Network Configuration
The Qualys Offline Scanner Appliance requires two virtual network adapters to be set up in your virtualization platform. This page offers detailed information on the necessary network configurations, including Bridged, NAT, and Host-Only networking, for platforms such as VMware Workstation and Oracle VirtualBox.
Your virtualization software must automatically create an instance of the appliance with the correct network adapters in place.
On VMware Workstation and Oracle VirtualBox, these interfaces are Network Adapter and Network Adapter 2. Initially, Network Adapter must be defaulted to type NAT, and Network Adapter 2 must be defaulted to type Host-only.
Network Adapter 1 is recommended to be configured for Bridged networking when in OFFLINE SCANNING mode.
When in CLOUD SYNC MODE, it can be NAT or Bridged. Network Adapter 2 should always be configured for Host-only networking.
Network Requirements
Here are the recommended network settings, depending on the mode.
Networking Requirements for VMware Workstation and Oracle VirtualBox
|
Network Adapter 1: NAT (default) with DHCP enabled |
This adapter is used to communicate with Qualys Enterprise TruRisk™ when the scanner is operating in CLOUD SYNC mode, which is the scanner’s default mode upon initial deployment. In this mode, Static IP configuration is not supported, and the adapter must be configured with DHCP. |
|
Network Adapter 2: Host-Only (default) with DHCP enabled |
This adapter is designated for scanner management and configuration. This network interface must always be configured with DHCP. |
Networking Requirements for ESXi
|
Network Adapter 1:DHCP enabled |
Network Adapter 1: This adapter is used to communicate with Qualys Enterprise TruRisk™ when the scanner is operating in CLOUD SYNC mode, which is the scanner’s default mode upon initial deployment. In this mode, Static IP configuration is not supported, and the adapter must be configured with DHCP. |
|
Network Adapter 2 :DHCP enabled |
This adapter is designated for scanner management and configuration. It enables access to the scanner's user interface through a web browser from another virtual machine on the same subnet as the scanner. This network interface must always be configured with DHCP. |
NAT Configuration
If your host system is connected to the Internet through a VPN, using NAT is usually the only feasible option. Bridged networking often fails with host VPN connections because virtual machines cannot directly bridge to VPN adapters.
Bridging to External Networks
VMware Workstation and Oracle VirtualBox may be installed on a host system with multiple network adapters (wired, wireless, VPN). In the Virtual Network Editor, you need to determine which network adapter is appropriate for the external connection and select it. We do not recommend leaving the Bridged virtual network in Automatic mode because it almost never works and it is often problematic over wireless adapters.
- We do not recommend using the Bridged virtual network in Automatic mode on VMware Workstation, as it often fails to function reliably, especially when the host is connected via a wireless adapter.
- In Oracle VirtualBox, the Offline scanner should not be configured with the Intel PRO/1000 MT Server and Paravirtualized network adapter types.
The following image shows an example of a Bridge network configuration in VMware Workstation
Sample Network Configurations
The following are the sample network configurations:
Host-only Type
The following image shows the settings for Host-only type:
NAT Type
The following image shows the settings for NAT type:
Bridged Type
If you have plugged into the physical network with an Ethernet cable, it is strongly recommended that you manually bridge your virtual network to the physical NIC of your host machine.
Setting the Bridge to Automatic mode allows your virtual network to bind to a VPN port or another network adapter.
