App Control: Is it possible to restrict access to the web console on port 443
book
Article ID: 286674
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Is it possible to restrict access to the Console on port 443?
Environment
App Control Console: All Supported Versions
Windows Server: All Supported Versions
Resolution
Warning: Carbon Black does not recommend making changes to the default IIS configuration outside of the requirements listed in the Operating Environment Requirements.
There is no configuration setting available in the App Control Console to configure or restrict port 443. Restricting access to the Server Address via Port 443 is outside the scope of Support but could be done through the use of Firewall Rules, IIS Manager, or other network settings.
Additional Information
Warning: Agents connect to the Server Address via Port 443 to download critical files related to Agent upgrades, Yara Rules, and Trusted Server Certificate files.
If any restrictions on port 443 are set, please update the Resource Download Location to point the agents to an alternative web server to get the files from per this KB.