Setting up an external scanner for AppScan Enterprise in the DMZ

If you're testing websites that are outside the firewall, you can set AppScan Enterprise to go through the firewall to test them. However, opening a port through the firewall poses a security risk, as does having a system that stores potentially sensitive files outside the firewall (such as logs and scan data). As an alternative, consider setting up a proxy to provide access outside the firewall.

Procedure

  1. Create local accounts on all of the Dynamic Analysis Scanners with the same user name/password to be used as the service account and for login during installation. Administrative accounts are preferred; see Required user account information during installation and configuration for a list of specific permissions.
  2. A connection between the scanner and ASE database is required. Open the standard MS SQL ports 1433/1434 in the firewall, or add a custom port if communication with SQL Server is configured this way and is preferred.
  3. Run the configuration wizard. In the Database Connection window, enter the server name and port numbers when prompted.
  4. While the configuration wizard is running, you will encounter this error: "The server or role does not exist." This message displays because you are using local accounts, but it doesn't affect the installation. To bypass the error, use the Ctrl key while you click OK in the message dialog.
  5. Finish the configuration wizard and exit.