Professional edition: Separation of Web Frontend and System Backend to different hosts?

  • Is there a documented, supported way? (I didn’t found any)
  • And if it is, does it work without SSH protocol between the frontend and the master (since an SSH tunnel is a kind of hole through the firewall which should be between)?

Background: If the master gets compromised, effectively the whole organization is compromized, since the attacker can reach all sensors, and the sensors reach all networks. Therefore it helps to have a dedicated host with the frontend, connecting only over API through a firewall to the master (ideally NOT via SSH).

Best regards, Christoph K.

I guess you want to use a sensor virtual appliance:

No. The sensor separates the scan engine, enabling to scan a network where the master is not allowed to connect directly.

What I asked about is to separate the user web frontend (that’s the port where you connect the browser to with HTTPS, 443/tpc) from the backend (core system with PostgreSQL database under the hood), a firewall between those separated hosts, and connected with an API protocol, ideally not with SSH.

In Greenbone terms maybe to have the “Greenbone Security Assistant” on a separate server.

Hi, if you build our software from source this would be possible technically wise. But nevertheless it is not supported and provided via a Greenbone product.


OK, that’s what I wanted to know. Thanks!