices is possible in two ways:

  • Direct communication - Roaming users
  • Through Distribution Server(DS)

Direct communication - Roaming users

Roaming users directly contact the Patch cloud server. Since these users are constantly roaming, they can't be managed by a central server.

Therefore, the roaming agents should connect to these websites:

  • patch.manageengine.com
  • patchdb.manageengine.com
  • patchdatabase.manageengine.com
  • dms.zoho.com
  • us3-dms.zoho.com
  • us4-dms.zoho.com
  • downloads.zohocdn.com

patch.manageengine.com

This is the Server's URL. The Roaming Agent updates the patch status to the Patch Cloud Server. In order to contact the Patch Cloud Server, the Roaming Agent has to connect to patch.manageengine.com.

patchdb.manageengine.com

This website will have the latest patch information along with the download URLs. To find the missing patches during the scan process, the agent gets the latest patch details from the patch database, for which it has to connect to patchdb.manageengine.com.

patchdatabase.manageengine.com

The Roaming agent has to connect to patchdatabase.manageengine.com in order to download dependency patches from the Patch Manager Plus Server.

dms.zoho.com

The Roaming Agent has to connect to dms.zoho.com, to perform on-demand operations. Say a user has added a new computer to the network, and he immediately wants to scan that computer. In that case, the user should perform an on-demand operation. So, the agent should connect to dms.zoho.com. By doing so, the user will be able to scan his systems immediately.

us3-dms.zoho.com and us4-dms.zoho.com

The DS should connect to us3-dms.zoho.com and us4-dms.zoho.com in order to perform the operations involved in installing the agents using local AD without being interrupted.

downloads.zohocdn.com

The Roaming agent should connect to downloads.zohocdn.com in order to download the new agent binaries that are required during upgrade process.

Through Distribution Server(DS)

Distribution Server is a component which allows you to download patch binaries from the respective vendor websites and distributes it to all the computers managed by it.

The DS should connect to these websites:

  • patch.manageengine.com
  • patchdb.manageengine.com
  • patchdatabase.manageengine.com
  • us3-dms.zoho.com
  • us4-dms.zoho.com
  • downloads.zohocdn.com

The agents which belong to remote office/WAN should connect to these two websites:

  • patch.manageengine.com
  • us3-dms.zoho.com
  • us4-dms.zoho.com
  • In case of European domain, instead of contacting us3-dms.zoho.com and us4-dms.zoho.com, the agent, DS and roaming-users will contact eu1-dms.zoho.eu and eu2-dms.zoho.eu
  • In case of Australian domain, the agent, DS and roaming-users will contact au1-dms.zoho.com.au and au2-dms.zoho.com.au.
  • In case of Indian domain, the agent, DS and roaming-users will contact in2-dms.zoho.in and in1-dms.zoho.in

patch.manageengine.com

The replication of patches is done in the DS. The DS will then update the replication status to the Server, for which it has to connect to patch.manageengine.com.
The remote office/WAN agents will contact the Server to update the patch status. So it has to connect to patch.manageengine.com.

patchdb.manageengine.com

The DS gets the latest patch information from this website. It also downloads the patch binaries from the vendor's site through the download URL in this patchdb website. So it has to connect to patchdb.manageengine.com.

patchdatabase.manageengine.com

The DS has to connect to this website in order to download the dependency patches from the Patch Manager Plus Server.

us3-dms.zoho.com and us4-dms.zoho.com

The DS should connect to us3-dms.zoho.com and us4-dms.zoho.com in order to perform the operations involved in installing the agents using local AD without being interrupted.
The remote office/WAN agents should connect to this website to perform on-demand operations.

downloads.zohocdn.com

The DS should connect to downloads.zohocdn.com in order to download the new agent/DS binaries that are required during upgrade process.

IP Whitelist

Here's the list of IP addresses that are required to be added to the whitelist

For US region - patch.manageengine.com / desktopcentral.manageengine.com / remoteaccess.manageengine.com

  • 136.143.190.0/23
  • 204.141.42.0/23
  • 204.141.32.0/23
  • 136.143.182.0/23
  • 136.143.178.0/23
  • 136.143.176.0/23

For European region - patch.manageengine.eu / desktopcentral.manageengine.eu/ remoteaccess.manageengine.eu

  • 185.230.214.0/23
  • 185.20.209.0/24
  • 31.186.243.0/24
  • 213.244.146.0/24
  • 87.252.213.0/24
  • 89.36.170.0/24
  • 217.163.72.0/24
  • 185.172.199.0/24

For Indian region - patch.manageengine.in / desktopcentral.manageengine.in/ remoteaccess.manageengine.in

  • 103.103.196.0/24
  • 103.103.197.0/24
  • 103.117.158.0/24
  • 103.89.75.0/24
  • 103.103.198.0/24
  • 103.117.159.0/24
  • 103.89.74.0/24

For Australian region - patch.manageengine.com.au / desktopcentral.manageengine.com.au / remoteaccess.manageengine.com.au

  • 101.97.36.0/24
  • 103.138.128.0/23
  • 103.91.166.0/24
  • 165.173.191.0/24

Common for all regions (EU, IN, US & AU datacenters) - downloads.zohocdn.com

Follow the steps mentioned below to whitelist the IP for the domain downloads.zohocdn.com:

  1. Navigate to the command prompt and execute the command- nslookup download.zohocdn.com and get the IP as shown in the image below.
  2. IP Sample
  3. From the list of above mentioned IP ranges, search and whitelist the IP range which matches with the IP in step 1.

As IP changes periodically, there is a need to whitelist them regularly. To avoid this, it is advisable to whitelist the aforementioned IP's as downloads.zohocdn.com is a CDN server for which the IP will be resolved using a GeoDNS.

  • Patch Management

Ensure that the configured Proxy settings has permission to download the installabe files from the below mentioned websites

  1. http://download.microsoft.com - for Microsoft applications
  2. http://download.cdn.mozilla.net/ - for Mozila Firefox & Mozilla Thunderbird
  3. http://*.adobe.com - for Adobe patches, flash player, Adobe air
  4. http://fpdownload.macromedia.com - for Adobe Shockwave Player
  5. http://javadl.sun.com - for Java updates
  6. http://*.apple.com/ - for Mac OS updates, Quick time player, Itunes  & JRE 1.6
  7. http://cache-download.real.com - for Real player
  8. http://*.oracle.com/ - for JRE 1.7
  9. http://*.sourceforge.net/ - for Open Office
  10. http://dl.google.com - for Google chrome s
  11. http://ftp.jaist.ac.jp - for Mozilla Firefox 3.6
  12. http://www.piriform.com - for CCleaner
  13. http://www.tightvnc.com - for TightVNC
  14. http://*.videolan.org/ - for TightVNC
  15. http://*.tuxfamily.org - for Notepad ++
  16. http://www.rarlab.com - for WinRAR
  17. http://cdn01.foxitsoftware.com - for Foxit Reader
  18. http://ftp.iitm.ac.in - for Libre Office
  19. https://*.cdburnerxp.se- for CDBurnerXP
  20. http://download.winzip.com - for Winzip
  21. http://*.download.pdfforge.org - PDF Architect
  22. http://allwaysync.com - for AllwaySync
  23. http://ftp.gimp.org - for GIMP
  24. http://www.7-zip.org/ - for 7 Zip
  25. http://ftp5.gwdg.de/ - for Libre Office
  26. http://download.skype.com/ - for Skype
  27. http://notepad-plus-plus.org - For Notepad++
  28. http://download3.vmware.com/ - For VMware Player 7
  29. http://download-installer.cdn.mozilla.net/ - for Mozila Firefox