Split Network Configuration

Split network configuration is supported only in IPv4+v6 mode (the default). It is not supported in IPv6-only mode.

By default, the Scanner LAN interface services all traffic to the Qualys Enterprise TruRisk™ Platform, including management traffic (software updates, health checks, scan data uploads) and scanning traffic.

traffic_stand

You can configure a split network configuration for your scanner by configuring the WAN interface using the Scanner Console. This enables support for networks that do not have direct Internet access. Split network configuration also keeps scanned data and internal targets secure by isolating internal LAN traffic from Internet traffic using the WAN interface.

Once configured, management traffic is routed through the WAN interface, and scanning traffic is routed through the LAN interface. No internal traffic is routed or bridged to the WAN interface, and no management traffic is routed or bridged to the LAN interface. traffic_split2

Review the following tips and best practices before configuring a split network configuration.

Ensure that the network connections to the Virtual Scanner's LAN and WAN interfaces have been set up properly.
First, the Virtual Scanner must be configured with DHCP or a static IP address on the LAN interface.
Do not configure the LAN and WAN interfaces on the same subnet. This type of configuration is not supported.

Steps to Configure Split Network

Perform the following steps for split network configuration:

Access the Scanner Console.
Navigate to Enable WAN Interface,
Press the Right arrow and provide the required settings.
Once configured, all software updates and health checks are routed through the WAN interface, and scanning traffic is routed through the LAN interface.