diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml
new file mode 100644
index 000000000..d671a0674
--- /dev/null
+++ b/salt/firewall/soc_firewall.yaml
@@ -0,0 +1,21 @@
+firewall:
+  grid:
+    hosts:
+      analyst_workstations:
+        description: List of IP Addresses or CIDR blocks to allow analyst workstations.
+      analyst: 
+        description: List of IP Addresses or CIDR blocks to allow analyst connections.
+      standalone: 
+        description: List of IP Addresses or CIDR blocks to allow standalone connections.
+      eval: 
+        description: List of IP Addresses or CIDR blocks to allow eval connections.
+      idh: 
+        description: List of IP Addresses or CIDR blocks to allow idh connections.
+      manager: 
+        description: List of IP Addresses or CIDR blocks to allow manager connections.
+      heavynode: 
+        description: List of IP Addresses or CIDR blocks to allow heavynode connections.
+      searchnode: 
+        description: List of IP Addresses or CIDR blocks to allow searchnode connections.
+      receiver: 
+        description: List of IP Addresses or CIDR blocks to allow receiver connections.
\ No newline at end of file