diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml
index 246f8f36f..eb1e51eb4 100644
--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -1,4 +1,16 @@
 firewall:
+  rules:
+    analyst_workstations: []
+    standalone:
+      - 1.2.3.4
+    sensor:
+      - 1.2.3.3
+      - 2.3.4.5
+    searchnode:
+      - 3.4.5.6
+      - 7.8.9.10
+    manager:
+      - 1.33.2.11
   hostgroups:
     anywhere:
       ips:
@@ -87,3 +99,80 @@ firewall:
       ips: 
         delete: []
         insert: []
+  portgroups:
+    all:
+      tcp:
+        - '0:65535'
+      udp:
+        - '0:65535'
+    agrules:
+      tcp:
+        - 7788
+    beats_5044:
+      tcp:
+        - 5044
+    beats_5644:
+      tcp:
+        - 5644
+    beats_5066:
+      tcp:
+        - 5066
+    docker_registry:
+      tcp:
+        - 5000
+    elasticsearch_node:
+      tcp:
+        - 9300
+    elasticsearch_rest:
+      tcp:
+        - 9200
+    elastic_agent_control:
+      tcp:
+        - 8220
+    elastic_agent_data:
+      tcp:
+        - 5055
+    endgame:
+      tcp:
+        - 3765
+    influxdb:
+      tcp:
+        - 8086
+    kibana:
+      tcp:
+        - 5601
+    mysql:
+      tcp:
+        - 3306
+    nginx:
+      tcp:
+        - 80
+        - 443
+    playbook:
+      tcp:
+        - 3200
+    redis:
+      tcp:
+        - 6379
+        - 9696
+    salt_manager:
+      tcp:
+        - 4505
+        - 4506
+    sensoroni:
+      tcp:
+        - 443
+    ssh:
+      tcp:
+        - 22
+    strelka_frontend:
+      tcp:
+        - 57314
+    syslog:
+      tcp:
+        - 514
+      udp:
+        - 514
+    yum:
+      tcp:
+        - 443
\ No newline at end of file