Update enterprise firewall, on-premise proxy, and allowlists
These domains, IP addresses, and ports are required to automatically upgrade from a ETP Client version that is later than 1.2.2.
|Domain or IP Address||Protocol||Port||Direction|
This is the firewall setting for DNS over TLS (DoT). DoT is currently in beta.
|TCP||443 or 853
The port configuration depends on the port that’s selected for DoT in the policy.
If ETP Client cannot forward requests to ETP because outbound UDP port 53 is blocked in your firewall, the local DNS server handles requests. The end user machine is protected only when it’s on the corporate network where the enterprise resolver is configured to forward DNS queries to ETP. ETP Client cannot report the machine name in this situation. As a result, threat events reported for ETP Client machines will not contain the machine name. To better protect end user machines and generate useful reporting data, in the enterprise firewall, make sure that you open outbound UDP port 53 to the primary and secondary ETP DNS servers.