As an IT admin, you must ensure that your enterprise devices have access to the following Knox servers:
- Samsung license servers — so that when you activate Knox services, devices can verify their license keys. Devices periodically check their licenses a few times a week.
- Samsung SDS IAM & EMM — if you are using EMM, so that devices can access the web-based EMM consoles and storage sites. If you are using another EMM system, you do not need to do this.
- Samsung ActiveSync Server — if you are using Exchange ActiveSync, so that the email client can successfully reach our ActiveSync servers.
NOTE — If your enterprise is highly regulated and does not allow communication with external servers, you can request the on-premise Knox server, which handles license verification within your firewall. Samsung charges an extra fee for this service. For more information, contact your Samsung representative or reseller, or use our Contact Us form.
SERVICES
| TERM | DESCRIPTION |
|---|---|
| Samsung Account | Samsung Account authentication for Knox services. |
| Region | Region in this contexts refers to the region of origination for the devices. This region is typically, in majority of cases, the region of purchase. |
| GSLB | Samsung Global Load Balancers for High availability and redundancy. |
| ELM/KLM | Enterprise License Management services for License Activation and Tracking |
| UMC | Universal EMM Client is the agent that resides on the device image that launches the KNOX cloud configurator (KCC) and manages policies provisioned to it from the KCC portal |
| CDN | Storage for apps, wallpapers and other potentially sizable data. |
| API Gateway | API Gateway for Samsung Knox E-FOTA service API calls. |
| Analytics | Analytics services for Knox services. |
SERVERS REQUIRED FOR ALL KNOX PRODUCTS
| REGION | DESTINATION | PORT | NOTES |
|---|---|---|---|
| Global | analytics.samsungknox.com | - | Analytics |
| prod-knoxlog.secb2b.com | - | Analytics | |
| account.samsung.com | 80 | 443 | Samsung Account | |
| Americas | gslb.secb2b.com | 443 | GSLB |
| us-elm.secb2b.com | 443 | ELM | |
| us-prod-klm-b2c.secb2b.com | 443 | KLM | |
| us-prod-klm.secb2b.com | 443 | KLM | |
| usprod-knoxlog.secb2b.com | - | Analytics | |
| EMEA | gslb.secb2b.com | 443 | GSLB |
| eu-elm.secb2b.com | 443 | ELM | |
| eu-prod-klm-b2c.secb2b.com | 443 | KLM | |
| eu-prod-klm.secb2b.com | 443 | KLM | |
| euprod-knoxlog.secb2b.com | - | Analytics | |
| China | china-gslb.secb2b.com.cn | 443 | GSLB |
| china-elm.secb2b.com.cn | 443 | ELM | |
| china-b2c-klm.secb2b.com.cn | 443 | KLM | |
| china-prod-klm.secb2b.com.cn | 443 | KLM |
FIREWALL REQUIREMENTS FOR SAMSUNG KNOX AND SEAP PORTALS
| REGION | DESTINATION | PORT | NOTES |
|---|---|---|---|
| Global | www.samsungknox.com | 80 | 443 | Samsung Knox Portal |
| www2.samsungknox.com | 80 | 443 | ||
| cdn.samsungknox.com | 80 | 443 | ||
| sso.samsungknox.com | 80 | 443 | ||
| seap.samsung.com | 80 | 443 | SEAP Portal |
FIREWALL REQUIREMENTS FOR KNOX CLOUD SERVICES (KME/KC)
| REGION | DESTINATION | PORT | NOTES |
|---|---|---|---|
| All Regions | knoxservices.secb2b.com | 80 | 443 | Service |
| pinning.secb2b.com | 80 | 443 | ||
| pinning-02.secb2b.com | 80 | 443 | ||
| eula.secb2b.com | 80 | 443 | UMC | |
| umc-cdn.secb2b.com | 80 | 443 | ||
| me.samsungknox.com | 80 | 443 | CDN | |
| configure.samsungknox.com | 80 | 443 | ||
| custom.samsungknox.com | 80 | 443 | ||
| kcc-prod-repo.s3.amazonaws.com | 80 | 443 | KCC Configuration | |
| klms-dev.s3.amazonaws.com | 443 | ||
| eu-api.samsungknox.com | - | API Gateway | |
| Americas | us-kc-portal.samsungknox.com | 443 | Portals |
| us-kc.samsungknox.com | |||
| us-kcc.samsungknox.com | |||
| us-segd-api.secb2b.com | |||
| us-segp-api.secb2b.com | 443 | Service | |
| us-segm-api.secb2b.com | |||
| us-kme.samsungknox.com | - | Mobile Enrollment | |
| us-kme-api.samsungknox.com | - | ||
| us-kme-api-mssl.samsungknox.com | - | ||
| us-kme-reseller.samsungknox.com | - | ||
| EMEA | eu-kcc.samsungknox.com | 443 | Portals |
| eu-kc-portal.samsungknox.com | |||
| eu-kc.samsungknox.com | |||
| eu-prod-bulk.secb2b.com | 80 | 443 | Service | |
| eu-segd-api.secb2b.com | |||
| eu-segp-api.secb2b.com | |||
| eu-segm-api.secb2b.com | |||
| eu-kme.samsungknox.com | - | Mobile Enrollment | |
| eu-kme-api.samsungknox.com | - | ||
| eu-kme-api-mssl.samsungknox.com | - | ||
| eu-kme-reseller.samsungknox.com | - | ||
| China | china-segd-api.secb2b.com.cn | 443 | UMC |
| myknoxapk.blob.core.chinacloudapi.cn | 80 | 443 |
NETWORKING REQUIREMENTS FOR SAMSUNG SDS IAM & EMM SERVERS
| REGION | DESTINATION | PORT | NOTES |
|---|---|---|---|
| All Regions | *.cloudapp.net | 443 | GSLB |
| *.centrify.com | 443 | ELM | |
| *.samsungknox.com | 443 | KLM | |
| www.public-trust.com | 443 | KLM | |
| mscrl.microsoft.com | 443 | GSLB | |
| Azure datacenters: Complete list can be found here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653 | 80 | 443, 9350-9354 | CDN |
NETWORKING REQUIREMENTS FOR SAMSUNG ACTIVESYNC SERVER (REQUIRED FOR EMAIL ACTIVATION)
| REGION | DESTINATION | PORT | NOTES |
|---|---|---|---|
| N/A | https://api.samsungapps.com/activesync/activate/activesync | 443 | MS |
