Networking

All deployments of the Insight Agent require proper connectivity to function. This article details the necessary traffic allowance rules that you will need to configure on your assets so their corresponding agents can communicate with the Insight Platform. Additionally, you may need to configure additional rules for the agent directory if you use an endpoint security application in your environment.

Proxy Support

The Insight Agent is now proxy-aware and supports a variety of proxy definition sources. See the Proxy Configuration page for more information.

IMPORTANT

The Insight Agent will not function if your organization decrypts SSL traffic via Deep Packet Inspection technologies.

Insight Platform Connectivity Requirements

The Insight Agent communicates with the Insight Platform through the following channel. All endpoint URLs ending with this destination must be reachable through the designated port.

Data typeDestinationPort
Agent messages, beacons, update requests, and file uploads for collection*.endpoint.ingress.rapid7.com443
Configuration files for deployment*.insight.rapid7.com443

If you need an alternative to configuring a firewall rule that allows traffic for this URL, you can configure firewall rules to allow traffic to the following IP addresses for your selected region instead.

United States - 1United States - 2United States - 3CanadaEuropeJapanAustralia
34.226.68.3513.58.19.3244.242.59.19952.60.40.1573.120.196.152103.4.8.20952.64.24.140
54.144.111.2313.131.127.12652.41.171.5952.60.107.1533.120.221.10818.182.167.9913.55.81.47
52.203.25.2233.139.243.23054.213.168.123
34.236.161.191

Collector Proxy Requirements

If you also use the Rapid7 Collector to proxy agent traffic, it requires the following additional connectivity:

Data typeDestinationPort
Agent messages and beaconsRapid7 Collector
  • 5508
  • 8037 (TCP and UDP)
Agent update requests and file uploads for collectionRapid7 Collector6608

Endpoint Security Software Requirements

Endpoint security applications (such as McAfee Threat Intelligence Exchange, CylancePROTECT, Carbon Black, and others) may flag, block, or delete the Insight Agent from your assets depending on your detection and response settings. To prevent this from happening, configure a rule for the agent directory so your endpoint security software does not target it accidentally.

Your rule must accommodate all subdirectories contained in the agent installation path. The following paths show default agent installation locations by operating system:

  • Windows - C:\Program Files\Rapid7\Insight Agent\
  • Mac and Linux - /opt/rapid7/ir_agent/