How Can I Determine Internet Requirements for Application Whitelisting?

If the software provider doesn't give you a list of ports to whitelist, a solid way to find out is to open the app and check the firewall logs for any blocked attempts. This can give you direct insight into what needs to be whitelisted.

Checking firewall logs or performing a packet capture on the device is also a smart move. If you create an explicit deny rule for traffic from the device to the internet, it will help focus on what's being blocked. Also, adding the application in question to Fortinet’s application library can simplify things since they manage lots of IP addresses.

I’ve found filtering through FortiGate's logs is tricky due to all the background noise from Windows. It might be beneficial to implement a deny policy that targets known domains, making it easier to sift through relevant entries. Watching the deny logs closely can reveal what you need to whitelist. Just be careful of the interface—it can be a bit of a maze!

Wireshark is a great tool for analyzing network traffic. You can also use Process Monitor (procmon) because it has network filtering options. Syncing outputs from Wireshark and procmon can be really powerful, but even running them separately might help you track the application traffic you need.

You might want to try searching online for public IPs related to the application vendor. For instance, searching for "Tenable public IPs" can lead you to their documentation for cloud sensors. If that doesn't yield results, opening a support ticket might be worthwhile. Otherwise, you'll be sifting through firewall logs trying to identify the traffic on your own.