Split Network Configuration

Split network configuration is supported only in IPv4+v6 mode (the default). It is not supported in IPv6-only mode.

The Qualys Scanner Appliance provides two network traffic configurations: Standard and Split. The Standard configuration is enabled by default. You can choose to enable the Split network configuration. For a physical appliance, you can do this using menu options on the SETUP NETWORK menu.

In the Standard network configuration, the LAN interface or LAN RJ45 Ethernet connector (for physical appliances) services scanning traffic and all management traffic (software updates, health checks, scan data upload) to the Qualys Enterprise TruRisk™ Platform over the Internet.

Standard network traffic configuration (default)

The Split network configuration allows users to split the scanning traffic from the management traffic. The WAN interface by default is only used to communicate with the Qualys Enterprise TruRisk™ Platform for Scanner Appliance management traffic like scan/map job pickup, scan/map data upload, software updates and health checks. The LAN interface is used for scanning traffic. This configuration enables customers to use Scanner Appliances to scan networks that do not have direct Internet access. Split network configuration also keeps scanned data and internal targets secure by isolating internal LAN traffic from Internet traffic by using the WAN interface. Once configured, no internal traffic is routed or bridged to the WAN interface and no management traffic is routed or bridged to the LAN interface.

traffic_split2

 LAN is expected to be used for all internal/scan traffic. In Split network configuration, WAN has special limited routes required for platform connections only. If WAN is needed to be used for scanning, then a static route is needed via WAN interface to the scan target host or network range.

The Scanner Appliance implements logical separation of scanning traffic and management traffic regardless of whether you configure the Standard or Split option.

A Few Things to Consider

Please review these tips and best practices before you configure Split network configuration.

  • Check to be sure that network connection to both the LAN and WAN interfaces have been set up properly.
  • The Scanner Appliance must be configured with DHCP or a static IP address on the LAN interface first.
  • Do not configure the LAN and WAN interfaces on the same subnet. This type of configuration is not supported.

Enable DHCP on the WAN Interface

To configure the WAN interface with DHCP, perform the following steps:

  1. Select SETUP NETWORK, press the Down arrow until the ENABLE WAN INTERFACE menu displays. Then press ENTER to continue.
  2. Go to ENABLE DHCP ON WAN menu and press ENTER to continue.
  3.  When the REALLY ENABLE DHCP ON WAN? prompt displays, press ENTER to continue. Or press the Up arrow two times to quit this procedure and return to the SETUP NETWORK menu option.
  4. Review the confirmation message. When the SCANNER APPLIANCE NAME–IP ADDRESS displays you are ready to start scanning. If another message displays you need to complete the Quick Start or resolve the error indicated.

Enable Static IP on the WAN Interface

To configure the WAN interface with a static IP address, perform the following steps:

  1. Select SETUP NETWORK, press the Down arrow until the ENABLE WAN INTERFACE menu  displays. Then press ENTER to continue.
  2. Go to ENABLE STATIC IP ON WAN menu option and press ENTER to continue.
  3. When the CFG WAN STATIC NETWORK PARAMS? prompt displays, press ENTER to continue. Or press the Up arrow to quit this procedure and return to the SETUP NETWORK menu.
  4. When the WAN IP ADDR prompt displays, enter the static IP address, and then press ENTER to continue.
  5. When the WAN NETMASK prompt displays, use the Up and Down arrows to scroll to the desired netmask value. After selecting a netmask value, press ENTER to continue.
  6. When the WAN GATEWAY prompt displays, enter the gateway IP address. Then press ENTER to continue.
  7. When the WAN DNS1 prompt appears, enter the IP address for the primary DNS. Then press ENTER to continue.
  8. When the WAN DNS2 prompt displays, enter the IP address for the secondary DNS. This entry is optional. Press ENTER to continue.
  9. When the REALLY SET WAN STATIC NETWORK? prompt displays, press ENTER to continue. Or press the Up arrow to quit this procedure and return to the SETUP NETWORK menu.
  10. Review the confirmation message. When the SCANNER APPLIANCE NAME–IP ADDRESS message displays, you are ready to start scanning. If another message displays you need to complete the Quick Start or resolve the error indicated.

Interface - Enable Static IP on WAN

menu1-3

We update menu once you configure settings. Once you configure ENABLE STATIC IP ON WAN the option changes to CHANGE STATIC IP ON WAN. Once you configure ENABLE DHCP ON WAN the option displays as RENEW DHCP ON WAN.

Related Topic

Ethernet Port Configuration

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.