Firewall rules must be configured on the Tanium Zone Server for Client-to-Zone Server communications.

From Tanium 7.0 Security Technical Implementation Guide

Associated with: CCI-000382

SV-93389r1_rule Firewall rules must be configured on the Tanium Zone Server for Client-to-Zone Server communications.

Vulnerability discussion

In customer environments using the Tanium Zone Server, a Tanium Client may be configured to point to a Zone Server instead of a Tanium Server. The communication requirements for these Clients are identical to the Server-to-Client requirements.https://docs.tanium.com/platform_install/platform_install/reference_network_ports.html

Check content

Note: If a Zone Server is not being used, this is "Not Applicable". Consult with the Tanium System Administrator to verify which firewall is being used as a host-based firewall on the Tanium Zone Server. Access the host-based firewall configuration on the Tanium Zone Server. Validate a rule exists for the following: Port Needed: Tanium Clients to Zone Server over TCP port 17472. If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, from Tanium Clients to the Tanium Zone Server, this is a finding.

Fix text

Configure host-based firewall rules as required, to include Tanium Clients to Zone Server over TCP port 17472.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.