Rule ID
SV-253849r1099952_rule
Version
V2R3
CCIs
In customer environments using the Tanium Zone Server, a Tanium Client may be configured to point to a Zone Server instead of a Tanium Server. The communication requirements for these Clients are identical to the Server-to-Client requirements. Without proper firewall configurations, proper TCP communications may not take place as necessary for application functionality. Additionally, without proper configuration, organizations may lose complete visibility into endpoints that cannot connect directly to the Tanium Server.
Note: If a Zone Server is not being used, this is not applicable. 1. Consult with the Tanium system administrator to verify which firewall is being used as a host-based firewall on the Tanium Zone Server. 2. Access the host-based firewall configuration on the Tanium Zone Server. 3. Validate a rule exists for the following: Port Needed: Tanium Clients to Zone Server over TCP port 17472, bidirectionally. If a host-based firewall rule does not exist to allow TCP port 17472, bidirectionally, from Tanium Clients to the Tanium Zone Server, this is a finding.
Consult with the personnel who maintain the Enterprise Security Suite to configure host-based and network firewall rules to allow the following: Tanium Clients or Zone Clients over TCP port 17472, bidirectionally.