diff --git a/files/firewall/hostgroups.local.yaml b/files/firewall/hostgroups.local.yaml
index 27ad40f6e..edb08e195 100644
--- a/files/firewall/hostgroups.local.yaml
+++ b/files/firewall/hostgroups.local.yaml
@@ -12,6 +12,9 @@ firewall:
       ips:
         delete:
         insert:
+    elasticsearch_rest:
+        delete:
+        insert:
     fleet:
       ips:
         delete:
diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow
index f66d398db..e86210874 100755
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -21,7 +21,7 @@ local_salt_dir=/opt/so/saltstack/local
 
 SKIP=0
 
-while getopts "ahfsprbowi:" OPTION
+while getopts "ahfesprbowi:" OPTION
 do
     case $OPTION in
         h)
@@ -36,7 +36,11 @@ do
             FULLROLE="beats_endpoint"
             SKIP=1
             ;;
-	    f)
+	    e)
+            FULLROLE="elasticsearch_rest"
+            SKIP=1
+            ;;
+        f)
 	    FULLROLE="strelka_frontend"
             SKIP=1
             ;;
@@ -77,6 +81,7 @@ if [ "$SKIP" -eq 0 ]; then
     echo ""
     echo "[a] - Analyst - ports 80/tcp and 443/tcp"
     echo "[b] - Logstash Beat - port 5044/tcp"
+    echo "[e] - Elasticsearch REST API - port 9200/tcp"
     echo "[f] - Strelka frontend - port 57314/tcp"
     echo "[o] - Osquery endpoint - port 8090/tcp"
     echo "[s] - Syslog device - 514/tcp/udp"
@@ -92,6 +97,8 @@ if [ "$SKIP" -eq 0 ]; then
         FULLROLE=analyst
     elif [ "$ROLE" == "b" ]; then
         FULLROLE=beats_endpoint
+    elif [ "$ROLE" == "e" ]; then
+        FULLROLE=elasticsearch_rest
     elif [ "$ROLE" == "f" ]; then
         FULLROLE=strelka_frontend
     elif [ "$ROLE" == "o" ]; then
diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml
index aa41322a3..c16a63c00 100644
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -48,6 +48,9 @@ role:
           beats_endpoint_ssl:
             portgroups:
               - {{ portgroups.beats_5644 }}
+          elasticsearch_rest:
+            portgroups:
+              - {{ portgroups.elasticsearch_rest }}
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 43774cc00..2aa7bf10c 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -536,9 +536,10 @@ whiptail_nids() {
 	[ -n "$TESTING" ] && return
 
 	NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
-	"Choose which IDS to run:" 20 75 4 \
+	"Choose which IDS to run. \n 
+	Snort 3.0 support will be added once it is out of beta:" 25 75 4 \
 	"Suricata" "Suricata 4.X" ON  \
-	"Snort" "Snort 3.0 Beta" OFF 3>&1 1>&2 2>&3 )
+	"Snort" "Placeholder for Snort 3.0  " OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus