Articles in this section

Network troubleshooter guide

Avatar
Dora
Updated

When you experience connection issues in Tresorit, but otherwise have internet connection in your other apps and browser, then you are probably facing a network error โ€“ read on to learn how to solve it. And if you require assistance along the way, our support team is here to aid you.

๐Ÿ“ Note: Check our service status page for updates on our serversโ€™ availability.

Go through the troubleshooting checklist

There are three settings you will need to check to solve the problem.

  1. Ports: check if the ports Tresorit uses are available and no firewall blocks them in your network.
  2. Proxy settings: check if Tresorit uses the proper proxy settings.
  3. SSL inspection: check your firewall settings and allow Tresorit hosts and IP addresses.

Required ports

Tresorit uses two outgoing ports (TCP 443 and TCP 80) โ€“ make sure both are enabled on your firewall.

  • All communication uses HTTPS (HTTP+TLS) on TCP 443
  • SSL certificate CRL checking uses TCP port 80

๐Ÿ“ Note: Outgoing communication is enabled by default on most firewalls, especially these (standard) ports.

Proxy support

If you are not connected to the Internet directly, you are probably using a proxy server. Tresorit automatically detects the default proxy server, used by your browser (Internet Explorer, Edge, Chrome, Safari or Opera).

๐Ÿ“ Note: If you are using Firefox exclusively (and set it up manually), there is a chance that you will have to set up your proxy server manually too.

Set up your proxy manually

To solve it, you will need to check your proxy settings. Proxy settings can be modified in two ways, depending on whether you are signed in to Tresorit or not: on the settings tab or on the login page of your desktop app.

  • Settings tab
  • Login page
  1. Open your Tresorit desktop app.
  2. Head to the Settings tab.
  3. Navigate to Network.
  4. Under Proxy, select Manual.
  5. Change proxy settings on the pop-up. On this window you can configure your HTTP, Socks 4 or Socks 5 proxy. You can also add your username and password if your proxy requires authentication.
  6. Click Set proxy when you are done.
  1. Click Open proxy.

  2. Select Manual.

  3. Enter your proxy configuration.
  4. Click Set proxy when you are done.

SSL (HTTPS) inspection

To detect viruses some corporate and personal firewalls are set to decrypt SSL/TLS connections and are scanning the plaintext HTTP communication.

To protect your infrastructure most firewalls are set to break the trust relationship between the destination server (for example Tresorit servers) and your machine.

Only you have access to your Tresorit private key, neither admins nor firewalls are allowed to access it. As Tresorit is using client certificates to cryptographically identify you (and the firewall does not have your Tresorit private key) the Tresorit server wonโ€™t allow access to your data.

You can test whether domains are SSL inspected using our Connection Checker tool. Download it below ๐Ÿ‘‡

Allowlisting Tresorit

To avoid this issue please contact your system administrator to allowlist Tresorit from the SSL inspection. If this is your home network, please check your vendorโ€™s tutorial for more information about allowlisting a service.

Required hosts and IP addresses: We may extend or update below list of host names from time to time. Moreover, the IP addresses may change at any time without prior notification. While we do our best to keep this list current, you should not rely on the exact IP addresses for filtering. If you experience further issues in the future, please check back for the updated list.

Web Access and Links

If you'd like to access the browser-based Tresorit applications for managing your content via Web Access, sending or receiving files via Share Links or File Requests, you need to allow the following hosts. These settings apply to the Tresorit for Microsoft 365 and Tresorit for Gmail add-ons as well:

  • az579219.vo.msecnd.net
  • accountapi.tresorit.com - 40.85.81.191
  • northeurope-0.in.applicationinsights.azure.com (Optional)
  • northeurope-2.in.applicationinsights.azure.com (Optional)
  • subscribeapi.tresorit.com - 40.85.81.191 (Optional, required for subscription management only)
  • tresorit.com - 13.107.226.45
  • tresor.it - 13.69.228.14
  • tresoritusercontent.com
  • web.tresorit.com - 13.69.228.14
  • webapi.tresorit.com - 40.85.81.191
  • webclient-cdn-v2.azureedge.net

Desktop, Mobile and Integrations

The following host names are required to be allowed for our mobile and desktop applications, the desktop Outlook integration and Tresorit Drive to function correctly on any operating system:

