Permitting access for the Agent (allowlist)
Overview
When performing security assessments, it is commonly recommended to make a few adjustments to the firewall's allowlist configuration to ensure the accuracy of testing, as well as to maximize the time spent on assessments. These allowlist configurations can allow testing procedures to operate without interruptions or being blocked by security controls such as IDS, IPS, WAF etc.
It should be noted that, if the client does not wish to allowlist the source IP addresses, testing activities may be limited, and therefore, the results may not be as detailed.
External Network Pentests
NOTE This is only for external security assessments. Please use the correct region's IP addresses.
There are some situations when you might want to allowlist Vonahi's public IPs used for pentesting to simulate a situation where your security controls are not functioning as expected. We host and launch an external agent when an external network pentest is scheduled.
If you use this URL—https://app.vpentest.io—to login into vPenTest, these are the source IPs for attacks if you're using the US-East hosted version of vPenTest.
-
34.203.65.38
-
54.157.67.248
-
3.92.230.194
If you use this URL—https://emea.app.vpentest.io—to login into vPenTest, these are the source IPs for attacks if you're using the Germany hosted version of vPenTest.
-
18.198.198.250
-
63.176.190.78
-
63.177.210.107
Internal Network Pentests
NOTE This is only required for internal security assessments. Please use the correct region's endpoints.
In most cases, if your organization allows port 443/tcp (https), 80/tcp (http) and 123 (ntp) outbound traffic without restrictions to the destination domains, your Internal Agent should not experience any communication issues. However, if you simply want to explicitly allowlist the endpoints that the Internal Agent requires in order to communicate to vPenTest, please use the following list of endpoints.
United States Region
Use the list below if you log into the US instance and use https://app.vpentest.io to log into vPenTest.
Allow port 443/tcp (https) outbound to all of the following endpoints:
Allow port 443/tcp (https) and 80/tcp (http) outbound for all of the following endpoints:
-
*.ubuntu.com
-
*.docker.com
-
*.github.io
-
*.rubygems.org
-
*.canonical.com
-
*.snapcraftcontent.com
Allow port 123/udp (ntp) to the following endpoint:
NOTE If you prefer to use an internal time server, you can add a host entry in your Ubuntu instance to DNS resolve pool.ntp.org to your local time server's IP address.
German Region
Use the list below if you log into the EMEA instance and use https://emea.app.vpentest.io to log into vPenTest.
Allow port 443/tcp (https) outbound to all of the following endpoints:
Allow port 443/tcp (https) and 80/tcp (http) outbound for all of the following endpoints:
-
*.ubuntu.com
-
*.docker.com
-
*.github.io
-
*.rubygems.org
-
*.canonical.com
-
*.snapcraftcontent.com
Allow port 123/udp (ntp) to the following endpoint:
NOTE If you prefer to use an internal time server, you can add a host entry in your Ubuntu instance to DNS resolve pool.ntp.org to your local time server's IP address.
During some troubleshooting purposes, you may be asked to create an additional allowlist so that our development team can temporarily connect directly to your Agent. The endpoint for this will vary and, therefore, has not been provided in this list.
Permitting exclusions
NOTE These exclusions are optional depending on if you're trying to test the efficacy of your tools or if you want to bypass the tools to perform your assessments.
Modern and advanced security tools/features such as IPS/IDS, EDR, MDR, SOC, XDR are all designed to analyze, detect and take some sort of action against potential malicious activity. A pentest is ethical but follows the methodology and same steps a malicious attacker would take and therefore could be detected as such by the various tools. To avoid issues, business disruption or false alarms we recommend that you allowlist our external IP for external assessments and internal Agent IP for internal assessments.