Tanium firewall rules
I'm looking for guidance on how to add this to firewall.
These ports should be allowed for Any Trusted (company network)
Do I create an Alias with these ports?
0
Sign In to comment.
I'm looking for guidance on how to add this to firewall.
These ports should be allowed for Any Trusted (company network)
Do I create an Alias with these ports?
Comments
If you have the default Outgoing policy still in your config, then it allows out all TCP & UDP packets.
If you no longer have the default Outgoing policy in your config, you can create a Custom Packet filter for TCP 17472, 17486 and use that in an outgoing policy.
You can create a Custom Packet filter for TCP 17472 and use that along with a SNAT, on an incoming policy.
I created a custom packet filter named 'Tanium' and added TCP 17472, 17486. But I'm not sure how to add that to outgoing policy.
As and outgoing type policy -
Example:
From: Any-trusted To: Any-external
This is what I have now, so I need to add the custom packet filter named 'Tanium' I created to 'From'?
Sorry, I think I got it. Am I right?
'Tanium' connections are allowed 'From' Any-Trusted 'To' Any External.
Yes.
You can specify specific IP Addrs and/or authenticated user IDs in the From: field, if desired
"You can create a Custom Packet filter for TCP 17472 and use that along with a SNAT, on an incoming policy."
Ok thank you. For the SNAT (Port Forwarding?), I need to map my public IP to an internal IPv4?
So from any external to SNAT? Which would be my public IP to single IPv4 or to 'Any-Trusted'?
Your public IP to a single IP addr.
No way to SNAT to more than 1 internal IP addr, per SNAT
Sorry, I think I just need to open TCP 17472 on the client computers locally for inbound rule for Windows Defender. I appreciate your help.
Thanks again, we're good to go. The inbound rules were for the Windows Defender.