Before starting the installation process, make sure the Security Console’s host machine meets the following requirements.


Check our System Requirements page for details. Note the supported operating systems and browsers in particular. Also, you can run the Security Console and Scan Engine on a virtualized instance of any of our supported operating systems as long as they meet the system requirements.

Rapid7 recommends deployments with Ubuntu Linux.

Look familiar?

If you’re arriving here from the basic deployment plan, you’ll notice that we already considered some of this information.


The following network requirements must be configured to use the Security Console:

Host IP address

The IP address of your host machine must be statically assigned. You will use this address to access the Security Console’s web interface.


The Security Console communicates through these ports in order to perform the following tasks:





3780 (HTTPS protocol)

Web interface access to the Security Console


Security Console


Management of scan activity on Scan Engines and the retrieval of scan data


Scan Engine


Allows the Security Console to download content and feature updates.

You must allow the server hosting Nexpose to make outbound connections to on port 443. The Security Console connects to regularly to check for new product versions (every 6 hours) and vulnerability/policy content (every 2 hours). With every connection, the console uploads a JSON file containing license and usage information that helps Rapid7 understand how Nexpose is being used. This upload does not contain any vulnerability assessment data from your assets or any other sensitive information on your environment.

You can see the contents of this JSON file yourself by running the generate statistics command in the command console.


25, 465 (These ports are optional and feature-related)

If report distribution through an SMTP relay is enabled, the Security Console must be able to communicate through these channels to reach the relay server


SMTP relay server

Programs and services

Several programs and services must be disabled for the Security Console to function. In general, the following services may interfere with network scanning and may also prevent checks from loading or executing:

  • Anti-virus / malware detectors
    • If disabling your anti-virus or malware detection software is not an option, make sure that you configure the software to bypass the Rapid7 installation directory on your Security Console host (the default location for this directory on Windows is C:\Program Files\Rapid7). This ensures that Nexpose can operate without interference from this kind of software.
  • Intrusion Detection Systems (IDS)
  • Personal firewalls
  • Executable blocking products
  • SELinux

How to Verify and Disable SELinux

If you intend to install the Security Console on a Linux host, you can verify whether or not SELinux is disabled, and take action to disable it if it isn't, with the following procedure:

  1. Check the status of SELinux by opening its configuration file using a text editor of your choice. Enter the following command in a terminal to do so:
vi /etc/selinux/config
  1. Navigate to the line beginning with SELINUX=. If the value of this line shows enforcing, you will need to make an edit to disable SELinux.
  2. To do so, modify the value of SELINUX= from enforcing to disabled:
  1. When finished, save and close the configuration file.
  2. Run the following command in your terminal to restart the Linux host so the changes can take effect:
shutdown -r now

Do you have what Nexpose needs?

You should now understand all the requirements for the Security Console and where you need to make any necessary adjustments. When you’re ready, let’s download an installer.