diff --git a/docs/enterprise/installing-embedded-requirements.mdx b/docs/enterprise/installing-embedded-requirements.mdx
index a6a3e3e155..9f88244ef4 100644
--- a/docs/enterprise/installing-embedded-requirements.mdx
+++ b/docs/enterprise/installing-embedded-requirements.mdx
@@ -38,3 +38,52 @@ This topic lists the installation requirements for Replicated Embedded Cluster.
* Required only if the application uses the [Replicated private registry](/vendor/private-images-replicated).
+
+## About Firewalld Configuration
+
+When Firewalld is enabled in the installation environment, Embedded Cluster modifies the Firewalld config to allow traffic over the pod and service networks and to open the required ports on the host. No additional configuration is required.
+
+The following rule is added to Firewalld:
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+```
+
+The following ports are opened in the default zone:
+
+
+
+
Port
+
Protocol
+
+
+
6443
+
TCP
+
+
+
10250
+
TCP
+
+
+
9443
+
TCP
+
+
+
2380
+
TCP
+
+
+
4789
+
UDP
+
+
\ No newline at end of file
diff --git a/docs/partials/embedded-cluster/_port-reqs.mdx b/docs/partials/embedded-cluster/_port-reqs.mdx
index 7aaf2d7a46..021011ea0f 100644
--- a/docs/partials/embedded-cluster/_port-reqs.mdx
+++ b/docs/partials/embedded-cluster/_port-reqs.mdx
@@ -40,4 +40,4 @@ If port 30000 is occupied, you can select a different port for the Admin Console
In addition to the ports above, air gap installations also require that port 50000/TCP is open and available for the Local Artifact Mirror (LAM).
-If port 50000 is occupied, you can select a different port for the LAM during installation. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).
+If port 50000 is occupied, you can select a different port for the LAM during installation. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).
\ No newline at end of file