Cisco Cisco AMP Threat Grid 5004 Appliance Installation Guide
Cisco AMP Threat Grid Appliance Setup and Configuration Guide
SERVER SETUP
SERVER SETUP
13
Firewall Rules Suggestions
From
To
Protocol/Port
Action
Reason
Dirty interface
Internet
SMTP
Deny
Prevent malware from
spamming
spamming
Dirty interface
Internet
TCP/19791
Allow
Allow connectivity to Threat
Grid support
Grid support
Dirty Interface
Internet
TCP/22
Allow
Update and support snapshot
services
services
Dirty interface
Internet
IP/ANY
Allow
Allow outbound traffic from
malware samples
malware samples
(To get accurate results it is
required that malware be
allowed to contact its command
and control server.)
required that malware be
allowed to contact its command
and control server.)
Dirty interface
Internet
DNS
Allow
Allow outbound DNS.
Dirty interface
Internet
NTP
(UDP/123)
Allow
Allow outbound traffic to access
NTP.
NTP.
Clean interface
SMTP Server
SMTP
Allow
The appliance uses the clean
interface to initiate SMTP
connections to the configured
mail server. (The Clean
interface does not need
outbound connectivity "to the
Internet".)
interface to initiate SMTP
connections to the configured
mail server. (The Clean
interface does not need
outbound connectivity "to the
Internet".)
Clean interface
Internet
TCP/19791
Allow
Allow connectivity to Thread
Grid Recovery Mode support
connections
Grid Recovery Mode support
connections
User network
Clean interface
TCP/80
TCP/443
Allow
Appliance API and user
interface
interface
Clean interface
User network
Syslog/Configurable
Allow
Allow connectivity to server
designated to receive Syslog
messages and Threat Grid
notifications.
designated to receive Syslog
messages and Threat Grid
notifications.
Administration
network
network
Admin interface TCP/22
TCP/80
TCP/443
Allow
SSH
OpAdmin Portal interface
User network
Clean interface
TCP/9443
Allow
Allow connectivity to the Threat
Grid UI Glovebox
Grid UI Glovebox