ENTERPRISE

Configuring network and firewall settings

  • Last updated: May 17, 2022

  • Read time: 3 Minutes

The various components of Burp Suite Enterprise Edition need access to specific ports in order to communicate with each other and the outside world. It might be necessary to configure your firewall to allow the required access.

Single-machine deployment

For a single-machine deployment, please make sure that the following connections are available:

  • By default, users and API clients need to access the web server via port 8080. On standard deployments, you can choose a different port during the installation process. However, you cannot change web server ports on a Kubernetes deployment, as your external port should be configured as part of your ingress solution setup.
  • The Enterprise server needs to access portswigger.net on port 443 activate your license and perform automatic software updates. For the best experience, we recommend allowing this access throughout your ongoing usage of the software, not only during initial installation. You can configure a network proxy if this is needed to reach the public web.
  • The Enterprise server needs to access your SMTP server to send emails. The port number depends on which email service you use. You should be able to find out which port this is by searching online or in the documentation of your email service provider.
  • The machine needs to be able to access websites that you want to scan on ports 80 and 443.
  • To gain the full benefit of Burp Suite's out-of-band vulnerability detection technology, the machine needs access to burpcollaborator.net and oastify.com on ports 80 and 443.
Simplified network diagram

Multi-system deployment

If you decide to deploy several external machines, such as an external database or scanning machines, the following requirements apply:

  • By default, users and API clients need to access the web server via port 8080. On standard deployments, you can choose a different port during the installation process. However, you cannot change web server ports on a Kubernetes deployment, as your external port should be configured as part of your ingress solution setup.
  • The Enterprise server needs to access portswigger.net on port 443 activate your license and perform automatic software updates. For the best experience, we recommend allowing this access throughout your ongoing usage of the software, not only during initial installation. You can configure a network proxy if this is needed to reach the public web.
  • Your scanning machines need to access the Enterprise server machine on port 8072. Please note that the Enterprise server must have access to portswigger.net throughout the scanning machine installation process, as this is necessary to enable the scanning machine.
  • Your scanning machines need to be able to access websites that you want to scan on ports 80 and 443.
  • If you use the bundled database, then any external scanning machines will need to access the Enterprise server machine on port 9092.
  • If you use an external database, then the Enterprise server and any external scanning machines will need to access the database service on the configured host and port.
  • We also recommend creating a dedicated DMZ network to host the machines on which Burp Suite Enterprise Edition is deployed, but this is not mandatory.
Advanced network diagram