View the QGS Appliance
The Activity Summary widgets provide aggregate activity information for all QGS appliances in the subscription. Active Agents and Total Agents count the number of unique agent IPs connecting through all appliances. Bandwidth Savings is calculated in cache mode.
- Status: This column shows the current status of your appliance. Appliances with a common CA certificate enabled are shown as an icon (Highlighted) on the appliance list page.
- Unique IPs: This column shows the count of unique IPs that have communicated through the QGS appliance proxy port during the last 60 minutes.
- Active Agents: This column shows the number of active agents that have communicated via the QGS appliance cache port during the last 60 minutes, with QGS and Cloud Agent configured to use Cache mode.
In Proxy mode, you’ll see only the unique IPs count on QGSUI, while in Cache mode, you’ll see the count of active agents and unique IPs on QGSUI.
To create a new appliance, click New Appliance.
Create a New Appliance
While creating a new appliance/personalization code, you can choose the appliance certificate type from the "Certificate Type" section.
Here are the four supported certificate types and their definitions.
| Certificate Type | Scope | Root Certificate | Use Case |
|---|---|---|---|
| Appliance | Single appliance | Unique to one appliance only | When certificate granularity at the appliance level is required. |
| Subscription | All appliances under one subscription | Shared across appliances in the subscription | When multiple appliances within the same subscription need a common certificate. |
| Global | Entire POD (Point of Delivery) | Shipped with the agent binary | When a single certificate should be valid across multiple appliances and subscriptions in a POD. |
| Customer Signed | Customer-defined | Uploaded by the customer | When organizations prefer to use their own certificate authority for communication with QGS. |
A Customer Signed certificate is signed by the customer from the Certificates tab of the QGS UI. Read more about creating Customer Signed certificates at Upload Certificates
When you select the customer-signed certificate, you can see the below window to assign the custom certificate while generating the personalization code.
The newly created appliance status is shown as Unregistered until you follow the registration steps. Refer to Virtual Appliance Local Configuration to learn more.
A subscription-level common CA is available instead of appliance specific certificate on the appliance list if appliances are registered with the Qualys Signed certificate option.
Appliances with Qualys Signed or Customer Signed certificate enabled is shown as an icon as highlighted on the appliance list page. Appliance-level certificates do not have the icon displayed.
If a registered appliance is accidentally deleted from the QGS UI, it cannot be registered again with a new personalization code. You need to redeploy the appliance.
Download Image of the Virtual Appliance
Download the virtualization platform image for the appliance from the given list.
To Download a Platform Image,
- Click Download dropdown
- Select Virtual Platform Image
You can select from the available list of hypervisors and download their image.
| Supported Appliance | Platform Image |
|---|---|
| Nutanix Hypervisor |  |
| VMWare Hypervisor |  |
| Microsoft Hypervisor |  |
| Cloud Environments |  |
| OpenStack Hypervisor |  |
Download Qualys Signed Certificate
You can download the Qualys Signed certificate from the appliance details page or the appliance list page.
To download the Qualys Signed Certificate, you must create and register a new appliance with the Qualys Signed certificate option enabled. After registering the appliance with a Qualys Signed certificate, it takes approximately 15 to 20 minutes to generate the Qualys Signed certificate.
After a Successful Setup and Registration, the Appliance has Active Status.
To know more about registering your appliance, refer to Virtual Appliance Local Configuration.
Identify the Appliance Certificate
The appliances registered with a custom certificate display a different icon on the appliance list page. You can hover or the icon to know the certificate type.
You can also click the appliance name view the complete details of your appliance along with the Certificate Type associated with it.
Appliances with Qualys Common CA display the certificate type as “Global.” Appliances with an appliance-level certificate show the certificate type as “Appliance level.”
Identify the Manifest Version
The QGS Appliance listing also displays appliance update status indicators, enhancing the visibility of appliance version compliance in the UP-TO-DATE column. These indicators help you quickly identify appliances that are not aligned with the latest deployed versions.
Conditions for Error Display
Existing Appliances:
If the manifest and image versions have not been updated for more than 7 days, despite newer versions being deployed to production.
New Appliances:
If the manifest and image versions have not been updated for more than 2 days since their initial creation.
Status Messages
"Your manifests are up-to-date."
Displayed when manifests and OS are updated.
