ENTERPRISE

Configuring your environment network and firewall settings

  • Last updated: June 21, 2022

  • Read time: 2 Minutes

To ensure that Burp Suite Enterprise Edition is able to function correctly, you may need to configure your firewall to allow the various components to communicate with each other and the public web.

Configuring a single-machine deployment

If you want to deploy Burp Suite Enterprise Edition to a single machine, you need to ensure that the following connections are allowed:

  • Allow your users and API clients to access the web server. By default, they should use port 8080.

    Note

    On standard deployments, you can choose a different port during the installation process.

    You can't change the web server port on a Kubernetes deployment as your external port should be configured as part of your ingress solution.

  • To activate your license and enable automatic software updates, allow the Enterprise server to access portswigger.net on port 443. If necessary, configure a network proxy to reach the public web.
  • To allow email notifications, give the Enterprise server access to your SMTP server. To find the correct port number for your email service, refer to your email service provider.
  • Allow the machine to access websites that you want to scan on ports 80 and 443, via a proxy server if necessary.
  • To gain the full benefit of Burp Scanner's out-of-band vulnerability detection technology, allow the machine to access burpcollaborator.net and oastify.com on ports 80 and 443.
Simplified network diagram

Configuring a multi-system deployment

Configure the connections as follows:

  • Allow your users and API clients to access the web server. By default, they should use port 8080.

    Note

    On standard deployments, you can choose a different port during the installation process.

    You can't change the web server port on a Kubernetes deployment as your external port should be configured as part of your ingress solution.

  • To activate your license and perform automatic software updates, allow the Enterprise server to access portswigger.net on port 443. If necessary, configure a network proxy to reach the public web.
  • Allow your scanning machines to access the Enterprise server machine on port 8072.
  • Allow the Enterprise server to access portswigger.net throughout the scanning machine installation process. This is necessary to activate the scanning machine license.
  • Allow your scanning machines to access the websites that you want to scan on ports 80 and 443.
  • If you use the bundled database, allow any external scanning machines to access the Enterprise server machine on port 9092.
  • If you use an external database, allow the Enterprise server and any external scanning machines to have access the database service on the configured host and port.

Note

We recommend that you create a dedicated DMZ network to host the machines that Burp Suite Enterprise Edition is deployed on. However, this isn't mandatory.

Advanced network diagram

Next step - Install the application