diff --git a/website/source/docs/agent/options.html.markdown b/website/source/docs/agent/options.html.markdown
index e04b423475..76146cc0a1 100644
--- a/website/source/docs/agent/options.html.markdown
+++ b/website/source/docs/agent/options.html.markdown
@@ -722,7 +722,7 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
[watch documentation](/docs/agent/watches.html) for more detail. Watches can be
modified when the configuration is reloaded.
-## Ports Used
+## Ports Used
Consul requires up to 5 different ports to work properly, some on
TCP, UDP, or both protocols. Below we document the requirements for each
@@ -745,7 +745,11 @@ port.
* DNS Interface (Default 8600). Used to resolve DNS queries. TCP and UDP.
-## Reloadable Configuration
+Consul will also make an outgoing connection to HashiCorp's servers for
+Atlas-related features and to check for the availability of newer versions
+of Consul. This will be a TLS-secured TCP connection to `scada.hashicorp.com:7223`.
+
+## Reloadable Configuration
Reloading configuration does not reload all configuration items. The
items which are reloaded include:
diff --git a/website/source/docs/internals/security.html.markdown b/website/source/docs/internals/security.html.markdown
index cc02b72bc2..355c880fda 100644
--- a/website/source/docs/internals/security.html.markdown
+++ b/website/source/docs/internals/security.html.markdown
@@ -53,3 +53,9 @@ When designing security into a system you design it to fit the threat model.
Our goal is not to protect top secret data but to provide a "reasonable"
level of security that would require an attacker to commit a considerable
amount of resources to defeat.
+
+## Network Ports
+
+For configuring network rules to support Consul, please see [Ports Used](/docs/agent/options.html#ports)
+for a listing of network ports used by Consul and details about which features
+they are used for.