Firewall rules required for Windows/Linux connectors to Cisco Secure Endpoint Public Cloud

TNSC2021 · ‎07-12-2021

Cisco have published an article regarding firewall rules: Required Server Addresses for Proper Cisco Secure Endpoint & Malware Analytics Operations - Cisco

What is unclear is where to allow the firewall rules from in the component architecture.

I have configured the source as the AMP update servers, but our server fleet is still not appearing in the portal.

Does anyone know which firewall rules in that article are needed from the Windows/Linux connectors?

Any guidance much appreciated. Thanks.

Troja007 · ‎07-13-2021

Hello @TNSC2021,
the document on cisco.com includes all hosts needed for the endpoint. You may do a connectivity check on the servers to figure out which communication does not work. This is for windows, just checking Linux... hold on..

Writing the Log file:

Using the help to specific tests:

Greetings,
Thorsten

Troja007 · ‎07-13-2021

Hello @TNSC2021,
can you please check if there are any errors in the log under /var/log/cisco/ampdaemon.log?
Or, as outline above, you may use a Windows System in the same network to check with the connectivity tool.

Greetings,
Thorsten

TNSC2021 · ‎07-14-2021

Thanks for your advice.

I enabled RFC1918 to all the destinations listed and everything works.

It would be good if the documentation included the sources e.g. Update Server, versus connector.

That would allow me to narrow down the firewall rules a bit.