Reset Search



KB44902 - List of MacOS Core Exception Rules for Lockdown

« Go Back


Last Modified Date11/9/2021 2:29 AM
This article provides a list of lock down mode core exception rules for MacOS.
Problem or Goal

Up through Pulse 9.1R10, the lockdown rules for exemption were pre-defined and administrators could not make changes to the configuration. (In the connstore.dat on the client they are labelled as V1)
Starting with Pulse 9.1R11, the PCS populates the list of core access rules depending on the platforms (these are observed as V2 in the connstore.dat file).

Administrators are allowed to modify and reorder these exceptions at Users>Pulse Secure Client>Connections>connectionSetName. Administrators can also configure the exception rules allow/deny behavior.

The following list contains the default applications and values for macOS

SNTP/usr/sbin/sntpUDPR & L:123Inbound & Outbound
NTP/usr/sbin/ntpdUDPR & L:123Inbound & Outbound
DHCP IPv4 Configd/usr/libexec/configdUDPL:68, R:67Inbound & Outbound
DHCP IPv4 KerneltaskKernel TaskUDPL:68, R:67Inbound & Outbound
DHCP IPv6 Configd/usr/libexec/configdUDPL:546, R:547Inbound & Outbound
DHCP IPv6 Kernel taskKernel TaskUDPL:546, R:547Inbound & Outbound
NetBios/System/Library/CoreServices/,138Inbound & Outbound
NetBiosd/usr/sbin/netbiosdUDPR:137,138Inbound & Outbound
NetBios TCP/System/Library/CoreServices/
PortMap UDPKernel TaskUDPR:111Inbound & Outbound
PortMap TCPKernel TaskTCPR:111Outbound
Kerberos Client Kcm/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcmTCP & UDPR:88Outbound
Kerberos Client Opendirectory/usr/libexec/opendirectorydTCP & UDPR:88Outbound
LDAP Client/usr/libexec/opendirectorydUDPR:389Outbound
Kerberos Password/usr/libexec/opendirectorydTCPR:464Outbound


L - Local portLegend:

R - Remote port

Related Links
Attachment 1 
Created ByJayanth Chettidurai



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255