How can Kenna connect to security applications or on-premise tools that are protected by a firewall?

On premise scanners that can be reached from an external host can have direct communications with Kenna. Adjust your firewall rules to allow for traffic to/from the addresses listed here

If direct access is not possible/allowed, our virtual tunnel is a virtual appliance that allows for connectivity between your Kenna instance and your on premise tools.

We expanded the connectors our Virtual Tunnel works with to include the new Nessus API connector, the Nexpose API connector, the Jira connector, and the Qualys connector.

About the Kenna Virtual Tunnel:

The Kenna Virtual Tunnel allows the Kenna platform to reach security appliances and on-premise tools that may be protected by a firewall or other private networking restrictions. The image is distributed as a Linux-based (Ubuntu 14.04) OVA (VMware hardware level 8), which is usable in all modern VM hypervisors. This VM has been tested with VMware Workstation/Fusion/ESXi, Linux KVM, and VirtualBox programs. If you encounter any issues with deployment, please contact


Outbound Traffic Requirements:

Source Destination Protocol/Port Description Notes
Kenna VM TCP/443 Web traffic used to verify your API key and pull a VPN configuration from Kenna to the VM. A firewall rule for this must use a hostname as a destination, as its IP may change. This traffic can be sent through a standard web proxy.
Kenna VM


TCP/443 OpenVPN traffic used to bring up a VPN tunnel from the VM to Kenna's client gateway. This traffic is not HTTPS and requires a direct outbound connection; it cannot be sent through a web proxy.


NOTE: When considering where to deploy the file, keep in mind that it must be able to reach both the security appliance or server inside your network AND make outbound TCP connections on port 443 to our client gateway at & This can be on a permanent virtualization server or on your own computer. Please keep in mind that if you run the virtual machine on your computer it will only have access to your network when the computer is running and the VM is active.


Installation Steps:

0. Contact to enable this support for your account. Note that Kenna Support must be contacted before you are able to register your virtual tunnel VM.

1. Download the VM image:

     Kenna US Region:

     Kenna EU Region:

2. Import the VM image into your hypervisor or VM program (System Requirements: 700 MHz processor with 512 MiB RAM, 10 GB disk space).

3. Boot the VM.

4. When prompted, enter the API key given to you by Kenna into the VM.

Powered by Zendesk