  • installer.tresorit.com (Optional)
  • installerstorage.blob.core.windows.net
  • installerstorage-internetrouting.blob.core.windows.net
  • installerstorage-microsoftrouting.blob.core.windows.net
  • log.tresorit.com - 138.91.55.166
  • login.tresorit.com - 40.115.118.6
  • northeurope-0.in.applicationinsights.azure.com (Optional)
  • northeurope-2.in.applicationinsights.azure.com (Optional)
  • rmsapi.tresorit.com - 191.235.220.110
  • storage2.tresorit.com - 40.115.117.30
  • share.tresorit.com - 138.91.51.33

Storage servers

Additionally to the hosts listed in the above two sections, for any of the platform flavors, you also need to allowlist the following storage hosts:

  • filestorage00.blob.core.windows.net
  • filestorage00-internetrouting.blob.core.windows.net
  • filestorage00-microsoftrouting.blob.core.windows.net
  • filestorage02.blob.core.windows.net
  • filestorage02-internetrouting.blob.core.windows.net
  • filestorage02-microsoftrouting.blob.core.windows.net
  • filestorage03.blob.core.windows.net
  • filestorage03-internetrouting.blob.core.windows.net
  • filestorage03-microsoftrouting.blob.core.windows.net
  • filestorage04.blob.core.windows.net
  • filestorage04-internetrouting.blob.core.windows.net
  • filestorage04-microsoftrouting.blob.core.windows.net
  • ...
  • ...
  • ...
  • filestorage57.blob.core.windows.net
  • filestorage57-internetrouting.blob.core.windows.net
  • filestorage57-microsoftrouting.blob.core.windows.net
  • filestorage58.blob.core.windows.net
  • filestorage58-internetrouting.blob.core.windows.net
  • filestorage58-microsoftrouting.blob.core.windows.net
  • filestorage59.blob.core.windows.net
  • filestorage59-internetrouting.blob.core.windows.net
  • filestorage59-microsoftrouting.blob.core.windows.net
  • filestorage60.blob.core.windows.net
  • filestorage60-internetrouting.blob.core.windows.net
  • filestorage60-microsoftrouting.blob.core.windows.net
  • filestoragecentralca01.blob.core.windows.net
  • filestoragecentralca01-internetrouting.blob.core.windows.net
  • filestoragecentralca01-microsoftrouting.blob.core.windows.net
  • filestoragecentralus01.blob.core.windows.net
  • filestoragecentralus01-internetrouting.blob.core.windows.net
  • filestoragecentralus01-microsoftrouting.blob.core.windows.net
  • filestorageeastus201.blob.core.windows.net
  • filestorageeastus201-internetrouting.blob.core.windows.net
  • filestorageeastus201-microsoftrouting.blob.core.windows.net
  • filestoragesouthuk01.blob.core.windows.net
  • filestoragesouthuk01-internetrouting.blob.core.windows.net
  • filestoragesouthuk01-microsoftrouting.blob.core.windows.net
  • filestoragewestus201.blob.core.windows.net
  • filestoragewestus201-internetrouting.blob.core.windows.net
  • filestoragewestus201-microsoftrouting.blob.core.windows.net
  • filestoragenorthch01.blob.core.windows.net
  • filestoragenorthch01-internetrouting.blob.core.windows.net
  • filestoragenorthch01-microsoftrouting.blob.core.windows.net
  • filestoragewestcentde01.blob.core.windows.net
  • filestoragewestcentde01-internetrouting.blob.core.windows.net
  • filestoragewestcentde01-microsoftrouting.blob.core.windows.net
  • filestoragecentralfr01.blob.core.windows.net
  • filestoragecentralfr01-internetrouting.blob.core.windows.net
  • filestoragecentralfr01-microsoftrouting.blob.core.windows.net
  • filestorageseasia01.blob.core.windows.net
  • filestorageseasia01-internetrouting.blob.core.windows.net
  • filestorageseasia01-microsoftrouting.blob.core.windows.net
  • filestoragewesteu01.blob.core.windows.net
  • filestoragewesteu01-internetrouting.blob.core.windows.net
  • filestoragewesteu01-microsoftrouting.blob.core.windows.net
  • filestoragesouthbr01.blob.core.windows.net
  • filestoragesouthbr01-internetrouting.blob.core.windows.net
  • filestoragesouthbr01-microsoftrouting.blob.core.windows.net
  • filestoragenorthuae01.blob.core.windows.net
  • filestoragenorthuae01-internetrouting.blob.core.windows.net
  • filestoragenorthuae01-microsoftrouting.blob.core.windows.net
  • frpistaprdtresorit01.blob.core.windows.net

If you're using Data Residency Options, some of the above hosts may be optional depending on your data residency settings, but it is not recommended, nor supported to selectively disallow them.

