There may be some internal firewall deployed that sits between the MAA and internal network. Configuration/Rules on the firewall may be required to allow the MAA to function and managed by the System Administrator. This Solution provides a general guideline on how a firewall could be configured.
A firewall that sits between the MAA and internal/backend network should be configured to allow access :
For the dirty line, it's best to allow full access from the MA to the Internet. If that is not possible, we can start with TCP and UDP 53, TCP-80, and TCP-443. If some malware tries to access some inaccessible ports, it might affect the Risk Score. This is why full access is recommended.