Configuring network egress allow list rules in the CMP

If you want to allow outbound communications from Tanium Cloud to specific destinations, you can configure network egress allow list rules. The configured rules apply to all outbound communications from solutions such as Taniumâ„¢ Connect, Taniumâ„¢ Discover, or Tanium package downloads.

Configure a new network egress rule

  1. From the CMP menu, click Network Egress Allow List.

  2. Click Add, specify values for the following fields, and then click Add.

    FQDN: Fully qualified domain name for the network egress destination

    Some FQDN values might change what fields you see. If you enter a Regional AWS S3 FQDN value in the FQDN field, a Global FQDN field appears that is automatically populated with the appropriate value to ensure correct routing. Conversely, if you enter a Global AWS S3 FQDN value in the FQDN field, a Regional FQDN field appears, and you must manually enter the Regional AWS S3 FQDN value in this field to ensure correct routing.

    Port: Port number for the network egress destination. See the help in the CMP for commonly used ports for specific protocols.

    Tanium does not support sending data over TCP port 25 (SMTP) outbound. Use encrypted communication ports TCP 465 or TCP 587 instead. If you create a rule with external access for an SMTP email server destination (default TCP port 465 or TCP port 587), you can only associate the port with 1 FQDN.

    Item Name: A unique vanity name to identify the rule

    Note: An optional note with more details about the rule

Allow a few minutes for the changes to take effect.

Edit an existing network egress rule

  1. From the CMP menu, click Network Egress Allow List.

  2. Click Edit next to the rule that you want to update.

  3. Make any updates, and then click Save.

Delete an existing network egress rule

  1. From the CMP menu, click Network Egress Allow List.
  2. Click Delete next to the rule that you want to delete, and then click Delete to confirm the action.