Scanner Appliance FAQs

Go to the appliances list (Configuration > Appliances) and check your appliance status. The Connectivity status of the appliance is Connected when it is ready to process scans. Your appliance must be connected to our cloud security platform. If not, you need to troubleshoot the issue before you can start scanning.

Do you have a new appliance? It can take a few minutes for your appliance to connect to our platform for the first time. You can refresh your browser periodically to be sure you are seeing the most up to date detail.

Just opt into the Heartbeat Check Notification in the VM application. Qualys perform a heartbeat check on every appliance every 4 hours to make sure its online and ready to process scans. You can get an email notification when the appliance misses some number of heartbeat checks (1-5).

To get the notification: 1) In the VM application go to Scans > Appliances and edit the appliance settings, choose the notification and configure the number of missed checks, and 2) Select User Profile below your user name (in the top right corner), go to Options and select "Scanner Appliance heartbeat check".

Keep in mind that your appliance may come back online after you receive a heartbeat check notification email. If you receive this email, we recommend you investigate further by going to the appliances list and checking the status. 

Managers can set up appliances using the VM application. In order to use a scanner appliance it must be visible in your scanner appliances list within the WAS application. Managers (and users with full rights for WAS) will see all configured appliances in their scanner appliances list. Users without full rights for WAS will see the appliances only if a tag that is applied to the appliance is assigned to the users scope.

You can edit the appliance settings. In the VM application, Go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu.

The title is initially set as is_userlogin, where userlogin is the login ID for the user who installed the appliance. When editing the title a maximum of 15 characters may be used, including: alphabetic characters (upper and lower case), numeric characters (0 through 9), dash (-), underscore (_), and dot (.).

The polling interval, in seconds, identifies how often the scanner appliance polls the platform for new information. The initial polling interval is set to 180 seconds (3 minutes). The polling interval can be 60 to 3600 seconds.

Users who do not have full WAS rights need to be granted access to a scanner appliance in to use it for scans. You can grant a user access to an appliance by editing the user's scope and assigning a tag that has been applied to that appliance. 

You can see how much capacity the appliance is currently using, and how much was used for your scans.

In the VM application, go to Scans > Appliances and click the scanner appliance row. The preview pane shows the available capacity of the scanner appliance expressed as a percentage. For example, Available Capacity: 82% means the appliance is using 18% of its capacity, and 82% of its capacity is currently available.

One of the first tasks that an appliance will do after making initial contact with our cloud platform is to download the most recent software for the scanning engine and vulnerability signatures. Software updates will occur automatically several times a week, and you do not need to take any action to receive them. When viewing your scanner appliance within the VM application, you might see a yellow indicator next to the version - this tells you the appliance does not have the latest software installed. You can click "Update Now" to get the software update, or you can wait for the next automatic update.

How long does it take to update the software?How long does it take to update the software?

You can replace an appliance with a new one, if you are a Manager user. 

First ensure that the appliance is not currently running scans by checking the activity log. In the VM application go to Users > Activity Log.

Qualys recommends you to wait for scans to complete or cancel them. Go to Scans > Appliances (in the VM application) and select New > Replace Scanner Appliance. The settings are transferred to the new appliance - these include the polling interval, heartbeat checks, scanning options, VLANs and static routes. The asset groups and schedules are updated with the new appliance if the old one was defined.

Sometimes a reboot of the appliance is necessary. As a first step, check to be sure there are no scans running on the appliance by checking out the activity log. In the VM application go to Users > Activity Log. If there are any running scans, you can wait for them to complete or cancel them. When you're ready to request a reboot, go to Scans > Appliances, edit the appliance and click the Reboot button under General Information.

Tip - While rebooting may necessary at times this can impact our ability to troubleshoot and track down an underlying issue with the appliance, such as its network configuration. Please contact Support if there is a need to reboot an appliance multiple times.

In the VM application go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu. You can configure your appliance with multiple VLANs and static routes to support VLAN trunking on the LAN interface for scanning traffic. Once configured, the appliance adds a VLAN tag to all scanning packets following the 802.1Q tagging protocol (the VLAN tag designates which VLAN the traffic should be routed to the hosts being scanned at the switch layer).

- Your appliance must be configured with a static IP address on the LAN interface.

- Your appliance must be running Scanner Appliance software version 2.1 or later.

- VLAN trunking must be enabled for your subscription. Please contact Support or your Technical Account Manager to get this feature.

- All virtual scanners support VLAN trunking except for the Amazon EC2/VPC distribution.

VLAN information includes:

IP Address. A valid IP address. The IP address must be unique per appliance. This means the same IP address cannot be defined in another VLAN configuration for the same appliance.

Netmask. A valid netmask.

ID. A VLAN ID. You may specify a number between 0 and 4094, inclusive. The VLAN ID must be unique per appliance. This means the same VLAN ID cannot be defined in another VLAN configuration for the same appliance.

Name.  A VLAN name to identify the VLAN configuration in the VLANs list.

Route information includes:

Gateway. A gateway IP address. The gateway/target network pair must be unique per appliance. This means the same gateway/target network pair cannot be defined in another static route configuration for the same appliance.

Target. A target network, in CIDR format. The target network must have a valid starting IP address for the target mask provided. The gateway/target network pair must be unique per appliance. This means the same gateway/target network pair cannot be defined in another static route configuration for the same appliance.

Name. A route name to identify the static route configuration in the static routes list.

For each physical scanner appliance, you can add up to 99 VLANs and up to 99 static routes.

For each virtual scanner appliance, you can add up to 4094 VLANs and up to 4094 static routes as long as you are using the latest distribution. You'll have the latest virtual scanner if you've deployed it using scanner image via-2.0.13-1 or later. (If you have a previous version, you can add up to 99 VLANs.)

Yes, however you can add only one VLAN configuration per appliance using the LCD panel (for a physical appliance) or virtual appliance console. Note:

- This VLAN can't have static routes.

- This VLAN can't be viewed or edited within the user interface.

- This VLAN takes precedence. In a case where a user defines a VLAN in the user interface that is identical to a VLAN defined using the appliance, the appliance-defined VLAN will be saved and the user interface-defined VLAN will be ignored.

The connectivity status - Connected indicates that the scanner appliance is ready for scanning. It connected successfully to our cloud security platform on the date and time shown. You can see the software versions installed on the appliance and the latest available software on our cloud security platform. Software updates occur automatically. If you want to update the software, go to VM/VMDR > Scans Appliances, edit the appliance, and request a software update.

In the Standard network configuration, the LAN connector services both scanning traffic and management traffic to the platform. In the Split network configuration, the scanner appliance separates scanning traffic and management traffic, using both the LAN and WAN connectors. In the Split configuration, no internal traffic is routed or bridged to the WAN port, and no management traffic is bridged to the LAN port.

Enabled. Indicates whether LAN IP configuration is enabled for the scanner appliance.

Configuration. The network traffic configuration for the LAN interface: DHCP or Static IP. By default, the scanner appliance is pre-configured with DHCP but may have been configured to use a static IP address.

IP Address. The IP address for the LAN interface.

Duplex. The duplex setting for the LAN port links: Full Duplex, Half Duplex, or Unknown if details are unavailable.

Speed. The speed setting for the LAN port links: 10Mbits/second, 100Mbits/second, 1000Mbits/second (1Gbit/second), or Unknown if details are unavailable.

Netmask. The netmask value for the LAN interface.

Default Gateway. The gateway IP address for the LAN interface.

DNS Servers. The DNS Domain name IP address or the LAN interface.

WINS Servers. The WINS  IP addresses.

Enabled. Indicates whether WAN IP configuration is enabled for the scanner appliance.

Configuration. The network traffic configuration for the WAN interface: DHCP or Static IP.

IP Address. The IP address for the WAN interface.

Duplex. The duplex setting for the WAN port links: Full Duplex, Half Duplex, or Unknown if details are unavailable.

Speed. The speed setting for the WAN port links: 10Mbits/second, 100Mbits/second, 1000Mbits/second (1Gbit/second), or Unknown if details are unavailable.

Netmask. The netmask value for the WAN interface.

Default Gateway. The gateway IP address for the WAN interface.

DNS Servers. The IP address for the DNS server.

Enabled. Indicates whether proxy settings are enabled for the scanner appliance.

IP Address. The IP address for the proxy server.

Port. The port number assigned to the proxy server.

User. The user name for proxy authentication on the proxy server if authentication is enabled at the proxy level.

You can group the scanner appliances by tagging them with single or multiple asset tags and add the tags to the web application or scan configuration. All the scanner appliances associated with the tags form a pool for the web application. During scan run time, the best available scanner gets selected from the group of tagged scanners.

Virtual scanner instances can be increased in size only up to 16 CPUs and 16 GB RAM.

Instances can only be increased in size; they cannot be reduced back as this may create unexpected functionality issues on the scanner. The virtualization platform will require you to turn off the instance before you increase the size. Recommended increase is 1:2 ratio, 1-CPU, 2-RAM. Any size is accepted within the supported range but a disproportionate increase will probably an overkill and may not be useful.