Appendix - Things to Remember

Additional resources that can help you with your QGS experience.

  • Qualys Gateway Service detects only one secondary hard disk.
  • To retain more logs, you can extend the primary hard disk.
  • To retain more patches, you can extend the secondary hard disk.
  • Extending any QGS hard disks must be done from your hypervisor console with appropriate permissions with the QGS in question, powered off.
  • You can only have a maximum of 5 proxies, QGS appliances, DNS aliases, or Load Balancer VIP entries.
  • The direct connection from a cloud agent is attempted after all proxy/QGS/DNS/VIP options have been attempted and works only if the firewall rules allow it.
  • You can nest QGS appliances, but only the QGS device that the cloud agent communicates directly with can be used in proxy, cache, or patch mode. Any QGS above the first QGS must be defined as the upstream proxy for the first QGS, using only the proxy port on the second QGS.
  • Restart the CAMSD service unit if you see your appliance is inactive on the UI.

Restart the CAMSD Service Unit

The following are the steps to restart the CAMSD service unit to active your appliance on the UI:

  1. Connect to the appliance Text user interface.
  2. Go to the Diagnostics and select Units.
  • Go to the CAMSD unit and click Restart.
    Image 148
  1. Wait at least 45 minutes to 1 hour for the appliance to become active on the UI.
    The appliance logs are not immediately available directly on the root location if the diagnostics logs are generated repeatedly on the same appliance. Instead, it can be found in the "/var/diagnostics" location.

Troubleshoot Manifests and Flatcar OS Updates

Use the following steps to resolve issues related to out-of-date manifests and Flatcar OS updates on CAMS appliances.

Manifests Not Updating

If manifests are out of date, follow these steps:

  1. Check connectivity and service health
    Run a connectivity test from the appliance's TextUI. Confirm that all backend service health checks succeed. Learn More.

  2. Inspect SSL settings
    If SSL inspection is activated on the upstream proxy or firewall, deactivate it for QGS. This applies to CAMS/QGS backend URLs.

  3. Review firewall rules
    Look for any restrictions in your environment that might block image downloads.

  4. Verify proxy configuration
    If an upstream proxy is configured, ensure it does not block image downloads.

  5. Check disk space
    Ensure the appliance has sufficient disk space.

  6. Reboot the appliance
    A simple reboot may resolve the issue.. 

  7. Run Docker pull commands
    From a Windows or Linux machine on the same network as the appliance, run the following commands to verify image access:

    docker pull camsrepo.qg1.apps.qualys.eu:443/cams-confd:1.5.4-3

    docker pull camsrepo.qg1.apps.qualys.eu:443/cams-squid:1.5.4-3

    docker pull camsrepo.qg1.apps.qualys.eu:443/cams-haproxy:1.5.4-3

    docker pull camsrepo.qg1.apps.qualys.eu:443/camsd:1.7.5-29

    docker pull camsrepo.qg1.apps.qualys.eu:443/cams-mgr:1.7.4-8

    docker pull camsrepo.qg1.apps.qualys.eu:443/cams-logstash:1.7.5-6

    docker pull camsrepo.qg1.apps.qualys.eu:443/cams-metrics:1.5.4-3

    docker pull camsrepo.qg1.apps.qualys.eu:443/cams-rsyslog:1.7.5-7

    The above commands use the EU pod as an example. You must use your appropriate platform URL, you can obtain them from QGS section of Qualys Platform Identification.

Replace the domain and image versions with the appropriate pod suffix and released image versions for your account.

Flatcar OS Update Issues

If the Flatcar OS update fails or stalls, follow these steps:

  1. Run connectivity and health checks
    Use the appliance's TextUI to verify backend service health. Learn More.

  2. Check firewall rules
    Ensure no restrictions are blocking image downloads.

  3. Verify update URL accessibility
    From the appliance, confirm that the Flatcar update URL is reachable. Follow the steps below

    1. Check the OS version in the INFO screen
      Access the serial console (QGS TextUI) and open the INFO screen.

      • If the OS is on CoreOS, redeploy the appliance.
      • If the INFO screen indicates a pending update, manually reboot the appliance to complete the update.

  4. Run CURL command to test update URL
    From a machine on the same network, run:
    curl -ivk https://update.release.flatcar-linux.net/amd64-usr/3033.3.5/flatcar_production_update.gz -o flatcar_production_update.gz

Frequently Asked Questions

How do I know whether the appliance is upgraded to the latest services or not?

Go to the appliance's Text User Interface (TUI), click the Info tab and click OK to see the details.

  • When the minimum requirement for the primary disk and RAM are not fulfilled, the following message is shown on the appliance TUI under the Info tab.
    Image 151
  • A Minimum 16GB of RAM is recommended for CAMS/QGS appliances. A total of 2000 concurrent cloud agent requests are supported by a QGS appliance. You can increase the limit to 10,000 concurrent connections by contacting Qualys Support.

How do I know whether the appliance is upgraded to the latest version or not?

Go to the appliance's Text User Interface (TUI), click the Info tab and click OK to see the appliance is upgraded to the latest version or not.

You can verify that all the latest images are present on the appliances by navigating to
Image 152

TextUI > Diagnostics > Images. Refer to the following screenshot.
Image 153

  • Also, you can verify the appliance with the latest image version by navigating to the QGS UI > APPLIANCES > clicking the Appliance. As shown in the following screenshot.

    Image 154

How to add POD suffix details for the image version 2.1.0 and above using TextUI?

You can add a POD suffix details for the image version 2.1.0 and above for all supported formats; go to the TextUI > System Settings > POD Suffix.

Image 155

The POD Suffix option is grayed out after the successful upgrade of the existing appliances deployed with image version 1.1.0.

To know the POD suffixes for corresponding PODs, refer to the POD Suffixes table.

Image 156

We recommend entering the correct POD suffix because the cloud metadata services always overwrite an incorrectly entered POD suffix.

Connectivity Check

Go to the Information tab to check the connected status and pod suffix with qagpublic and camspublic. As highlighted in the following screenshot.

Image 157

To check the connectivity with the backend services; go to the TextUI > Diagnostics > Connectivity.

Select whether to check connectivity for IPv4 or IPv6 protocol.

Image 158

The connectivity check returns healthy if the screen is displayed as below.
Image 159

If any of the services from CAMSPM, CAMSREPO, camspublic, and qagpublic is not connected to the appliance, you cannot register the appliance. You can observe the following error shown on the screenshot.

Image 160

If you use appliance image version 2.1.0 and above, you must provide a POD Suffix as the mandatory field.
Image 161

If you use appliance image version 1.1.0 -X, the pod suffix option is not be available.
Image 162

POD Suffixes

To identify the Platform URL Suffix for your subscription, refer to the Platform URL Suffix section of the Qualys Platform Identification.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: November, 2025