Tanium firewall rules

I'm looking for guidance on how to add this to firewall.
These ports should be allowed for Any Trusted (company network)

Do I create an Alias with these ports?

Comments

  • If you have the default Outgoing policy still in your config, then it allows out all TCP & UDP packets.

    If you no longer have the default Outgoing policy in your config, you can create a Custom Packet filter for TCP 17472, 17486 and use that in an outgoing policy.

    You can create a Custom Packet filter for TCP 17472 and use that along with a SNAT, on an incoming policy.

  • edited March 2023

    I created a custom packet filter named 'Tanium' and added TCP 17472, 17486. But I'm not sure how to add that to outgoing policy.

  • As and outgoing type policy -

    Example:
    From: Any-trusted To: Any-external

  • This is what I have now, so I need to add the custom packet filter named 'Tanium' I created to 'From'?

  • Sorry, I think I got it. Am I right?

    'Tanium' connections are allowed 'From' Any-Trusted 'To' Any External.

  • Yes.
    You can specify specific IP Addrs and/or authenticated user IDs in the From: field, if desired

  • "You can create a Custom Packet filter for TCP 17472 and use that along with a SNAT, on an incoming policy."

    Ok thank you. For the SNAT (Port Forwarding?), I need to map my public IP to an internal IPv4?

  • So from any external to SNAT? Which would be my public IP to single IPv4 or to 'Any-Trusted'?

  • Your public IP to a single IP addr.

    No way to SNAT to more than 1 internal IP addr, per SNAT

  • Sorry, I think I just need to open TCP 17472 on the client computers locally for inbound rule for Windows Defender. I appreciate your help.

  • Thanks again, we're good to go. The inbound rules were for the Windows Defender.

Sign In to comment.