Network Configuration
The Qualys Offline Scanner Appliance requires two virtual network adapters to be set up in your virtualization platform. This page offers detailed information on the necessary network configurations, including Bridged, NAT, and Host-Only networking, for platforms such as VMware Workstation and Oracle VirtualBox.
Your virtualization software must automatically create an instance of the appliance with the correct network adapters in place.
On VMware Workstation and Oracle VirtualBox, these interfaces are Network Adapter and Network Adapter 2. Initially, Network Adapter must be defaulted to type NAT, and Network Adapter 2 must be defaulted to type Host-only.
Network Adapter 1 is recommended to be configured for Bridged networking when in OFFLINE SCANNING mode.
When in CLOUD SYNC MODE, it can be NAT or Bridged. Network Adapter 2 should always be configured for Host-only networking.
Network Requirements
Here are the recommended network settings, depending on the mode.
|
|
VMware Workstation/Oracle VB default label |
Appliance OS |
Appliance Mode |
Purpose |
Required VMware |
Connect |
Local |
|---|---|---|---|---|---|---|---|
|
Virtual NIC #1 |
Network Adapter |
eth0 |
CLOUD SYNC |
Communicate with the Qualys Enterprise TruRisk™ Platform |
NAT* - or - Bridged** |
enabled
n/a |
enabled
n/a |
|
|
|
|
OFFLINE SCANNING |
Scan hosts |
Bridged** |
n/a |
n/a |
|
Virtual NIC #2 |
Network Adapter 2 |
eth1 |
any |
Local scanner web UI |
Host-only |
enabled |
enabled |
NAT Configuration
If your host system is connected to the Internet through a VPN, using NAT is usually the only feasible option. Bridged networking often fails with host VPN connections because virtual machines cannot directly bridge to VPN adapters.
Bridging to External Networks
VMware Workstation and Oracle VirtualBox may be installed on a host system with multiple network adapters (wired, wireless, VPN). In the Virtual Network Editor, you need to determine which network adapter is appropriate for the external connection and select it. We do not recommend leaving the Bridged virtual network in Automatic mode because it almost never works and it is often problematic over wireless adapters.
- We do not recommend using the Bridged virtual network in Automatic mode on VMware Workstation, as it often fails to function reliably, especially when the host is connected via a wireless adapter.
- In Oracle VirtualBox, the Offline scanner should not be configured with the Intel PRO/1000 MT Server and Paravirtualized network adapter types.
The following image shows an example of a Bridge network configuration in VMware Workstation
Sample Network Configurations
The following are the sample network configurations:
Host-only Type
The following image shows the settings for Host-only type:
NAT Type
The following image shows the settings for NAT type:
Bridged Type
If you have plugged into the physical network with an Ethernet cable, it is strongly recommended that you manually bridge your virtual network to the physical NIC of your host machine.
Setting the Bridge to Automatic mode allows your virtual network to bind to a VPN port or another network adapter.
