Network Quarantine requirements

Review the requirements before you install and use Network Quarantine.

Tanium dependencies

Component Requirement
Platform Version 7.0 or later
License Network Quarantine is included with Tanium Connect. For information about licensing, contact your Technical Account Manager (TAM).
Tanium Connect

(Optional) Version 4.7.4 or later

Tanium Discover (Optional) Version 2.7.0 or later

Tanium Module Server

Network Quarantine is installed and runs as a service on the Module Server host computer. The impact on Module Server is minimal and depends on usage.

Third-party software

  • Cisco Identity Services Engine (ISE) 2.2 or later with pxGrid installed
  • Palo Alto Networks OS 7.1 or later

Host and network security requirements

Specific ports and processes are needed to run Network Quarantine.

Ports

The following ports are required for Network Quarantine communication.

Component Port Direction Purpose
Module Server 17467 Loopback Internal purposes; not externally accessible.
5222 Outbound Access to Cisco ISE, unless specified otherwise.
443 Outbound Access to Palo Alto Networks firewall, unless specified otherwise.

User role requirements

Tanium 7.0

Administrator role is required for all Network Quarantine tasks.

Tanium 7.1

Table 1:   Tanium 7.1 Network Quarantine User Role Privileges
Privilege Network Quarantine Administrator Network Quarantine User Network Quarantine Read Only User

Show Networkquarantine

View Network Quarantine shared service


Networkquarantine Certificates Read

View configured certificates


Networkquarantine Certificates Write

Add or update configured certificates


Networkquarantine Nacs Read

View configured NACs


Networkquarantine Nacs Write

Add or update configured NACs


Networkquarantine Quarantines Read

View quarantined endpoints


Networkquarantine Quarantines Write

Quarantine or unquarantine endpoints


Networkquarantine Settings Read

View service settings


Networkquarantine Settings Write

Configure service settings


Networkquarantine Nacauditlog Read

View audit log

Last updated: 8/14/2018 12:43 PM | Feedback