Set up external and internal scans
      Back to home
      1. Knowledge Base
      2. Set up and manage scans
      3. Set up external and internal scans

      Install Qualys scanning probe

      This guide explains how to install a Qualys probe needed to run scans inside of your network

      Table of content

      1. Whitelist the required IPs
      2. Download the internal probe
      3. Install the internal probe
      4. Troubleshooting & FAQs

      1. Whitelist the following IPs

      Start by whitelisting the following IPs outbound in your firewall.

      2. Download the internal probe

      You can download the installation file (ZIP file) for your internal probe using the links from the table below. 

      Distribution package Target platforms File/Package type File location
      Standard

      VMware vSphere:

      • vCenter Server
      • ESXi VMware Workstation
      • Workstation Player
      • Fusion Citrix XenServer

      OVA

      with VMDK virtual disk format

      		 Download
      OpenStack OpenStack Newton

      OVA

      with VMDK virtual disk format

      		 Download
      VMware vApp VMware vSphere: vCenter Server

      VMware vApp OVA

      with VMDK virtual disk format

      (see note below)

      		 Download
      Microsoft Hyper-V Microsoft Windows Server

      ZIP

      with VHD virtual disk format

      		 Download

       

      3. Install the internal probe

      You will receive a personalization code from your Customer Success Manager, which you will need to use during the installation.

      Installation guides depend on the distribution package you have chosen:

      • Standard of OpenStack (using VMware Workstation, Player, Workstation Player, Fusion, ESXi, vCenter Server, and Citrix XenServer): link
      • VMware vApp (using VMware vSphere: vCenter Server): link
      • Microsoft Hyper-V (using Microsoft Windows Server 2019 and 2022): link 

      Once you've successfully configured your scanner it'll be ready for scanning.

      Start a scan following this guide.

      4. Troubleshooting & Frequently Asked Questions

      Please refer to this page to see the Qualys Virtual Scanner Appliance troubleshooting: https://qualys.my.site.com/discussions/s/article/000006009

      How many probes do I need?

      The number of probes required depends on the network topology and communication requirements between networks.

      • One probe is needed for every accessible network. If networks are separated by a firewall or other restrictions, additional probes are required.
      • Network Accessibility:
        • Single Probe: Networks that can communicate directly require only one probe.
        • Dual Probes: Firewalls or other restrictions require two probes for scanning.
      • Additional Use Cases:
        • Different Gateways: Networks with distinct gateways may need additional probes.
        • Different VLANs: VLANs may require multiple probes if not reachable through existing infrastructure.
        • Diverse Subnets: Additional probes may be needed if subnets cannot communicate directly.

      I am not getting any results - what might I be doing wrong?

      Firewalls could be blocking access to specific ports required to perform vulnerability checks. Ensure they allow communication between the probe and target devices on required ports.