What are the firewall settings for the Scanner Appliance?

The Scanner Appliance needs to be able to communicate with the Holm Security VMP cloud platform. For this, the following firewall settings are required.

For security reasons, we require the Scanner Appliance to use one single source IP address for outbound public access.  

Important when scanning across subnets

If you are performing scans on a different subnet within your environment, it is important to allow the local IP address of the Scanner Appliance in your firewall settings for communication with the target subnet.


Allow outgoing communication over the following ports:

  • 443
  • 8022


Allow outgoing communication to the following network:

  • IPv4:
    If a /22 network is too large to grant access to, please use the following: and
  • IPv6: 2a0b:6800::/29

Test the connection
You can test the communication from the Scanner Appliance by running a connectivity test from the Scanner Appliance interface. To do so, read this article:

To test the connection manually from your local network, connect using an SSH client over port 8022 against and with wget/curl against on port 8022 (should return "Error 406").