NeXpose FAQ - Installation Answers

What ports must be open in my firewalls for NeXpose to function?

• To communicate to Rapid7’s update server NeXpose must be able to connect to the Internet via Port 80. (Communications to our update server can be proxied. Distributed components do not require direct access to the Internet.)
• To communicate to any distributed components NeXpose must be able to connect to Scanning Engines via Port 40814. (This is the default port setting. It may be changed after the initial setup.)
• To scan across firewalls without the use of distributed components NeXpose requires an entry to be added to the firewall’s ACL to allow all traffic from the NSC’s IP address.

Back

How do I get NeXpose to start automatically on Windows?

To get NeXpose to start automatically in Windows a user with administrator level access must log in to Windows and access the "Services” window under the Microsoft Management Console. From there find the service named "NeXpose Security Console” and set its startup to "Automatic”. This setting will cause the NeXpose console to start automatically each time the server is rebooted.

Back

All I see is a DOS prompt. How do I log in?

In Windows, the screen you are seeing is the NeXpose Command Console. At this point you will open a web browser and direct the browser to the IP address of the machine and the port that NeXpose is bound to. For example,if your machine is 10.1.90.55 and the port is 3780 then your url would be "HTTPS://10.1.90.55:3780". Be sure to use HTTPS instead of HTTP. That will bring up the login screen and allow you to put in the user name and password you defined in the initial setup.

Back

How can I check to see if my NeXpose license is valid?

You can confirm whether your NeXpose license is valid via the console interface:

https://ipaddress:3780/admin/diag_console.html.

Once in the console, type in the command: "show licenses" This should display the expiration date of the licenses that arecurrently in use. If all your current licenses have expired, you can request a new license.

Back

How do I obtain a new license?

First, obtain your product key by contacting support or your Account Manager.

You obtain a new license by entering a product key on the Administration --> NeXpose Security Console --> Licensing page of the NeXpose interface. When you enter this key and click the Activate button, NeXpose will install a new license for your system. If you don’t have a product key, you can request one by clicking the New Key button on the Licensing page. This will open your e-mail client with a Rapid7 Technical Support address in the To: field. Simply send an e-mail, requesting a new key. It would be helpful for you to include your NeXpose serial number in the request. You can find the number on the Administration --> NeXpose Security Console --> General page of the interface.

Back

How do I confirm a new license?

From the interface, there is a hidden diagnostic console window where you can access the NeXpose Security Console: https://ipaddress:3780/admin/diag_console.html. This window functions as the UI connection to the NeXpose Command Console. In this window, you can type in commands and click on 'execute'. After each command is executed the screen much be refreshed to prepare for the next command. The following commands will force an update and display the license that NeXpose is using respectively:

>> update now
>> show licenses

You should see the new license file displayed. Note: you may see the eval license in there as well and that's ok as long as the new license listed above is in there. NeXpose will always select the "best” license for usage.

Back

Can I use NeXpose if I have an IDS/IPS?

NeXpose compliments IDS/IPS very well but two important allowances must be made.

• NeXpose and the IDS/IPS cannot share the same server. Because of the way NeXpose functions, the IDS/IPS will cause scans to take extra time and be less reliable.
• A rule must be created in the IPS/IDS to ignore all traffic from the NeXpose server’s IP address. If this rule is not created, the IPS/IDS will treat NeXpose as a threat and attempt to defeat the scans.

Back

Can I use NeXpose if I have a firewall?

You can perform NeXpose scans through your firewall with proper configuration:

• To scan across firewalls without the use of distributed components, NeXpose requires an entry to be added to the firewall’s ACL to allow all traffic from the NeXpose Scan Console’s IP address across the firewall.
• You can bypass the firewall entirely by taking advantage of NeXpose’s distributed architecture by placing a remote scanning engine on the other side of the firewall or utilizing the Hosted Scanning Engine for outward facing devices.

Rapid7 can assist in this setup process but if you cannot release your firewall configuration to us, it will be difficult for us to assist you. If this is the case, you have several options available to you:

• Rapid7 will be happy to sign a non-disclosure agreement with your company so that we may receive confidential information that will enable us to further assist you. We have a standard NDA form that we can provide you, or you can provide your own.
• Alternately you can try contacting your hardware/software vendor for support.

Back

How do I change the default session timeout of the Web User Interface?

To change the timeout, select the "Administration” tab and then click "Manage” NeXpose Security Console hyperlink. Then select the "Web Server” tab on the left side. Change the default "Session Timeout” value.

Back