System Requirements
The following system requirements are necessary to ensure you have the best experience.
Hardware requirements
The Security Console and Scan Engine hardware requirements are different because the Security Console uses significantly more resources.
The Security Console does not support running in a container. However, the Scan Engine is available as a container image on Docker Hub.
Reserved Memory on Virtual Machines
If you intend to deploy to a virtual machine, ensure that you provision the virtual machine with sufficient reserved memory according to the system requirements. The reserved memory value must match the allocated memory. For example, if you’ve allocated 32GB, set the reserved memory to 32GB. Configuring a virtual machine with shared memory may cause negative performance impact including out of memory events.
Security Console requirements:
At this time, we only support x86_64 architecture.
| Asset volume | Processor | Memory | Storage |
|---|---|---|---|
| 5,000 | 4 cores | 16 GB | 1 TB |
| 20,000 | 12 cores | 64 GB | 2 TB |
| 150,000 | 12 cores | 128 GB | 4 TB |
| 400,000 | 12 cores | 256 GB | 8 TB |
Scan Engine requirements:
At this time, we only support x86_64 architecture.
| Asset volume per day | Processor | Memory | Storage |
|---|---|---|---|
| 5,000 assets/day | 2 cores | 8 GB | 100 GB |
| 20,000 assets/day | 4 cores | 16 GB | 200 GB |
Operating Systems
We require an English operating system with English/United States regional settings.
64-bit versions of the following platforms are supported:
| Vendor Platform | OS | Vendor Standard EOL | Vendor Extended EOL | Rapid7 Support EOL |
|---|---|---|---|---|
| Linux | Ubuntu Linux 24.04 | April 1, 2029 | April 1, 2034 | April 1, 2034 |
| Ubuntu Linux 22.04 | April 1, 2027 | April 1, 2032 | April 1, 2032 | |
| Ubuntu Linux 20.04 | May 1, 2025 | April 1, 2030 | April 1, 2030 | |
| Ubuntu Linux 18.04 | May 1, 2023 | April 1, 2028 | April 1, 2028 | |
| Ubuntu Linux 16.04 | April 1, 2021 | April 1, 2026 | April 1, 2026 | |
| Oracle Linux 8 | July 1, 2029 | July 1, 2032 | July 1, 2032 | |
| Oracle Linux 7 | December 1, 2024 | June 1, 2028 | June 1, 2028 | |
| SUSE Linux Enterprise Server 12 | October 31, 2025 | October 31, 2030 | October 1, 2030 | |
| Alma Linux 9 | May 31, 2027 | May 31, 2032 | May 31, 2032 | |
| Rocky Linux 9 | May 31, 2027 | May 31, 2032 | May 31, 2032 | |
| Microsoft Windows | Microsoft Windows Server 2022 | October 13, 2026 | October 14, 2031 | October 14, 2031 |
| Microsoft Windows Server 2019 | January 9, 2024 | January 9, 2029 | January 9, 2029 | |
| Microsoft Windows Server 2016 | January 11, 2022 | January 12, 2027 | January 12, 2027 | |
| Red Hat | Red Hat Enterprise Linux Server 9 | May 31, 2027 | May 31, 2035 | May 31, 2035 |
| Red Hat Enterprise Linux Server 8 | May 31, 2024 | May 31, 2032 | May 31, 2032 | |
| Red Hat Enterprise Linux Server 7 | August 6, 2019 | June 30, 2028 | June 30, 2028 |
For a limited time, Rapid7 will provide support for existing customers on 64-bit versions of the following platforms:
| Vendor Platform | OS | Vendor Standard EOL | Vendor Extended EOL | Rapid7 Support EOL |
|---|---|---|---|---|
| Microsoft Windows | Microsoft Windows Server 2012 R2 | October 9, 2018 | October 10, 2023 | January 2, 2026 |
| Microsoft Windows 8.1 | January 9, 2018 | January 10, 2023 | January 2, 2026 | |
| Red Hat | Red Hat Enterprise Linux Server 6 | May 10, 2016 | June 30, 2024 | January 2, 2026 |
| CentOS | CentOS¹ | 7 August 6, 2020 | June 30, 2024 | January 2, 2026 |
¹ CentOS 7 has reached end-of-life, and no future versions of the CentOS Linux distribution are planned. To maintain compatibility, receive security updates, and ensure full support, migrate to a supported operating system from Rapid7’s approved list.
Browsers
We support the most recent version of the following browsers:
- Google Chrome (Recommended)
- Mozilla Firefox
- Mozilla Firefox ESR
- Microsoft Edge
Firewall requirements
Security Console firewall requirements:
You must configure your firewall rules to allow outbound connectivity using Port 443. This ensures you can successfully upload data from the Security Console to the Insight Platform.
| Region | Region URL | S3 (Agent Downloads only) |
|---|---|---|
| United States - 1 | us.api.endpoint.ingress.rapid7.com us.deployment.endpoint.ingress.rapid7.com us.exposure-analytics.insight.rapid7.com | s3.amazonaws.com |
| United States - 2 | us2.api.endpoint.ingress.rapid7.com us2.deployment.endpoint.ingress.rapid7.com us2.exposure-analytics.insight.rapid7.com | s3.us-east-2.amazonaws.com |
| United States - 3 | us3.api.endpoint.ingress.rapid7.com us3.deployment.endpoint.ingress.rapid7.com us3.exposure-analytics.insight.rapid7.com | s3.us-west-2.amazonaws.com |
| Europe | eu.api.endpoint.ingress.rapid7.com eu.deployment.endpoint.ingress.rapid7.com eu.exposure-analytics.insight.rapid7.com | s3.eu-central-1.amazonaws.com |
| Canada | ca.api.endpoint.ingress.rapid7.com ca.deployment.endpoint.ingress.rapid7.com ca.exposure-analytics.insight.rapid7.com | s3.ca-central-1.amazonaws.com |
| Japan | ap.api.endpoint.ingress.rapid7.com ap.deployment.endpoint.ingress.rapid7.com ap.exposure-analytics.insight.rapid7.com | s3-ap-northeast-1.amazonaws.com s3.ap-northeast-1.amazonaws.com |
| Australia | au.api.endpoint.ingress.rapid7.com au.deployment.endpoint.ingress.rapid7.com au.exposure-analytics.insight.rapid7.com | s3-ap-southeast-2.amazonaws.com s3.ap-southeast-2.amazonaws.com |
For additional IP addresses for each region see Connectivity requirements.
You must also allow the Security Console to make outbound connections to updates.rapid7.com on Port 443. The Security Console connects to updates.rapid7.com regularly to check for new product versions (every 6 hours) and vulnerability/policy content (every 2 hours). With every connection, the console uploads a JSON file containing license and usage information that helps Rapid7 understand how the Security Console is being used. This upload does not contain any vulnerability assessment data from your assets or any other sensitive information on your environment.
Scan Engine firewall requirements:
If firewalls are present on your network, make sure you whitelist the necessary ports for your Security Console and Scan Engine host according to the communication method of your choice. Consult the following table for port whitelist requirements.
| Source | Destination | Port | Protocol | |
|---|---|---|---|---|
| Console-to-Engine | Console | Scan Engine | 40814 | TCP |
| Engine-to-Console | Engine | Console | 40815 | TCP |
Ports
The ports shown in this table are the default ports used by the Security Console and Scan Engine. If you modify these default ports during the deployment procedure, make sure your firewall rules match your port modifications.