Reset Search
 

 
Article

KB44902 - List of MacOS Core Exception Rules for Lockdown

Printable View
« Go Back

Information

 
Last Modified Date11/9/2021 2:29 AM
Synopsis
This article provides a list of lock down mode core exception rules for MacOS.
Problem or Goal
Cause
Solution

Up through Pulse 9.1R10, the lockdown rules for exemption were pre-defined and administrators could not make changes to the configuration. (In the connstore.dat on the client they are labelled as V1)
Starting with Pulse 9.1R11, the PCS populates the list of core access rules depending on the platforms (these are observed as V2 in the connstore.dat file).

Administrators are allowed to modify and reorder these exceptions at Users>Pulse Secure Client>Connections>connectionSetName. Administrators can also configure the exception rules allow/deny behavior.

The following list contains the default applications and values for macOS

 
ComponentsProgramProtocolPortDirection
SNTP/usr/sbin/sntpUDPR & L:123Inbound & Outbound
NTP/usr/sbin/ntpdUDPR & L:123Inbound & Outbound
DHCP IPv4 Configd/usr/libexec/configdUDPL:68, R:67Inbound & Outbound
DHCP IPv4 KerneltaskKernel TaskUDPL:68, R:67Inbound & Outbound
DHCP IPv6 Configd/usr/libexec/configdUDPL:546, R:547Inbound & Outbound
DHCP IPv6 Kernel taskKernel TaskUDPL:546, R:547Inbound & Outbound
NetBios/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgentUDPR:137,138Inbound & Outbound
NetBiosd/usr/sbin/netbiosdUDPR:137,138Inbound & Outbound
NetBios TCP/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgentTCPR:139Outbound
PortMap UDPKernel TaskUDPR:111Inbound & Outbound
PortMap TCPKernel TaskTCPR:111Outbound
Kerberos Client Kcm/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcmTCP & UDPR:88Outbound
Kerberos Client Opendirectory/usr/libexec/opendirectorydTCP & UDPR:88Outbound
LDAP/usr/libexec/opendirectorydTCPR:389,636,3268,3269Outbound
LDAP Client/usr/libexec/opendirectorydUDPR:389Outbound
Kerberos Password/usr/libexec/opendirectorydTCPR:464Outbound

Legends:

L - Local portLegend:

R - Remote port

Related Links
Attachment 1 
Created ByJayanth Chettidurai

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255