Endpoint antivirus ACL

Hi, I need to permit few tcp ports from internet to specific endpoint, I'd like to place a kind of ACL on endpoint client host..

is it possible even from sophos central ?