Get Started QGSA-6120-B1
Welcome to the Qualys Scanner Appliance, an option with the Qualys Enterprise TruRisk™ Platform from Qualys, Inc. With the Qualys Scanner Appliance, you can assess internal network devices, systems, and web applications. The Scanner Appliance is a robust, scalable solution for scanning networks of all sizes, including large distributed networks.
It is easy to set up a Scanner Appliance within your network. Let’s get started!
Interested in Virtual Appliances?
Qualys Virtual Scanner Appliance is packaged and qualified for deployment on various virtualization and cloud platforms. If you are interested in adding virtual appliances to your license, contact your TAM or Qualys Support.
Desktop/Laptop: VMware Workstation, Player, Fusion, Oracle VirtualBox
Client/Server: VMware vCenter/vSphere, Citrix XenServer, Microsoft Hyper-V
Cloud: Amazon EC2 - Classic, Amazon EC2 - VPC, Microsoft Azure, Google GCE, OpenStack
Learn more
Qualys Virtual Appliance: Platform Qualification Matrix
Scanner Appliance Security: FAQs
Before You Begin
Check Package Accessories properly after unpacking.
Your starter kit package must contain the following components. If any components are missing or damaged, contact Qualys Support.
- Qualys Scanner Appliance User Guide
- AC power cord
- CAT6 cable
- Rack screws (quantity 4) - 10-32 x 3/4", Phillips, black matte, with washer
- USB-to-RS232 converter cable
Best Practices for Internal Scanning
Here are our best practices related to internal scanning.
Avoid Scanning Through a Firewall from Inside Out
Issues can occur when scan traffic is routed through the firewall from the internal network to the external network. This situation arises when the scanning appliance is located within the protected network and scans a target on the other side of the firewall. To avoid this, we recommend positioning scanning appliances within your network topology to eliminate scanning and mapping through the firewall from the inside out. For more information, see Scanning through a Firewall.
Check Network Access to Scanners
Log into your account and go to Help > About in the application. The Scanner Appliances section lists URLs at the SOC (Security Operations Center) for your account/location. Your Scanner Appliances must be able to contact these URLs on port 443. For Private Cloud Platform, the URLs displayed are appropriate to your local on-site SOC. For more information, see How to check network access to scanners?
Consult Your Network Group for Scanner Placement
It is highly recommended that you work with your network group to determine where to place Scanner Appliances in an enterprise network environment. Some things to consider: place Scanner Appliances as close to target machines as possible, and make sure to monitor and identify any bandwidth restricted segments or weak points in the network infrastructure. Scanning through layer 3 devices (such as routers, firewalls and load balancers) could result in degraded performance so you may consider using our VLAN tagging feature (VLAN trunking) to circumvent layer 3 devices to avoid potential performance issues.