Back to top

Samsung Knox firewall exceptions

Last updated July 26th, 2023

This page lists the firewall exceptions that your organization needs to use to securely reach and connect to the Knox server and its supporting resources. It includes the URLs and port numbers that you need to allowlist in order to reach the Knox servers.

These server resources can include the following Knox services:

  • Samsung license Servers — When you activate Knox services, devices need to verify their license keys. Devices periodically check their licenses a few times a week.
  • Samsung SDS IAM & EMM — If you’re using an EMM, devices will need to access web-based EMM consoles and storage sites.
  • Samsung ActiveSync Server — If you’re using Exchange ActiveSync, you’ll need an ActiveSync Server connection so the email client can successfully reach the ActiveSync Server.

Note

If your organization doesn’t permit connections with external servers, you can request an on-premises Knox Server to handle license verification within your firewall. Samsung charges an extra fee for this service. For more information, contact your Samsung representative or reseller.

Ports 443 and 80 must be open within your local network domain to reach Knox server resources.

Note

Knox Cloud Services can utilize both Amazon Web Services (AWS) and Google Firebase. Both services may also warrant adding to the allowlist within your organization’s firewall policy.

For information on the AWS that may require allowlist inclusion, see https://ip-ranges.amazonaws.com/ip-ranges.json.

For information on the Google Firebase services that may require allowlist inclusion, see https://firebase.google.com/docs/cloud-messaging/concept-options#ports_and_your_firewall.

The following table lists the portal exemptions required for each listed Knox server resource:

URL Port Knox server resource

*.samsungknox.com*

*.secb2b.com

443/80

Knox cloud service

Knox Identity Management

Single sign-on (SSO)

Knox Portal

*.samsung.com 443/80

Knox Partner Portal

Samsung account

License servers for Knox products

The following Knox license server resources may be required to add to the allowlist depending on your organization’s IT policies. Additionally, if your organization’s IT policy restricts the use of a wildcard (*) to abbreviate a domain name, the FQDN may be required to reach a Knox license server. Refer to the following for license server destinations per region:

Global

URL Port
analytics.samsungknox.com -
prod-knoxlog.secb2b.com -
account.samsung.com 80|443

Americas

URL Port
gslb.secb2b.com 443
gsl.samsunggsl.com 443
us-elm.secb2b.com 443
us-prod-klm-b2c.secb2b.com 443
us-prod-klm.secb2b.com 443
usprod-knoxlog.secb2b.com -

EMEA

URL Port
gslb.secb2b.com 443
gsl.samsunggsl.com 443
eu-elm.secb2b.com 443
eu-prod-klm-b2c.secb2b.com 443
eu-prod-klm.secb2b.com 443
euprod-knoxlog.secb2b.com -

China

URL Port
china-gslb.secb2b.com.cn 443
china-elm.secb2b.com.cn 443
china-b2c-klm.secb2b.com.cn 443
china-prod-klm.secb2b.com.cn 443

Networking requirements for Knox cloud services

The following Knox network resources may need to be added to the allowlist depending on your organization’s IT policies. Additionally, if your organization’s IT policy restricts the use of a wildcard (*) to abbreviate a domain name, the FQDN may be required to reach a Knox network deployment resource. Refer to the following for per region:

Global

URL Port
knoxservices.secb2b.com 80|443
pinning.secb2b.com 80|443
pinning-02.secb2b.com 80|443
eula.secb2b.com 80|443
umc-cdn.secb2b.com 80|443
me.samsungknox.com 80|443
configure.samsungknox.com 80|443
custom.samsungknox.com 80|443
kcc-prod-repo.s3.amazonaws.com 80|443
klms-dev.s3.amazonaws.com 443
eu-api.samsungknox.com -

Americas

URL Port
us-kc-portal.samsungknox.com 443
us-kc.samsungknox.com 443
us-kcc.samsungknox.com 443
us-segd-api.secb2b.com 443
us-segp-api.secb2b.com 443
us-segm-api.secb2b.com 443
us-kme.samsungknox.com -
us-kme-api.samsungknox.com -
us-kme-api-mssl.samsungknox.com -
us-kme-reseller.samsungknox.com -

EMEA

URL Port
eu-kcc.samsungknox.com 443
eu-kc-portal.samsungknox.com 443
eu-kc.samsungknox.com 443
eu-prod-bulk.secb2b.com 80|443
eu-segd-api.secb2b.com 80|443
eu-segp-api.secb2b.com 80|443
eu-segm-api.secb2b.com 80|443
eu-kme.samsungknox.com -
eu-kme-api.samsungknox.com -
eu-kme-api-mssl.samsungknox.com -
eu-kme-reseller.samsungknox.com -

China

URL Port
china-segd-api.secb2b.com.cn 443
myknoxapk.blob.core.chinacloudapi.cn 80|443

Is this page helpful?