Skip to content

Firewall rules must be configured on the Tanium Zone Server for Client-to-Zone Server communications.

An XCCDF Rule

Description

<VulnDiscussion>In customer environments using the Tanium Zone Server, a Tanium Client may be configured to point to a Zone Server instead of a Tanium Server. The communication requirements for these Clients are identical to the Server-to-Client requirements. Without proper firewall configurations, proper TCP communications may not take place as necessary for application functionality. Additionally, without proper configuration, organizations may lose complete visibility into endpoints that cannot connect directly to the Tanium Server. https://docs.tanium.com/platform_deployment_reference/platform_deployment_reference/network_ports.html</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-254907r867621_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

1. Consult with the personnel who maintain the Enterprise Security Suite to configure host-based and network firewall rules to allow the following:

1A. Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.