Menu

Our corporate devices are behind a firewall. How do I allow Knox services to contact Samsung servers?

As an IT admin, you must ensure that your enterprise devices have access to the following Knox servers:

  • Samsung license servers so that when you activate Knox services, devices can verify their license keys. Devices periodically check their licenses a few times a week.
  • Samsung SDS IAM & EMM if you are using EMM, so that devices can access the web-based EMM consoles and storage sites. If you are using another EMM system, you do not need to do this.
  • Samsung ActiveSync Server — if you are using Exchange ActiveSync, so that the email client can successfully reach our ActiveSync servers.
NOTE — If your enterprise is highly regulated and does not allow communication with external servers, you can request the on-premise Knox server, which handles license verification within your firewall. Samsung charges an extra fee for this service. For more information, contact your Samsung representative or reseller, or use our Contact Us form.

 


SERVICES

TERM DESCRIPTION
Samsung Account Samsung Account authentication for Knox services.
Region Region in this contexts refers to the region of origination for the devices. This region is typically, in majority of cases, the region of purchase.
GSLB Samsung Global Load Balancers for High availability and redundancy.
ELM/KLM Enterprise License Management services for License Activation and Tracking
UMC Universal EMM Client is the agent that resides on the device image that launches the KNOX cloud configurator (KCC) and manages policies provisioned to it from the KCC portal
CDN Storage for apps, wallpapers and other potentially sizable data.
API Gateway API Gateway for Samsung Knox E-FOTA service API calls.
Analytics Analytics services for Knox services.

SERVERS REQUIRED FOR ALL KNOX PRODUCTS

REGION DESTINATION PORT NOTES
Global   analytics.samsungknox.com - Analytics
prod-knoxlog.secb2b.com - Analytics
account.samsung.com 80 | 443 Samsung Account
Americas     gslb.secb2b.com 443 GSLB
us-elm.secb2b.com 443 ELM
us-prod-klm-b2c.secb2b.com   443 KLM
us-prod-klm.secb2b.com 443 KLM
usprod-knoxlog.secb2b.com - Analytics
EMEA     gslb.secb2b.com 443 GSLB
eu-elm.secb2b.com 443 ELM
eu-prod-klm-b2c.secb2b.com 443 KLM
eu-prod-klm.secb2b.com 443 KLM
euprod-knoxlog.secb2b.com - Analytics
China    china-gslb.secb2b.com.cn 443 GSLB
china-elm.secb2b.com.cn 443 ELM
china-b2c-klm.secb2b.com.cn 443 KLM
china-prod-klm.secb2b.com.cn 443 KLM

FIREWALL REQUIREMENTS FOR SAMSUNG KNOX AND KNOX PARTNER PROGRAM PORTALS

REGION DESTINATION PORT NOTES
Global     www.samsungknox.com 80 | 443 Samsung Knox Portal
www2.samsungknox.com 80 | 443
cdn.samsungknox.com 80 | 443
sso.samsungknox.com 80 | 443
partner.samsungknox.com 80 | 443 Knox Partner Program Portal

FIREWALL REQUIREMENTS FOR KNOX CLOUD SERVICES (KME/KC)

REGION DESTINATION PORT NOTES
All Regions          knoxservices.secb2b.com 80 | 443 Service 
pinning.secb2b.com 80 | 443
pinning-02.secb2b.com 80 | 443
eula.secb2b.com 80 | 443 UMC 
umc-cdn.secb2b.com 80 | 443
me.samsungknox.com 80 | 443 CDN  
configure.samsungknox.com  80 | 443
custom.samsungknox.com  80 | 443
kcc-prod-repo.s3.amazonaws.com 80 | 443 KCC Configuration 
klms-dev.s3.amazonaws.com 443
eu-api.samsungknox.com - API Gateway
Americas          us-kc-portal.samsungknox.com 443 Portals   
us-kc.samsungknox.com  
us-kcc.samsungknox.com  
us-segd-api.secb2b.com  
us-segp-api.secb2b.com 443 Service 
us-segm-api.secb2b.com  
us-kme.samsungknox.com - Mobile Enrollment
us-kme-api.samsungknox.com -
us-kme-api-mssl.samsungknox.com -
us-kme-reseller.samsungknox.com -
EMEA       eu-kcc.samsungknox.com 443 Portals  
eu-kc-portal.samsungknox.com  
eu-kc.samsungknox.com  
eu-prod-bulk.secb2b.com 80 | 443 Service   
eu-segd-api.secb2b.com  
eu-segp-api.secb2b.com  
eu-segm-api.secb2b.com  
eu-kme.samsungknox.com - Mobile Enrollment
eu-kme-api.samsungknox.com -
eu-kme-api-mssl.samsungknox.com -
eu-kme-reseller.samsungknox.com -
China  china-segd-api.secb2b.com.cn 443 UMC
myknoxapk.blob.core.chinacloudapi.cn 80 | 443

NETWORKING REQUIREMENTS FOR SAMSUNG SDS IAM & EMM SERVERS

REGION DESTINATION PORT NOTES
All Regions *.cloudapp.net 443 GSLB
*.centrify.com 443 ELM
*.samsungknox.com 443 KLM
www.public-trust.com 443 KLM
mscrl.microsoft.com 443 GSLB
Azure datacenters: Complete list can be found here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653 80 | 443, 9350-9354 CDN

NETWORKING REQUIREMENTS FOR SAMSUNG ACTIVESYNC SERVER (REQUIRED FOR EMAIL ACTIVATION)

REGION DESTINATION PORT NOTES
  N/A  https://api.samsungapps.com/activesync/activate/activesync 443 MS
Share it: