Set Up VMware NSX Authentication

Qualys supports VMware NSX authentication for vulnerability Management and compliance scans using Qualys apps VM, PA/PC, SCA. Simply create a VMware NSX authentication record with the details of your credentials to authenticate to a VMware NSX environment.

The Scans > Authentication section is where you can find authentication records saved in your account, including VMware NSX records. Each VMware NSX record identifies account login credentials and targets.

Refer to NSX Record Settings below for assistance with the settings displayed in the NSX record.

What are the steps?

Follow these steps to create or edit an NSX record:

1) Go to Scans > Authentication.

2) Take one of these actions: 

2a - To create a new VMware NSX record, select New > VMware > NSX.

Create new record by selecting DataStax.

2b - To make changes to an existing NSX record, select a record in the list and choose Edit from the Quick Actions menu. 

The New NSX Record or Edit NSX Record window appears (depending on the action taken). This is where you make your record settings.

3) Choose a tab on the left side of the NSX Record window to see the settings available. Provide the necessary inputs on each tab, then click Create (for a new record) or Save (when updating an existing record).

New NSX record.

NSX Record Settings

Refer to the help below for the settings that appear on each tab within the NSX record.

Record TitleRecord Title

This section has basic settings for the record.

Record title tab.

Title - Give the NSX record a title for easy identification.

Login CredentialsLogin Credentials

This section is where you provide credentials for the user account to be used for NSX authentication.

 Authentication Type: Basic

Selecting login credentials with basic auth type.

Choose Authentication Type: Basic, and then enter: 

Username - Enter the username for the user account to use for authentication.

Password / Confirm Password - Enter the password for the user account. Then confirm the password.

Authentication Type: Vault based

Login credentials tab with the Authentication Type selected as Vault Based.

 Choose Authentication Type: Vault based to retrieve the password from a password vault. You need vault records already defined in your account to use this option. 

Username - Enter the username for the user account to use for authentication.

Vault Type - Select the type of password vault you want to use. For each vault type, additional information is required. The information required depends on the vault type. Please refer to the online help for your vault type to learn more.  Currently, only Hashicorp Vault is supported.

Vault Record - Select a vault record that you have already configured in your account. The vault record has vault credentials to securely access sensitive information stored in the vault.

Quick Links: How to Use Vaults | Vault Support Matrix

Path-Enter the custom path to the secret engine resource.

Name- Enter the secret name that stores the key-value pairs.

Key- Enter the key name to identify a specific key-value pair.

Target ConfigurationTarget Configuration

This section has Target Configuration settings for the record. 

Setting the target configuration.

Port - Enter the port number that the NSX instance is running on.

SSL Verify - Select this option to verify the server's SSL certificate is valid and trusted.

Hosts - Provide a list of FQDNs for all the host addresses on which a custom SSL certificate signed by a trusted root CA is installed.

IPsIPs

Enter or select the target compliance hosts (IPs) that you want to authenticate to with the credentials provided in this record. Each IP may be included in one NSX record. 

Enter the IPs.

Select IPs/Ranges - Click this link to select IPs/ranges from a list of IPs in your account.

Select Asset Group - Click this link to add IP addresses from asset groups in your account. In the Add IPs from Asset Group window, you can see the groups listed with the IPs included in each group. There is also a search option, allowing you to quickly find groups in the list. Select one or more groups and click Add. The IPs from the selected groups will be added to the record.

Remove - Click this link to remove IPs/ranges from the record. This is especially useful if you want to remove one or more IPs from within an IP range. In the pop-up that is displayed, enter the IPs/ranges to remove, and click Remove. The IPs section in the record is updated to reflect the removed IPs. 

For example, let's say the record includes the range 10.10.10.10-10.10.10.250. If you remove 10.10.10.122, the IPs field will be updated to 10.10.10.10-10.10.10.121, 10.10.10.123-10.10.10.250. 

Clear - Click this link to clear the entire IPs field.

Display each IP/Range on new line - Check this option to arrange each IP address and IP range on a new line instead of a comma-separated list.

CommentsComments

Provide important notes or comments for this record. 

Provide the comments.

Quick Links

Why use host authentication

Authentication Technologies Matrix

Vault Support Matrix

 

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: January, 2026