Ports required depends on exactly what components you have installed on the servers in question. To understand how all components interact, and the ports required, refer to the best practises guide here: http://b2b-download.mcafee.com/products/evaluation/mcafee_risk_compliance/v7.5/m anuals/mvm750_best_practices_guide.pdf
As far as I recall, not all communication is secure, but I would need to go back to review this myself. Where will the scan engine be placed - is it a remote data centre? somebodys house?
Hope this helps,
Thanks for your answer and for providing me the best practice guide. The scan Engine will be placed in our datacenter but before the firewall and should report the result to an internal Vulnerability Manager(and scan controller, located behind the firewall). The scan engine should our web application and should provide an attacker's view to our webapplication.
Is it enough to open port 3803 and 443 or are there any other ports necessary?