For us to scan IP addresses within your local network or behind a firewall, you'll need to set up a Virtual Machine (VM) within your environment and install our Scan Engine. The specifications for this VM are below:

Once this has been created, please make sure the VM has internet access, then provide us with its public IP address via the chat in the bottom right-hand corner of the Defense.com website. If you're unsure of your VM's public IP, you can discover this using the command below:

We will then whitelist this IP address on our end, allowing your scan engine to communicate with us.

You will also be required to add a bi-directional rule in your firewall to allow traffic to our scan console - scanner.defense.com on tcp port 40815

Next, use the links below to download the Scan Engine installer:

Windows Installer

Linux Installer

Before you proceed with the installation, please contact us to get your Shared Secret. This is a code that is used to authenticate your scan engine with our platform.

Important! Your Shared Secret is only valid for 60 minutes. Once provided, please proceed with the installation as soon as possible. If it expires, you will need to get back in touch with us to request a new Shared Secret.

Once you have your Shared Secret, if your VM is running Windows, double-click on the installer file to start the installer.

If you're on Linux, open a terminal and change your working directory to the directory where you downloaded the file (e.g. "cd /home/username/Downloads"), then run the below commands to make the installer file executable and run it:

Once run, the installer will start and if you're using Windows, you'll be prompted to provide admin access to the installer. Please click Yes at this stage.

The Wizard will then open and you'll be shown a Welcome screen with some information about the product. Click Next.

Note: the wizard won't appear if you're using command line to access your VM, but the steps are still the same.

You may then receive a warning from the Windows Firewall. Please make sure that Private networks at least is selected, then click Allow access.

Next, you'll be asked to Select components and an installation path. Please select the Scan Engine only option, then make sure the Communication Direction is set to Engine to Console. The Destination Directory can be left as the default. Once entered, click Next.

Next, the installer will check your Installation requirements. It may warn you that the "update server could not be accessed", but don't worry about this as we can update the software remotely once it's paired with our platform. As long as this is the only warning, click Next to proceed.

You'll then be asked if you'd like to "Pair your Scan Engine to the Insight Platform". This is different from pairing the engine to our console, so please do not select this option. Click Next to continue.

Next, you'll then be asked for some Account Information. This will be used to generate certificates to secure the connection between the engine and our platform. Please fill in your details at this stage. There's no need to worry too much about these details, as it's not overly important who's details are entered.

Next, you'll be asked to select a location in your Start Menu for shortcuts. The default is fine here, so just click Next if you're unsure.

The next page just gives you an overview of what you've already selected. If you're happy, click Next to proceed with the installation.

The installer will run for a little while, then you'll be taken to the Console details screen, where you pair your scan engine with our platform.

Once these details have been entered, click Test to make sure you can reach our platform. If not, please ensure that your firewall is allowing outbound connections to scanner.defense.com on TCP port 40815.

Once the test is successful, click Next to continue. Your engine has now been installed and will attempt to pair with scanner.defense.com (this will take some time).

After 15 minutes, contact us and ask us to check if your scan engine has been paired (as you won't be able to see this yourself). Once that's confirmed, please provide us with a list of internal IP addresses you'd like to scan and we can configure a scan group to use your new scan engine.