Connectivity Requirements

The Insight Agent requires properly configured assets and network settings to function correctly. Since the method of agent communication varies by product, additional configuration may be required depending on which Insight products you plan to use. Before you deploy the Insight Agent, make sure that the Agent can successfully connect and transfer data to the Insight Platform by fulfilling the following requirements:

Proxy Support

The Insight Agent is now proxy-aware and supports a variety of proxy definition sources. See the Proxy Configuration page for more information.

SSL Decryption Exclusion

The Insight Agent will not work if your organization decrypts SSL traffic via Deep Packet Inspection technologies like transparent proxies.

Insight Platform Connectivity Requirements

The Insight Agent communicates with the Insight Platform through specific channels that allow for the transfer of data, in a safe and secure manner. To ensure all data reaches the Insight Platform, configure your endpoints such that the following destinations are reachable through the designated port:

Data typeDestinationPort
Agent messages, beacons, update requests, and file uploads for collection*.endpoint.ingress.rapid7.com443
Configuration files for deployment*.insight.rapid7.com443

As an alternative to configuring a firewall rule that allows traffic for this URL, you can instead configure firewall rules to allow traffic to the following IP addresses and CIDR blocks for your selected region.

United States - 1United States - 2United States - 3CanadaEuropeJapanAustralia

Collector Proxy Requirements

If you also use the Rapid7 Collector to proxy agent traffic, you will require the following additional connectivity:

Data typeDestinationPort
Agent messages and beaconsRapid7 Collector
  • 5508
  • 8037 (TCP and UDP)
Agent update requests and file uploads for collectionRapid7 Collector6608