There are a number of options for on premise tools protected by a firewall. On premise scanners that can be reached from an external host can have direct communications with Kenna. Adjust your firewall rules to allow for traffic to/from the addresses listed here. If direct access is not possible/allowed, we have two options which will allow for connectivity between your Kenna instance and your on premise tools: the Kenna Agent and the Kenna Virtual Tunnel.
About the Kenna Virtual Tunnel:
The Kenna Virtual Tunnel is distributed as an image on a Linux-based (Ubuntu 14.04) OVA (VMware hardware level 8), which is usable in all modern VM hypervisors. This VM has been tested with VMware Workstation/Fusion/ESXi, Linux KVM, and VirtualBox programs.You must contact firstname.lastname@example.org first, before installing the Virtual Tunnel.
About the Kenna Agent:
The Kenna Agent is an image that you install on your own VM, therefore it differs from the Virtual Tunnel in that it allows access to patch and maintain the image. A common use case for the agent is that it can be used at multiple physical locations unlike the Virtual Tunnel. The limitation with the Kenna Agent is that it currently only supports Nexpose, newer versions of Nessus (7 & up) and Sonatype. If you use connectors that are not currently supported by the Kenna Agent, including ticketing connectors, we suggest using the Virtual Tunnel.