Networking

All deployments of the Insight Agent require proper connectivity to function. This article details the necessary whitelisting rules that you will need to configure on your assets so their corresponding agents can communicate with the Insight platform. Additionally, you may need to configure whitelisting rules for the agent directory if you use an endpoint security application in your environment.

Proxy Support

The Insight Agent is now proxy-aware and supports a variety of proxy definition sources. See the Proxy Configuration page for more information.

IMPORTANT

The Insight Agent will not function if your organization decrypts SSL traffic via Deep Packet Inspection technologies.

Insight Platform Connectivity Requirements

The Insight Agent communicates with the Insight platform through the following channel. All endpoint URLs ending with this destination must be whitelisted for the designated port.

Data type

Destination

Port

Agent messages, beacons, update requests, and file uploads for collection

*endpoint.ingress.rapid7.com

443

Configuration files for deployment

*insight.rapid7.com

443

If you need an alternative to the URL whitelisting method shown previously, whitelist the following IP addresses for your selected region instead.

Region

IP Address

United States

34.226.68.35
54.144.111.231
52.203.25.223
34.236.161.191

Canada

52.60.40.157
52.60.107.153

Europe

3.120.196.152
3.120.221.108

Australia

52.64.24.140
13.55.81.47
13.236.168.124

Japan

103.4.8.209
18.182.167.99

Collector Proxy Requirements

If you also use the Rapid7 Collector to proxy agent traffic, it requires the following additional connectivity:

Data type

Destination

Port

Agent messages and beacons

Rapid7 Collector

5508
8037 (TCP and UDP)

Agent update requests and file uploads for collection

Rapid7 Collector

6608

Endpoint Security Software Requirements

Endpoint security applications (such as McAfee Threat Intelligence Exchange, CylancePROTECT, Carbon Black, and others) may flag, block, or delete the Insight Agent from your assets depending on your detection and response settings. To prevent this from happening, configure a whitelist rule for the agent directory so your endpoint security software does not target it accidentally.

Your whitelist rule must accommodate all subdirectories contained in the agent installation path. The following paths show default agent installation locations by operating system:

  • Windows - C:\Program Files\Rapid7\Insight Agent\
  • Mac and Linux - /opt/rapid7/ir_agent/