Network -tcp ports

When configuring my network for security automation tools, which TCP ports, both outbound and inbound, should I unblock in my firewall?

The majority of APIs out there will simply run on https over port 443. Some of them have been configured to run on a nonstandard port but if so it is usually well documented. Using a proxy is a good way to not have to open your server up to communicating with all of the internet on port 443 since a lot of the cloud services could actually be residing at any number of constantly changing IP addresses. Using a proxy you can limit your server only to talk to the domains that you have configured.

For inbound access, you should have an ACL to only allow the services that you want to be able to connect to your automation tool and only on the ports that they should need. Always use the least privilege rules when allowing outside access to your internal tools.

2 Likes

What’s the situation here? Scanning tools? Local -> Remote, create separate VLAN with all ports open outbound and with no access to any internal resources.

This is a very broad question. I would recommend having a couple meetings with admins, web, dev and ask them what they need.

Then watch the firewall traffic for a week and start to narrow it down, for both inbound and outbound traffic.

You can also take a look at Symantec default fw settings, SANS, Nist, MS-isac etc

1 Like