diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml
index 125bf0f08..0d32d57ca 100644
--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -1,6 +1,5 @@
 firewall:
   hostgroups:
-    analyst: []
     anywhere:
       - 0.0.0.0/0
     beats_endpoint: []
@@ -26,6 +25,7 @@ firewall:
     standalone: []
     strelka_frontend: []
     syslog: []
+    workstation: []
     customhostgroup0: []
     customhostgroup1: []
     customhostgroup2: []
@@ -215,9 +215,9 @@ firewall:
             strelka_frontend:
               portgroups:
                 - strelka_frontend
-            analyst:
+            workstation:
               portgroups:
-                - nginx
+                - yum
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -458,9 +458,9 @@ firewall:
             endgame:
               portgroups:
                 - endgame
-            analyst:
+            workstation:
               portgroups:
-                - nginx
+                - yum
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -507,6 +507,9 @@ firewall:
             receiver:
               portgroups:
                 - salt_manager
+            workstation:
+              portgroups:
+                - salt_manager
             self:
               portgroups:
                 - syslog
@@ -637,9 +640,9 @@ firewall:
             endgame:
               portgroups:
                 - endgame
-            analyst:
+            workstation:
               portgroups:
-                - nginx
+                - yum
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -686,6 +689,9 @@ firewall:
             receiver:
               portgroups:
                 - salt_manager
+            workstation:
+              portgroups:
+                - salt_manager
             self:
               portgroups:
                 - syslog
@@ -824,9 +830,9 @@ firewall:
             strelka_frontend:
               portgroups:
                 - strelka_frontend
-            analyst:
+            workstation:
               portgroups:
-                - nginx
+                - yum
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -876,6 +882,9 @@ firewall:
             receiver:
               portgroups:
                 - salt_manager
+            workstation:
+              portgroups:
+                - salt_manager
             self:
               portgroups:
                 - syslog
@@ -1169,9 +1178,9 @@ firewall:
                 - elastic_agent_control
                 - elastic_agent_data
                 - elastic_agent_update
-            analyst:
+            workstation:
               portgroups:
-                - nginx
+                - yum
             customhostgroup0:
               portgroups: []
             customhostgroup1:
diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml
index 0011a245e..78c0ebc73 100644
--- a/salt/firewall/soc_firewall.yaml
+++ b/salt/firewall/soc_firewall.yaml
@@ -1,6 +1,6 @@
 firewall:
   hostgroups:
-    analyst: &hostgroupsettings
+    workstation: &hostgroupsettings
       description: List of IP or CIDR blocks to allow access to this hostgroup.
       forcedType: "[]string"
       helplink: firewall.html
diff --git a/salt/manager/tools/sbin/so-firewall-minion b/salt/manager/tools/sbin/so-firewall-minion
index 7b0ddab90..d3bbb3eeb 100755
--- a/salt/manager/tools/sbin/so-firewall-minion
+++ b/salt/manager/tools/sbin/so-firewall-minion
@@ -79,4 +79,7 @@ fi
 		'RECEIVER')
 			so-firewall includehost receiver "$IP" --apply
 			;;
+		'WORKSTATION')
+			so-firewall includehost workstation "$IP" --apply
+			;;
     esac