Network Requirements for Configuration

The following are the network requirements for configuration:

Network Parameter	Requirement
Bandwidth	Minimum recommended bandwidth connection of 1.5 megabits per second (Mbps) to the Qualys Enterprise TruRisk™ Platform.
Outbound HTTPS Access	The local network must be configured to allow outbound HTTPS (port 443) access to the Internet so that the Scanner Appliance can communicate with the Qualys Enterprise TruRisk™ Platform.
Network Mode	When deploying a Scanner Appliance, it is set to IPv4+v6 network mode by default. If your network is configured to only allow IPv6 addresses, you must switch to IPv6-only mode. Refer to Enable IPv6-only Mode.
Appliance Access to Qualys Enterprise TruRisk™ Platform	The Scanner Appliance must be able to reach certain infrastructure located at the Qualys Enterprise TruRisk™ Platform where your Qualys account is located. Log into your account and go to Help > About to refer to the Qualys Enterprise TruRisk™ Platform URLs.
Appliance Access to Target Host IPs	The IP addresses for the hosts to be scanned must be accessible to the Scanner Appliance. The Appliance must be able to resolve external DNS for the hostnames to be scanned.
LAN Interface is Default	The LAN interface services both scanning and management traffic to the Qualys Enterprise TruRisk™ Platform unless a split network configuration is defined for the Appliance. Refer to Split Network Configuration.
VLAN Support	VLAN configuration options: If you have connected the LAN interface to a 802.1q trunked port and need your Scanner Appliance to use VLAN tags on the LAN default network, enter the VLAN tag number using the Appliance console. For any Appliance, you can choose option '1' and configure more VLANs (to be used for scanning) using the Qualys app.
DHCP or Static IP	The scanner Appliance is pre-configured with DHCP by default. If it is configured with a static IP address, be sure you have the IP address, netmask, default gateway, primary DNS, and WINS server (if appropriate).
Proxy Support	The Scanner Appliance includes Proxy support with or without authentication — Basic or NTLM. For example, proxy-level termination (as implemented in SSL bridging) is not supported. SOCKS proxies are not supported.
WINS Support	If your network is running Windows Internet Naming Service (WINS), the Scanner Appliance needs to use it for hostname resolution during scanning. For an Appliance configured with DHCP, please be sure your WINS server IPs (primary and secondary) are added to your DHCP subnet configuration using 'option netbios-name-servers WINS1, WINS2;'. For an Appliance with a static IP address, the WINS servers are defined with the static IP settings using the Appliance console.
Network Time Protocol (NTP)	The Scanner Appliance automatically syncs the time from the Qualys SOC (Security Operations Center) for your account/location. For this reason, there is nothing you need to configure for NTP.