Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Tanium 7.x Security Technical Implementation Guide
SRG-APP-000383
Firewall rules must be configured on the Tanium Server for Server-to-Zone Server communications.
Firewall rules must be configured on the Tanium Server for Server-to-Zone Server communications.
An XCCDF Rule
Details
Profiles
Prose
Firewall rules must be configured on the Tanium Server for Server-to-Zone Server communications.
Medium Severity
<VulnDiscussion>If using the Tanium Zone Server to proxy traffic from Tanium-managed computers on less trusted network segments to the Tanium Server on the core network, the Tanium Zone Server Hub, typically installed to the Tanium Server device, must be able to connect to the Zone Server(s) in the DMZ. This is the only configuration that requires allowing outbound traffic on port 17472 from the Tanium Server device. The ZoneServerList.txt configuration file in the Tanium Zone Server Hub's installation folder identifies the addresses of the destination Zone Servers. Refer to the Zone Server Configuration page for more details. Port Needed: Tanium Server to Zone Server over TCP port 17472. Network firewall rules: Allow TCP traffic on port 17472 from the Zone Server Hub, usually the Tanium Server device, to the destination DMZ devices(s) hosting the Zone Server(s). Endpoint firewall rules: For additional security, configure the following endpoint firewall rules: Allow TCP traffic outbound on port 17472 from only the Zone Server Hub process running on the Tanium Server device. Allow TCP traffic inbound on port 17472 to only the Zone Server process running on the designated Zone Server device(s). For more information, refer to ttps://docs.tanium.com/platform_install/platform_install/reference_network_ports.html.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>