Network Quarantine requirements

Review the requirements before you install and use Network Quarantine.

Core platform dependencies

Make sure that your environment meets the following requirements:

  • Tanium™ Core Platform servers:

    • 7.3.314.4250 or later
    • 7.4.1.1939 or later

    Network Quarantine is not supported for use with Tanium Core Platform 7.5.x or later.

Solution dependencies

Other Tanium solutions are required for specific Network Quarantine features to work (feature-specific dependencies). The installation method that you select determines if the Tanium Server automatically imports dependencies or if you must manually import them.

Some Network Quarantine dependencies have their own dependencies, which you can see by clicking the links in the list of Feature-specific dependencies. Note that the links open the user guides for the latest version of each solution, not necessarily the minimum version that Network Quarantine requires.

Tanium recommended installation

If you select Tanium Recommended Installation when you import Network Quarantine, the Tanium Server automatically imports all your licensed solutions at the same time. See Tanium Console User Guide: Import all modules and services.

Import specific solutions

If you select only Network Quarantine to import, you must manually import dependencies. See Tanium Console User Guide: Import, re-import, or update specific solutions.

Feature-specific dependencies

Network Quarantine has the following feature-specific dependencies at the specified minimum versions:

  • Tanium Connect 4.7.4 or later to send notifications about NAC events to destinations.
  • Tanium Discover 2.7.0 or later to quarantine a MAC address directly from the Discover Interfaces pages.

Tanium Module Server

Network Quarantine is installed and runs as a service on the Module Server host computer. The impact on Module Server is minimal and depends on usage.

Endpoints

Supported internet protocols

Network Quarantine supports only IPv4 addresses.

Supported operating systems

Same as Tanium Client support. See Tanium Client Management User Guide: Client version and host system requirements.

Third-party software

Network Quarantine is supported for use with Cisco Identity Services Engine (ISE) 2.2 - 2.7 with Cisco Platform Exchange Grid (pxGrid) installed.

Cisco ISE 3.x or later and pxGrid 2.0 or later are not supported.

Host and network security requirements

Specific ports and processes are needed to run Network Quarantine.

Ports

The following ports are required for Network Quarantine communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17467 TCP Internal purposes; not externally accessible.
Cisco ISE 5222 TCP Access to Cisco ISE, unless specified otherwise.

User role requirements

The following tables list the role permissions required to use Network Quarantine. To review a summary of the predefined roles, see Set up Network Quarantine users.

For more information about role permissions and associated content sets, see Tanium Console User Guide: Managing RBAC.

Network Quarantine user role permissions
Permission Network Quarantine Administrator Network Quarantine Approver Network Quarantine Rule Author Network Quarantine User Network Quarantine Read Only User Network Quarantine Service Account

Network Quarantine Certificates

View, add or update configured certificates


READ
WRITE

Network Quarantine Nacauditlog

View audit log


READ

READ

READ

READ

Network Quarantine NACs

View, add or update configured NACs


READ
WRITE

READ

READ

READ

Network Quarantine Quarantines

View, quarantine or unquarantine quarantined endpoints


READ
WRITE

READ

READ

READ
WRITE

READ

Network Quarantine Requests

View, approve and deny quarantine requests


APPROVE
READ
DENY

APPROVE
READ
DENY

APPROVE
READ
DENY

Network Quarantine Rules

View and edit rules and targets; use service account to evaluate rules; start rule evaluation process


READ
WRITE
RUN

READ

READ
WRITE
RUN

EVALUATE

Network Quarantine Runs

View rule evaluation runs


READ

READ

READ

Network Quarantine Settings

View and configure service settings


READ
WRITE

READ

READ
WRITE

READ

READ

Networkquarantine

View Network Quarantine shared service


SHOW

SHOW

SHOW

SHOW

SHOW

Provided Network Quarantine administration and platform content user role permissions
Permission Role type Network Quarantine Administrator Network Quarantine Approver Network Quarantine Rule Author Network Quarantine User Network Quarantine Read Only User Network Quarantine Service Account
Computer Group Administration
READ

READ

READ

READ
User Administration
READ

READ
Plugin Platform content
READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE
Saved Question Platform content
READ

READ

READ
WRITE
Sensor Platform content
READ

READ

READ

 

Optional roles for Network Quarantine
Role Enables
Connect User

For signed in user:

  • Configure connections for Network Quarantine event notifications

For service account: 

  • Send Network Quarantine event notifications

For more information and descriptions of content sets and permissions, see the Tanium Core Platform User Guide: Users and user groups.