Virtual Appliance Local Configuration

The Qualys Gateway Service virtual appliance utilizes a text-based user interface available from the appliance console to configure, set networking, view status, perform diagnostics, and reset the appliance.

Local Configuration Menu Structure

  • Registration
  • System
    • Network
      • First
      • DNS
      • Proxy
    • POD Suffix
    • Authentication
    • Time
  • Info
  • Diagnostics
    • Containers
    • Images
    • Units
    • Logs
    • Stats
  • Commands
    • Ping
    • Reboot
    • Shutdown
    • Reset

Configuration Screens

Next we’ll document the screens used to configure & manage the Qualys Gateway Service.

QGS virtual appliance starting up

Image 112

Main Configuration Menu

Under System menu, configure Network Settings.

Image 113

Network Configuration

First Ethernet Interface

Image 115

Network Configuration

Select the internet protocol to configure the appliance on. Choose from IPv4 or IPv6.

Image 116

DHCP

If using DHCP, configure the virtual appliance network interface to use DHCP.

This is the IP of the QGS proxy that Cloud Agents connects to when running on the configured port. DHCP is supported for both IPv4 and IPv6. 

For IPv4

For IPv6

Static IP

If using Static IP, configure the virtual appliance network interface to use Static IP Address. Cloud Agents connect to the Static IP Address on the configured port.

Image 118

Set static IP address, if used.

IP address uses a 32-bit netmask, e.g. “/24” for 255.255.255.0.

Specify the Default Gateway IP address.

For IPv4

Image 119

For IPv6

DNS Servers

Select whether to configure DNS servers for IPv4 or IPv6.

Image 120

You can manually configure or deconfigure DNS for both IPv4 and IPv6.

Image 121

Set DNS servers for the virtual appliance to resolve the Qualys URLs.

Image 122

We have used Google internet DNS servers as example. Please point to your internal corporate DNS servers. If these are only accessible through a firewall, ports 53/tcp and 53/udp needs to be opened for successful DNS resolution.

Proxy Servers (Optional)

Select whether to configure Proxy servers for IPv4 or IPv6. This step is optional. 

Image 123

Configure upstream Proxy Server, if using proxy chaining.

Image 124

NTP Servers

The NTP service's behavior has changed as follows:

  • If NTP servers are not specified, the QGS appliance uses default flatcar NTP servers to sync the time. The default flatcar NTP servers are listed as follows:
    • 0.flatcar.pool.ntp.org
    • 1.flatcar.pool.ntp.org
    • 2.flatcar.pool.ntp.org
      Image 125
    • 3.flatcar.pool.ntp.org
  • If NTP servers are specified, the QGS appliance contacts the specified NTP servers only.
  • If you remove the NTP server, the appliance starts communicating to flatcar default NTP servers again.

POD Suffix

Select the POD Suffix option.

Provide the Qualys Platform URL of your account. To identify the Platform URL Suffix for your subscription, refer to the Platform URL Suffix section of the Qualys Platform Identification.

Authentication

You can configure a QGS Authentication, if required. With this, you can use the QGS proxy as an authenticated proxy with the Qualys Agent. You can restrict the communication with the Quays Agent by requiring the network to authenticate itself.  

Click Authentication.

Provide a username and password.

Info

Image 126

QAG Status: Connected

QAG Status: Connected shows that QGS can connect to the Qualys POD.

If the status is not Connected, verify network connectivity and firewall settings.

Image 127

As of QGS v2.1.0 release, the appliance TUI now display the service version on the Info tab, as shown in the following screenshot.

Registration

Check the connectivity test (refer to Info) before starting the registration to confirm the appliance is getting connected to the required Qualys services.

Image 128

Personalization Code

Enter the Personalization Code generated in the QGS User Interface module.

Image 129

Here’s an example of a redacted Personalization Code.

Image 130

Registration-in-progress

Image 131

Successful Registration

Image 132

Diagnostics

Image 133

Containers

Image 134

The version can change according to the CAMS/QGS releases and is conveyed to you with the help of release notes.

You need to wait at least Two hours to enable the cache/patch on the QGS user interface until all the latest containers/images are available on the appliance.

Images

You can see Eight images and Eight containers under Diagnostics > Images and Diagnostics.

Image 135

A screenshot of a computer Description automatically generated

Units

Image 136

Logs

View log file of the virtual appliance. (Logs are also uploaded to the QGS UI) Logs are sorted with most recent descending.

Navigation and search commands are defined in the UI.

Image 137

Don’t worry to delete or archive logs! The QGS appliance automatically clean up its logs and disk space as it reaches capacity.

Proxy

Executes a network connection test through a configured upstream proxy.

Stats

View utilization of the virtual appliance services.

Image 138

Diagnostics Mode

The QGS Appliance supports a Diagnostic mode to help accelerate Qualys Customer Support troubleshooting and problem resolution, primarily for initial network setup and registration issues. The Diagnostic mode is a user-initiated command that creates an encrypted report archive for the customer to collect and submit to Qualys Customer Support. The Diagnostics command creates a one-time generated password to download the encrypted report archive from the QGS appliance using SFTP.

  1. On the local console-based user interface, select the Diagnostics menu

    Image 139

     

  2. Executing the Diagnostics mode trigger the appliance to create the encrypted report archive and generate a one-time random password to access the appliance to copy the diagnostics archive.
  3. Connect to the appliance using SFTP using the diagnostics username and one-time random password.

    Image 140

  4. Download the encrypted report archive from the appliance to a system of your choosing.
  5. Upload/attach the encrypted report archive to a Qualys customer support case.

Generate Upstream PCAP File

Follow these steps to create a packet capture file for the network communications between the QGS and the next hop, upstream.'

  1. Navigate to text UI and hit the Generate TCP dump. You need to wait for 5 minute.
  2. Generate the diagnostics logs as the dump file is captured in diagnostics reports.
  3. Any PCAP file previously generated is overwritten in the process.

Commands

You can run commands to restart/reboot the appliance or fetch its ping.

Image 141

Ping

Ping is required to perform the connectivity checks. So, make sure that ping is enabled for IPs/URLs mentioned in Network Configuration section.

Image 142

ICMP message types 0 and 8 are required to perform the connectivity checks using ping. When using ping, ensure ICMP 0,8 are enabled for IPs/URLs mentioned in the Network Configuration section.

Image 143

Reset appliance

Reset appliance to its original unconfigured state.

All configurations and log files will be deleted!

Image 144

Reset network interface

Reset network interface of virtual appliance.

This only resets the network configuration of the appliance.

Image 145

Next Topic

Appendix - Things to Remember

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.