"Your manifests are not up-to-date."
Displayed when manifest versions are outdated.
"Your OS is not up-to-date"
Displayed when the appliance OS version is outdated.
The UP-TO-DATE column displays '-' for newly deployed registered appliances, unregistered appliances, or inactive appliances. The symbol represents that the manifests have not yet been updated.
Troubleshoot Manifests and Flatcar OS Updates
Use the following steps to resolve issues related to out-of-date manifests and Flatcar OS updates on CAMS appliances.
Manifests Not Updating
If manifests are out of date, follow these steps:
-
Check connectivity and service health
Run a connectivity test from the appliance's TextUI. Confirm that all backend service health checks succeed. Learn More. -
Inspect SSL settings
If SSL inspection is activated on the upstream proxy or firewall, deactivate it for QGS. This applies to CAMS/QGS backend URLs. -
Review firewall rules
Look for any restrictions in your environment that might block image downloads. -
Verify proxy configuration
If an upstream proxy is configured, ensure it does not block image downloads. -
Check disk space
Ensure the appliance has sufficient disk space. -
Reboot the appliance
A simple reboot may resolve the issue.. -
Run Docker pull commands
From a Windows or Linux machine on the same network as the appliance, run the following commands to verify image access:docker pull camsrepo.qg1.apps.qualys.eu:443/camsonfd:1.5.4-3docker pull camsrepo.qg1.apps.qualys.eu:443/cams-squid:1.5.4-3docker pull camsrepo.qg1.apps.qualys.eu:443/cams-haproxy:1.5.4-3docker pull camsrepo.qg1.apps.qualys.eu:443/camsd:1.7.5-29docker pull camsrepo.qg1.apps.qualys.eu:443/cams-mgr:1.7.4-8docker pull camsrepo.qg1.apps.qualys.eu:443/cams-logstash:1.7.5-6docker pull camsrepo.qg1.apps.qualys.eu:443/cams-metrics:1.5.4-3docker pull camsrepo.qg1.apps.qualys.eu:443/cams-rsyslog:1.7.5-7The above commands use the EU pod as an example. You must use your appropriate platform URL, you can obtain them from QGS section of Qualys Platform Identification.
-
Replace the domain and image versions with the appropriate pod suffix and released image versions for your account.
Flatcar OS Update Issues
If the Flatcar OS update fails or stalls, follow these steps:
-
Run connectivity and health checks
Use the appliance's TextUI to verify backend service health. Learn More. -
Check firewall rules
Ensure no restrictions are blocking image downloads. -
Verify update URL accessibility
From the appliance, confirm that the Flatcar update URL is reachable. Follow the steps below-
Check the OS version in the INFO screen
Access the serial console (QGS TextUI) and open the INFO screen.- If the OS is on CoreOS, redeploy the appliance.
- If the INFO screen indicates a pending update, manually reboot the appliance to complete the update.
-
-
Run CURL command to test update URL
From a machine on the same network, run:
curl -ivk https://update.release.flatcar-linux.net/amd64-usr/3033.3.5/flatcar_production_update.gz -o flatcar_production_update.gz
View Details and Stats of an Active Appliance
Click any of the appliance names to open its View Details screen. Here, you get the complete information on your appliance configurations.
You can click the Version value from the Identification column to view all the manifest versions.
The Performance graph shows connection counts by unique agent IP addresses over the time period selected.
Allowed Domains: This option displays your allowed domain's information.
Authorized IPs: This option displays the IPs of the agents allowed to interact with the appliance.
IPv4/IPv6 Address: This option displays which internet protocol this appliance is configured in and its address.
Appliance Health
The QGS system continually monitors your appliance for resource usage across hard disk drives (HDD), CPU, and secondary disk storage. When usage levels approach capacity limits, the system provides visual indicators to help you take proactive measures. These visual indicators can be found below the "Health" column of the Appliance lists.
If the storage utilization is within accepted range, the appliance health displays Normal. The status displays as Caution whenever any component (HDD, CPU or secondary storage) reaches or exceeds 95% utilization. Similarly, a Warning status appears when usage falls between 85% and 94% for any monitored resource. Since each component is evaluated independently (with an OR condition), even a single component exceeding these thresholds triggers the corresponding status indicator, regardless of the condition of other components.