Additional features - SSO

Using SSO will require additional servers to be reachable, a different set of servers for AzureAD, Okta and Google Workspace.

If you wish to use AzureAD, Tresorit applications will need access to:

  • https://login.microsoftonline.com
  • https://graph.microsoft.com

If you wish to use Okta, Tresorit applications will need access to:

  • https://<organization_id>.okta.com (The <organization_id> was configured in the Admin Center during SSO setup)
  • https://<custom_issuer_domain> (Optional, required if the <custom_issuer_domain> was configured in the Admin Center during your SSO setup)

If you wish to use Google Workspace, Tresorit applications will need access to:

  • https://accounts.google.com
  • https://www.googleapis.com

Additional features - DRM

If you use DRM, the following addresses also need to be allowlisted:

For initialization

  • tresorit.com
  • discover.aadrm.com
  • sts-b-eus-na.aadrm.com
  • 9e589980-d0b8-4473-bcf1-3bcd2f73ab76.rms.eu.aadrm.com
  • sts-b-weu.eu.aadrm.com
  • baf3722a-2201-4bf5-8fec-2a74e41e11d7.rms.eu.aadrm.com

For usage

  • login.microsoftonline.com
  • aadg.windows.net.nsatc.net
  • odc.officeapps.live.com
  • nexus.officeapps.live.com
  • roaming.officeapps.live.com
  • 9e589980-d0b8-4473-bcf1-3bcd2f73ab76.rms.eu.aadrm.com
  • osi-prod-weu01-roaming.cloudapp.net
  • osiprod-neu-bronze-000.cloudapp.net
  • prod-w.nexus.live.com.akadns.net
  • rmsoprodeu-b-rms-neu.cloudapp.net
  • sts-a-neu.eu.aadrm.com
  • sts.ap.aadrm.com
  • sts-b-eas.ap.aadrm.com
  • sts-b-neu.eu.aadrm.com
  • sts-a-weu.eu.aadrm.com
  • sts-a-ncu.na.aadrm.com
  • sts-a-eus.na.aadrm.com
  • sts-b-weu.eu.aadrm.com
  • sts.eu.aadrm.com
  • rms.ap.aadrm.com
  • rms.na.aadrm.com
  • sts-b-eus.na.aadrm.com
  • api.aadrm.com
  • discover.aadrm.com
  • rms.eu.aadrm.com

Tresorit Send

If you'd like to use Tresor Send or the Tresorit Send browser extension to send and receive files easily and securely, the following hosts need to be allowed:

  • az579219.vo.msecnd.net
  • northeurope-0.in.applicationinsights.azure.com (Optional)
  • northeurope-2.in.applicationinsights.azure.com (Optional)
  • prodanonymlinks.blob.core.windows.net
  • prodanonymlinks-internetrouting.blob.core.windows.net
  • prodanonymlinks-microsoftrouting.blob.core.windows.net
  • send.tresorit.com
  • sendapi.tresorit.com
  • tresoritusercontent.azurewebsites.net
  • webapi.tresorit.com
  • webclient-cdn.azureedge.net

Miscellaneous services

We highly recommend to allowlist the following hosts as well to be able to experience the whole variety of Tresorit services seamlessly, including our website, blog and knowledge base:

  • az579219.vo.msecnd.net
  • cdn.tresorit.com
  • subscribeapi.tresorit.com
  • support.tresorit.com
  • tresorit.com

Because of the broad variety of network configurations and operating systems, the solutions listed above may not apply to you. In case you experience further issues, please contact our support team. They will help you sort this out.

Download the Connection Checker

Still have questions left? Drop us a line

Related articles