Deploy Rapid7 Agent (Insight Agent) in InsightGovCloud
If you’re an existing Rapid7 Agent (Insight Agent) customer who is planning to transition to the InsightGovCloud environment, please review the following technical requirements to ensure a successful deployment.
Replace your agents with FIPS-certified Rapid7 Agents
The standard commercial version of the Rapid7 Agent (Insight Agent) does not include the FIPS-certified (Federal Information Processing Standards) cryptographic module required for FedRAMP compliance.
To operate within the InsightGovCloud environment, you must:
- Uninstall the commercial version of the Rapid7 Agent (Insight Agent).
- Download and install the FedRAMP-specific (FIPS-compliant) version from the InsightGovCloud user interface. You can follow the instructions to download the installer in the Rapid7 Agent documentation.
Existing commercial Rapid7 Agents are not compliant
Rapid7 InsightGovCloud requires a FIPS-compliant agent in order to meet the benchmarks for FedRAMP compliance. Using your existing commercial agent or any non-FIPS version will not meet FedRAMP requirements and will not be compatible with the InsightGovCloud environment.
Update Firewall Rules for Rapid7 Agent connectivity
The InsightGovCloud environment uses a different set of network endpoints for agent communication.
To maintain full agent functionality:
- Review and update your firewall rules to allow outbound access to FedRAMP-specific URLs and IP addresses.
- Ensure connectivity for critical agent functions, including data transmission, update delivery, and vulnerability assessments.
Updating the firewall rules is essential
Missing this step will block essential Rapid7 Agent (Insight Agent) functionality such as data transmission, update retrieval, and vulnerability management.
| Endpoint | Description | Supported static IP addresses |
|---|---|---|
| usg1.endpoint.ingress.rapid7-gov.com | For Insight Agent messages and beacons. | 56.136.3.166; 3.30.247.167; 15.205.227.208 |
| usg1.storage.endpoint.ingress.rapid7-gov.com | For Insight Agent file uploads. | 56.136.3.166; 3.30.247.167; 15.205.227.208 |
| usg1.api.endpoint.ingress.rapid7-gov.com | For Insight Agent messages, beacons, and file uploads. | 56.136.3.166; 3.30.247.167; 15.205.227.208 |
| usg1.bootstrap.endpoint.ingress.rapid7-gov.com; usg1.cdn.storage.endpoint.ingress.rapid7-gov.com | For Insight Agent software updates. | 56.136.3.166; 3.30.247.167; 15.205.227.208 |
| usg1.deployment.endpoint.ingress.rapid7-gov.com | For certificate files used in token-based Insight Agent installations. | 56.136.3.166; 3.30.247.167; 15.205.227.208 |