Network Quarantine requirements

Review the requirements before you install and use Network Quarantine.

Tanium dependencies

Network Quarantine is included with Tanium Connect. For information about licensing, contact Tanium Support. Make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform Version 7.3.314.4250 or later
Tanium products

The following modules are optional, but Network Quarantine requires the specified minimum versions to work with them:

  • Tanium Connect 4.7.4 or later
  • Tanium Discover 2.7.0 or later

Tanium Module Server

Network Quarantine is installed and runs as a service on the Module Server host computer. The impact on Module Server is minimal and depends on usage.

Endpoints

Supported operating systems

Same as Tanium Client support. See Tanium Client Management User Guide: Client version and host system requirements.

Third-party software

Network Quarantine is supported for use with Cisco Identity Services Engine (ISE) 2.2 or later with pxGrid installed.

Host and network security requirements

Specific ports and processes are needed to run Network Quarantine.

Ports

The following ports are required for Network Quarantine communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17467 TCP Internal purposes; not externally accessible.
Cisco ISE 5222 TCP Access to Cisco ISE, unless specified otherwise.

User role requirements

Network Quarantine user role permissions
Permission Network Quarantine Administrator Network Quarantine Approver Network Quarantine Rule Author Network Quarantine User Network Quarantine Read Only User Network Quarantine Service Account

Show Networkquarantine

View Network Quarantine shared service

Network Quarantine Certificates Read

View configured certificates

Network Quarantine Certificates Write

Add or update configured certificates

Network Quarantine Nacs Read

View configured NACs

Network Quarantine Nacs Write

Add or update configured NACs

Network Quarantine Quarantines Read

View quarantined endpoints

Network Quarantine Quarantines Write

Quarantine or unquarantine endpoints

Network Quarantine Rules Evaluate

Use service account to evaluate rules

Network Quarantine Settings Read

View service settings

Network Quarantine Settings Write

Configure service settings

Network Quarantine Nacauditlog Read

View audit log

Network Quarantine Rules Run

Start rule evaluation process

Network Quarantine Rules Read

View rules and targets

Network Quarantine Rules Write

Edit rules and targets

Network Quarantine Requests Read

View quarantine requests

Network Quarantine Requests Approve

Approve quarantine requests

Network Quarantine Requests Deny

Deny quarantine requests

Network Quarantine Runs Read

View rule evaluation runs

Provided Network Quarantine micro admin and advanced user role permissions
Permission Role type Content set for permission Network Quarantine Administrator Network Quarantine Approver Network Quarantine Rule Author Network Quarantine User Network Quarantine Read Only User Network Quarantine Service Account
Read User Micro Admin  
Read Computer Group Micro Admin  
Execute Plugin Advanced Network Quarantine Content Set
Read Plugin Advanced Network Quarantine Content Set
Read Saved Question Advanced Network Quarantine Content Set
Read Sensor Advanced Reserved, Default, Base, Network Quarantine Content Set
Write saved question Advanced Network Quarantine Content Set

 

Optional roles for Network Quarantine
Role Enables
Connect User

For signed in user:

  • Configure connections for Network Quarantine event notifications

For service account: 

  • Send Network Quarantine event notifications

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.