Aurora Endpoint Security network prerequisites

Aurora Endpoint Security agents and Aurora Protect Mobile apps require access to specific domains so that they can communicate with the cloud console.

Aurora Endpoint Security agents

Make sure your organization's network allows connections to the required domains for these components:

Port 443 (HTTPS) must be open for the Aurora Endpoint Security desktop agents to communicate with the management console.

The agents communicate over secure websockets (WSS) and must be able to establish this connection directly. Configure your organization's network to allow connections to these domains.

Note:
  • The management console is hosted by AWS and does not have fixed IP addresses. You can allow HTTPS traffic to *.cylance.com. For the cylance-optics-files-use1.s3.amazonaws.com host (and similar hosts for other regions), it is recommended to allow that specific host. It is not recommended to allow *.amazonaws.com because it can open your network to other hosts.
  • Please note that the domain api2.cylance.com is deprecated, but is kept open to support older Aurora Protect Desktop agents. api2.cylance.com directs to the same destination as api.cylance.com for the purpose of threat analysis and risk scoring.

Item

Description

North America
Required for logging in to the Endpoint Defense console:
  • login.cylance.com
  • idp.blackberry.com
  • cdn.cylance.com
  • idp.cs.cylance.com
  • download.cylance.com
Required for Aurora Protect Desktop:
  • login.cylance.com
  • data.cylance.com
  • protect.cylance.com
  • update.cylance.com
  • api.cylance.com
  • download.cylance.com
  • venueapi.cylance.com
Required for Aurora Focus:
  • cylance-optics-files-use1.s3.amazonaws.com
  • opticspolicy.cylance.com
  • content.cylance.com
  • rrws-use1.cylance.com
  • collector.cylance.com
  • scalar-api-use1.cylance.com
  • cement.cylance.com
Required for the Gateway agent:
  • idp.blackberry.com
  • quip.webapps.blackberry.com
  • us1.cs.blackberry.com

Required for the Gateway Connector: deb.nodesource.com

Required for the Gateway agent and the Gateway Connector: us1.bg.blackberry.com

For more information, see KB 42221223173659.

Asia-Pacific Northeast
Required for logging in to the Endpoint Defense console:
  • login-apne1.cylance.com
  • idp.blackberry.com
  • cdn.cylance.com
  • idp.cs.cylance.com
  • cylance-jp1.cs.cylance.com
  • apne1-consoleapi.cylance.com
  • protect-apne1.cylance.com
  • download.cylance.com
Required for Aurora Protect Desktop:
  • login-apne1.cylance.com
  • data-apne1.cylance.com
  • protect-apne1.cylance.com
  • update-apne1.cylance.com
  • api.cylance.com
  • download.cylance.com
  • venueapi-apne1.cylance.com
Required for Aurora Focus:
  • cylance-optics-files-apne1.s3.amazonaws.com
  • opticspolicy-apne1.cylance.com
  • content-apne1.cylance.com
  • rrws-apne1.cylance.com
  • collector-apne1.cylance.com
  • scalar-api-apne1.cylance.com
  • cement-apne1.cylance.com
Required for the Gateway agent:
  • idp.blackberry.com
  • quip.webapps.blackberry.com
  • jp1.cs.blackberry.com

Required for the Gateway Connector: deb.nodesource.com

Required for the Gateway agent and the Gateway Connector: jp1.bg.blackberry.com

For more information, see KB 42221223173659.

Asia-Pacific Southeast
Required for logging in to the Endpoint Defense console:
  • login-au.cylance.com
  • idp.blackberry.com
  • cdn.cylance.com
  • idp.cs.cylance.com
  • download.cylance.com
Required for Aurora Protect Desktop:
  • login-au.cylance.com
  • data-au.cylance.com
  • protect-au.cylance.com
  • update-au.cylance.com
  • api.cylance.com
  • download.cylance.com
  • venueapi-au.cylance.com
Required for Aurora Focus:
  • cylance-optics-files-apse2.s3.amazonaws.com
  • opticspolicy-au.cylance.com
  • content-apse2.cylance.com
  • rrws-apse2.cylance.com
  • collector-apse2.cylance.com
  • scalar-api-apse2.cylance.com
  • cement-au.cylance.com
  • cement-apse2.cylance.com
Required for the Gateway agent:
  • idp.blackberry.com
  • quip.webapps.blackberry.com
  • au1.cs.blackberry.com

Required for the Gateway Connector: deb.nodesource.com

Required for the Gateway agent and the Gateway Connector: au1.bg.blackberry.com

For more information, see KB 42221223173659.

