ENTERPRISE

Network and firewall configuration

  • Last updated: October 6, 2021

  • Read time: 2 Minutes

The various components of Burp Suite Enterprise Edition need access to specific ports in order to communicate with each other and the outside world. It might be necessary to configure your firewall to allow the required access.

Fully bundled deployment

For the most basic, bundled deployment, please make sure that the following connections are available:

  • Users need to access the web server on a port of your choosing. By default, this is 8080, but you can choose a different one during the installation.
  • The Enterprise server needs to access portswigger.net on port 443 activate your license and perform automatic software updates. For the best experience, we recommend allowing this access throughout your ongoing usage of the software, not only during initial installation. You can configure a network proxy if this is needed to reach the public web.
  • The Enterprise server needs to access your SMTP server to send emails. The port number depends on which email service you use. You should be able to find out which port this is by searching online or in the documentation of your email service provider.
  • The agents need to be able to access websites that you want to scan, for example, on ports 80 and 443.
Simplified network diagram

Multi-system deployment

If you decide to deploy several external machines, such as an external database or agent machines, the following requirements apply:

  • Users and API clients need to access the web server on a port of your choosing. By default, this is 8080, but you can choose a different one during the installation.
  • The Enterprise server needs to access portswigger.net on port 443 activate your license and perform automatic software updates. For the best experience, we recommend allowing this access throughout your ongoing usage of the software, not only during initial installation. You can configure a network proxy if this is needed to reach the public web.
  • If you install agents on any external machines, these need to access the Enterprise server machine on port 8072.
  • If you use the bundled database, then any external agent machines will need to access the Enterprise server machine on port 9092.
  • If you use an external database, then the Enterprise server and any external agents will need to access the database service on the configured host and port.
  • Agents need to be able to access websites that you want to scan, for example, on ports 80 and 443.
  • To gain the full benefit of Burp Suite's out-of-band vulnerability detection technology, agents will need to access burpcollaborator.net on port 443.
  • We also recommend creating a dedicated DMZ network to host the machines on which Burp Suite Enterprise Edition is deployed, but this is not mandatory.
Advanced network diagram