Enterprise Edition
Network and firewall rule reference
-
Last updated: July 16, 2024
-
Read time: 2 Minutes
To run scans in Burp Suite Enterprise Edition, you need to allow inbound and outbound network access between your sites and scanning resources. The specific network requirements vary depending on whether your instance is Cloud or self-hosted, and the type of scans you want to run.
This page lists network requirements for the various combinations of instance and scan type.
On this page
Cloud instances running scans on PortSwigger's infrastructure
Sites need:
-
Inbound access from the Scanner IPs listed on the PortSwigger IP ranges page.
-
Outbound access to
*.oastify.com
on ports80
and443
.
You do not need to configure network access for scanning machines when running scans on PortSwigger's infrastructure.
Cloud instances with self-hosted scans
Sites need:
Inbound access from your scanning machines.
Outbound access to
*.oastify.com
on ports80
and443
.
Scanning machines need:
-
Outbound access to the sites that you want to scan on the relevant ports.
-
Outbound access to the Dashboard IPs listed on the PortSwigger IP ranges page.
Outbound access to
*.oastify.com
on port443
.
Cloud instances with CI-driven scans
Sites need:
Inbound access from your scan containers.
Outbound access to
*.oastify.com
on ports80
and443
.
Scan containers need:
-
Outbound access to the sites that you want to scan on the relevant ports.
-
Outbound access to the Dashboard IPs listed on the PortSwigger IP ranges page.
Outbound access to
*.oastify.com
on port443
.
Self-hosted instances with self-hosted scans
Sites need:
Inbound access from your scanning machines.
Outbound access to
*.oastify.com
on ports80
and443
.
Scanning machines need:
Outbound access to the sites that you want to scan on the relevant ports.
Outbound access to your Enterprise server on port
8072
.Outbound access to
*.oastify.com
on port443
.Access to the database:
If you use the embedded database, allow any external scanning machines to access the Enterprise server machine on port
9092
.If you use an external database, allow the Enterprise server and any external scanning machines to access the database service on the configured host and port.
Note:
When connecting a new scanning machine, the Burp Suite Enterprise Edition server must have access to *.portswigger.net
on port 443
.
Self-hosted instances with CI-driven scans
Sites need:
Inbound access from your scan containers.
Outbound access to
*.oastify.com
on ports80
and443
.
Scan containers need:
Outbound access to the sites that you want to scan on the relevant ports.
Outbound access to your Enterprise server.
Outbound access to
*.oastify.com
on port443
.