Europe Central
Required for logging in to the Endpoint Defense console:
  • login-euc1.cylance.com
  • idp.blackberry.com
  • cdn.cylance.com
  • idp.cs.cylance.com
  • download.cylance.com
Required for Aurora Protect Desktop:
  • login-euc1.cylance.com
  • data-euc1.cylance.com
  • protect-euc1.cylance.com
  • update-euc1.cylance.com
  • api.cylance.com
  • download.cylance.com
  • venueapi-euc1.cylance.com
Required for Aurora Focus:
  • cylance-optics-files-euc1.s3.amazonaws.com
  • opticspolicy-euc1.cylance.com
  • content-euc1.cylance.com
  • rrws-euc1.cylance.com
  • collector-euc1.cylance.com
  • scalar-api-euc1.cylance.com
  • cement-euc1.cylance.com
Required for the Gateway agent:
  • idp.blackberry.com
  • quip.webapps.blackberry.com
  • eu1.cs.blackberry.com

Required for the Gateway Connector: deb.nodesource.com

Required for the Gateway agent and the Gateway Connector: eu1.bg.blackberry.com

For more information, see KB 42221223173659.

South America
Required for logging in to the Endpoint Defense console:
  • login-sae1.cylance.com
  • idp.blackberry.com
  • cdn.cylance.com
  • idp.cs.cylance.com
  • download.cylance.com
Required for Aurora Protect Desktop:
  • login-sae1.cylance.com
  • data-sae1.cylance.com
  • protect-sae1.cylance.com
  • update-sae1.cylance.com
  • api.cylance.com
  • download.cylance.com
  • venueapi-sae1.cylance.com
Required for Aurora Focus:
  • cylance-optics-files-sae1.s3.amazonaws.com
  • opticspolicy-sae1.cylance.com
  • content-sae1.cylance.com
  • rrws-sae1.cylance.com
  • collector-sae1.cylance.com
  • scalar-api-sae1.cylance.com
  • cement-sae1.cylance.com
Required for the Gateway agent:
  • idp.blackberry.com
  • quip.webapps.blackberry.com
  • br1.cs.blackberry.com

Required for the Gateway Connector: deb.nodesource.com

Required for the Gateway agent and the Gateway Connector: br1.bg.blackberry.com

For more information, see KB 42221223173659.

GovCloud
Required for logging in to the Endpoint Defense console:
  • login.us.cylance.com
  • idp.blackberry.com
  • idp.cs.cylance.com
  • download.cylance.com
Required for Aurora Protect Desktop:
  • login.us.cylance.com
  • data.us.cylance.com
  • protect.us.cylance.com
  • update.us.cylance.com
  • api.us.cylance.com
  • download.cylance.com
  • download.us.cylance.com
  • venueapi.us.cylance.com
Required for Aurora Focus:
  • cylance-optics-files.us.s3.amazonaws.com
  • opticspolicy.us.cylance.com
  • rrws.us.cylance.com
  • collector.us.cylance.com
  • scalar-api.us.cylance.com
  • cement.us.cylance.com

Aurora Protect Mobile app

The Aurora Protect Mobile app requires a secure, direct connection to these URLs to communicate with the Aurora Protect Mobile cloud services. If devices are connected to your organization's Wi-Fi network, your network configuration must allow connections to:
  • Aurora Protect Mobile cloud service:
    • US: https://us1.mtd.blackberry.com
    • JP: https://jp1.mtd.blackberry.com
    • EU: https://eu1.mtd.blackberry.com
    • AU: https://au1.mtd.blackberry.com
    • SP: https://br1.mtd.blackberry.com
  • Common services gateway:
    • US: https://us1.cs.blackberry.com
    • JP: https://jp1.cs.blackberry.com
    • EU: https://eu1.cs.blackberry.com
    • AU: https://au1.cs.blackberry.com
    • SP: https://br1.cs.blackberry.com
  • https://score.cylance.com
  • https://idp.blackberry.com
  • https://mobile.ues.blackberry.com