Enterprise Edition

Network and firewall rule reference

  • Last updated: October 31, 2024

  • Read time: 2 Minutes

To run scans in Burp Suite Enterprise Edition, you need to allow inbound and outbound network access between your sites and scanning resources. The specific network requirements vary depending on whether your instance is Cloud or self-hosted, and the type of scans you want to run.

This page lists network requirements for the various combinations of instance and scan type.

Cloud instances running scans on PortSwigger's infrastructure

Sites need:

  • Inbound access from the Scanner IPs listed on the PortSwigger IP ranges page.

  • Outbound access to *.oastify.com on ports 80 and 443.

You do not need to configure network access for scanning machines when running scans on PortSwigger's infrastructure.

Cloud instances with self-hosted scans

Sites need:

  • Inbound access from your scanning machines.

  • Outbound access to *.oastify.com on ports 80 and 443.

Scanning machines need:

  • Outbound access to the sites that you want to scan on the relevant ports.

  • Outbound access to the Dashboard IPs listed on the PortSwigger IP ranges page.

  • Outbound access to *.oastify.com on port 443.

Cloud instances with CI-driven scans

Sites need:

  • Inbound access from your scan containers.

  • Outbound access to *.oastify.com on ports 80 and 443.

Scan containers need:

  • Outbound access to the sites that you want to scan on the relevant ports.

  • Outbound access to the Dashboard IPs listed on the PortSwigger IP ranges page.

  • Outbound access to *.oastify.com on port 443.

Self-hosted instances with self-hosted scans

Sites need:

  • Inbound access from your scanning machines.

  • Outbound access to *.oastify.com on ports 80 and 443.

Scanning machines need:

  • Outbound access to the sites that you want to scan on the relevant ports.

  • Outbound access to your Enterprise server on port 8072.

  • Outbound access to *.oastify.com on port 443.

  • Access to the database:

    • If you use the embedded database, allow any external scanning machines to access the Enterprise server machine on port 9092.

    • If you use an external database, allow the Enterprise server and any external scanning machines to access the database service on the configured host and port.

Note:

When connecting a new scanning machine, the Burp Suite Enterprise Edition server must have access to *.portswigger.net on port 443.

Self-hosted instances with CI-driven scans

Sites need:

  • Inbound access from your scan containers.

  • Outbound access to *.oastify.com on ports 80 and 443.

Scan containers need:

  • Outbound access to the sites that you want to scan on the relevant ports.

  • Outbound access to your Enterprise server.

  • Outbound access to *.oastify.com on port 443.

Was this article helpful?