Complete ESET endpoint security port and address reference lists for firewall configuration and network policy management. Essential for sysadmins deploying ESET in managed environments.
Addresses.txt-- All IP addresses grouped by ESET service categoryDomains.txt-- All FQDNs grouped by ESET service category
Split by logical ESET service tier for targeted firewall rules:
| File | Covers |
|---|---|
services/updates.txt |
Detection engine updates, pico updates, product installers |
services/endpoint.txt |
Antispam, web control, anti-theft, password manager, ESA, SSL check |
services/protect-console.txt |
PROTECT on-prem & cloud, EPNS, MDM, MSP, syslog, ESET Connect |
services/livegrid.txt |
LiveGrid reputation, advanced machine learning (Augur) |
services/edtd.txt |
EDTD/LiveGuard sandbox, threat telemetry, ESET Inspect (XDR) |
services/activation.txt |
Licensing, activation, version checks, PKI, telemetry |
eset-endpoints.json-- Structured JSON with fields:service,category,hosts,ips,ipv6,ports,protocol,direction,notes,source
Ready-to-import files for common firewall platforms:
| File | Platform |
|---|---|
exports/pfsense-aliases.xml |
pfSense / OPNsense alias import |
exports/fortigate-addresses.conf |
FortiGate address object + group CLI |
exports/paloalto-addresses.xml |
Palo Alto Networks address group XML |
exports/mikrotik-addresslist.rsc |
MikroTik RouterOS /ip firewall address-list script |
exports/cisco-asa-objects.txt |
Cisco ASA / Firepower object-group config |
exports/windows-firewall.cmd |
Windows Firewall netsh advfirewall batch script |
exports/eset-allowlist-hosts.txt |
Plain FQDN list for DNS allowlists / proxy bypass |
Generate-Exports.ps1-- Regenerates all export files fromeset-endpoints.jsonTest-ESETReachability.ps1-- Tests connectivity to every listed endpoint from the current host
Use the per-service files or export files directly. Import into your firewall management tool or reference during ESET deployment.
After editing eset-endpoints.json, regenerate all export formats:
.\Generate-Exports.ps1Verify your network can reach all required ESET endpoints:
# Test all endpoints (TCP connect)
.\Test-ESETReachability.ps1
# Test only update servers
.\Test-ESETReachability.ps1 -Service updates
# Quick DNS-only check
.\Test-ESETReachability.ps1 -DnsOnlyarchitecture.mmd-- Mermaid diagram showing Endpoint to PROTECT to LiveGrid to Update flows with ports labeled per hop. Render with any Mermaid-compatible viewer or paste into mermaid.live.
- Test DNS resolution:
nslookup update.eset.com - Test TCP 443 to update server:
Test-NetConnection update.eset.com -Port 443 - Test TCP 80 fallback:
Test-NetConnection update.eset.com -Port 80 - If using ESET Bridge/proxy, verify
login.microsoftonline.com:443is reachable - Check
pico.eset.com:443for micro-update delivery - Run
.\Test-ESETReachability.ps1 -Service updatesfor a full check
- Test DNS:
nslookup livegrid.eset.systems - Test TCP 443:
Test-NetConnection c.eset.com -Port 443 - Test DNS-based lookups:
nslookup e5.sk(must resolve) - Verify UDP 53 is not blocked outbound to ESET DNS servers
- Run
.\Test-ESETReachability.ps1 -Service livegrid
- Test
expire.eset.com:443 - Test
proxy.eset.com:443(activation proxy) - Test
pki.eset.com:443(certificate validation) - For mobile: test
reg01.eset.comthroughreg04.eset.com - Run
.\Test-ESETReachability.ps1 -Service activation
- Verify EPNS broker connectivity:
Test-NetConnection h1-epnsbroker01.eset.com -Port 8883 - For cloud: test
protect.eset.com:443and your regional endpoint (e.g.,us02.protect.eset.com) - For MDM: test
checkin.<region>.mdm.eset.com:443 - Run
.\Test-ESETReachability.ps1 -Service protect-console
- Test
r.edtd.eset.com:443(result retrieval) - Test
d.edtd.eset.com:443(file submission) - Verify threat telemetry:
Test-NetConnection tsm09.eset.com -Port 443 - Run
.\Test-ESETReachability.ps1 -Service edtd
| Port | Protocol | Used By |
|---|---|---|
| 80/tcp | HTTP | Updates (fallback), repository downloads |
| 443/tcp | HTTPS | All services (primary) |
| 53/udp | DNS | LiveGrid reputation, antispam lookups |
| 8883/tcp | MQTT/TLS | EPNS push notifications |
| 8443/tcp | HTTPS | PROTECT Cloud agent communication |
| 5228/tcp | FCM | Android push via Firebase Cloud Messaging |
| 2195-2196/tcp | APNs | iOS push via Apple Push Notification service |
| 6710-6711/tcp | TCP | Antispam greylisting database |
| 514/tcp | Syslog | PROTECT Cloud syslog forwarding |
| 601/tcp | Syslog/TCP | PROTECT Cloud syslog (reliable) |
| 6514/tcp | Syslog/TLS | PROTECT Cloud syslog (encrypted) |
| 21/tcp | FTP | Legacy FTP access (ftp.eset.sk) |
| 25/tcp | SMTP | Inbound email from ESET notification server |
Compiled from official ESET documentation and verified against production environments. Primary source: ESET KB332.
MIT License