How to request the creation of a generic post-configured Edge Service in order to scan firewalled and internal assets.
Request a configuration only Edge Service in Delve
To request the creation of a configuration only URL for a generic Edge Service virtual machine, go to the "Settings" panel and click on the "Edge Services" link in the "System settings" box.
In the "Manage Edge Services" panel displayed on the right, use the "+" button to request the creation of a new Edge Service.
From the window that appears, select the "Virtualization Platform" dropdown and choose the Configuration Only generation.
After a few minutes, the configuration URL will be accessible through the cog icon that appears at the right of the Edge Service name.
While the configuration URL gets generated, you can immediately start downloading a generic unconfigured Edge Service image that corresponds with your virtualization environment.
Once the cog icon appears, you can click on it to obtain further instructions and copy the Edge Service Configuration URL
Once the Edge Service has been created, Delve will wait for a connection from the Edge Service. The Status icon in the "Manage Edge Services" panel will stay orange when it isn't connected.
Download a generic Edge Service image archive
With the configuration URL copied, you can download a generic unconfigured Edge Service image that corresponds with your virtualization environment and extract the archive for installation.
Extract the generic Edge Service image archive to obtain its disk image
Due to the image size and compression type, we recommend using the free program 7-Zip to extract the Edge Service image locally before installation (WinZIP/WinRAR might not work properly).
Set-up & run a new VM that uses this disk image
Make sure the VM can be reached through a local IP (either DHCP or Static) for the next configuration steps.
Use the configuration URL to finalize the Edge Service setup
If your generic Edge Service VM is up and running and has an IP on your local network, it will expose a single-use temporary configuration interface that should be accessible on your local network at the following address:
This temporary configuration interface will be automatically turned OFF as soon as the Edge Service is successfully configured.
If you need to change previous settings, you can always re-download the generic image and request a re-generation of a different configuration URL for the same Edge Service through the "regenerate" icon in Delve.
Once you have accessed the temporary configuration interface, you should be presented with the following screen to select the desired local network configuration for the Edge Service:
Then press "submit" and on the next page, you can now enter the configuration URL you were given in Delve's interface by clicking on the cog icon in your Delve account.
Once you press "submit", the Edge Service will download the custom keys in addition to the configuration it needs to run and will be associated to your Delve account.
Soon after, you will see the message "Client keys were downloaded successfully." and the web interface will be turned off immediately.
If you chose a static IP configuration, the machine will reboot automatically, otherwise for DHCP you can just close the tab.
The VM console should now have changed and show connectivity to your Delve account.
It can take a couple of minutes for the status message to change to "connected properly".
Resolving potential connectivity issues
Once your Edge Service VM is up and running, it should connect to Delve automatically if your networking has been configured accordingly.
The Edge Service icon visible in Delve will turn green if the connection is successful.
If you run into connectivity issues, you can try and debug following these suggestions.
18.104.22.168/26 is our public IP range from which the Internet scans will originate, and is also the range to which the ES will connect.
It is recommended to whitelist traffic to and from this subnet for your perimeter scans in order to ensure scan results consistency and to allow egress traffic from the ES to this IP range.