cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2101
Views
20
Helpful
3
Replies

Firewall rules required for Windows/Linux connectors to Cisco Secure Endpoint Public Cloud

TNSC2021
Level 1
Level 1

Cisco have published an article regarding firewall rules: Required Server Addresses for Proper Cisco Secure Endpoint & Malware Analytics Operations - Cisco

 

What is unclear is where to allow the firewall rules from in the component architecture.

 

I have configured the source as the AMP update servers, but our server fleet is still not appearing in the portal.

 

Does anyone know which firewall rules in that article are needed from the Windows/Linux connectors?

 

Any guidance much appreciated. Thanks.

3 Replies 3

Troja007
Cisco Employee
Cisco Employee

Hello @TNSC2021,
the document on cisco.com includes all hosts needed for the endpoint. You may do a connectivity check on the servers to figure out which communication does not work. This is for windows, just checking Linux... hold on..

 

Writing the Log file:
Connectivity_Tool.png

 

Using the help to specific tests:

Connectivity_Tool_help.png

 

Greetings,
Thorsten

Troja007
Cisco Employee
Cisco Employee

Hello @TNSC2021,
can you please check if there are any errors in the log under /var/log/cisco/ampdaemon.log?
Or, as outline above, you may use a Windows System in the same network to check with the connectivity tool.

Greetings,
Thorsten

TNSC2021
Level 1
Level 1

Thanks for your advice.

 

I enabled RFC1918 to all the destinations listed and everything works.

 

It would be good if the documentation included the sources e.g. Update Server, versus connector.

 

That would allow me to narrow down the firewall rules a bit.