Whitelisting requirements for Acunetix 360 On-Premises
Configuring network access correctly is a prerequisite to achieving successful accurate scans of your targets. These are the whitelisting configuration steps you will need to consider:
- Outbound connections
- Your browser outbound connections
- Acunetix 360 Scanning Agent outbound connections
- Acunetix 360 Main Installation outbound connections
- Acunetix 360 Auth Verifier Agent outbound connections
- AcuSensor outbound connections
- Inbound connections
- IAST Bridge accepting inbound connections
- Acunetix 360 Main Installation accepting inbound connections
- Your target accepting inbound connections
- Your integration server accepting inbound connections
Outbound connections
Your browser outbound connections
Your browser may be behind an outbound firewall or web proxy, particularly when inside a corporate LAN or behind a corporate VPN. You must ensure that your firewall/proxy/vpn allow outbound connections to:
Scope | Destination |
Browser access to Acunetix 360 | IP or URL of your Acunetix 360 Main Installation on (default) port 443 |
Browser and Agent Access to the Authentication Verifier Service | IP or URL of your Acunetix 360 Main Installation on (default) port 5000/5001 |
Acunetix 360 Scanning Agent outbound connections
If you have deployed a Scanning Agent, you must ensure that your network infrastructure allows it to make outbound connections to:
Scope | Destination |
API Calls to Acunetix 360 Main Installation | IP or URL of your Acunetix 360 Main Installation on (default) port 443 |
API Calls to the AcuMonitor service for out-of-band vulnerability checking | https://r87.me |
VDB Database Download | https://www.invicti.com |
API Calls to the IAST Bridge | https://iast.invicti.com |
Scanning requests to your Target | IP Address / URL for your Target, including destination port |
Acunetix 360 Main Installation outbound connections
For your Acunetix 360 Main Installation, you must ensure that your network infrastructure allows it to make outbound connections to:
Scope | Destination |
API Calls to the AcuMonitor service for out-of-band vulnerability checking | https://r87.me |
VDB Database Download | https://www.invicti.com |
Access Tokens for the Discovery Service | https://jwtsigner.invicti.com |
API Calls to the Discovery Service | https://discovery-service.invicti.com |
API Calls for Invicti Licensing and Target Management | https://service.invicti.com |
Scanning requests to your Target | IP Address / URL for your Target, including destination port |
API Hub discovery for Apigee, Mulesoft, AWS API Gateway, etc | IP ranges or URLs for your Target API Integrations (including port number) |
ZeroDiscovery requests to your Targets | IP Address / URL for your Targets (default port list is 80, 81, 443, 3000, 5000, 7000, 8000, 8008, 8080, 8081, 8083, 8088, 8090, 8181, 8443, 8888) |
Acunetix 360 Auth Verifier Agent outbound connections
For any deployed Auth Verifier agent, you must ensure that your network infrastructure allows it to make outbound connections to:
Scope | Destination |
API Calls for Auth Verifier registration | IP or URL of your Acunetix 360 Main Installation on (default) port 5000/5001 |
API Calls to Acunetix 360 Main Installation | IP or URL of your Acunetix 360 Main Installation on (default) port 443 |
Scanning requests to your Target | IP Address / URL for your Target, including destination port |
ZeroDiscovery requests to your Targets | IP Address / URL for your Targets (default port list is 80, 81, 443, 3000, 5000, 7000, 8000, 8008, 8080, 8081, 8083, 8088, 8090, 8181, 8443, 8888) |
AcuSensor outbound connections
If you have deployed an AcuSensor agent into your target web application, you must ensure that your network infrastructure allows it to make outbound connections to:
Scope | Destination |
API Calls to the IAST Bridge (default) | https://iast.invicti.com |
API Calls to the IAST Bridge (if configured) | IP or URL of your Acunetix 360 IAST Bridge on poer 7880 |
Inbound connections
IAST Bridge accepting inbound connections
You must ensure that your IAST Bridge network infrastructure whitelists incoming connections from:
Scope | Source |
Incoming AcuSensor data | IP or URL of your Target AcuSensor |
API Calls from the Scanning Agent | IP or URL of your Scanning Agent |
Acunetix 360 Main Installation accepting inbound connections
You must ensure that your Acunetix 360 Main Installation's network infrastructure whitelists incoming connections from:
Scope | Source |
Auth Verifier Service (port 5000/5001) | IP or URL of your Auth Verifier Agent |
Your target accepting inbound connections
You must ensure that your target's network infrastructure whitelists incoming connections from:
Scope | Source |
Incoming scanning and verification requests; Incoming API Discovery requests | IP or URL of your Acunetix 360 Main Installation |
Incoming scanning requests | IP Address / URL of your Internal Scanning Agent(s) |
Incoming verification requests; Incoming API Discovery requests | IP Address / URL of your Internal Auth Verifier Agent(s) |
Your integration server accepting inbound connections
Ensure your integration server's network infrastructure allows incoming connections for integration API calls.
Scope | Source |
Integration API calls | IP or URL of your Acunetix 360 Main Installation |