Set up external and internal scans
      Back to home
      1. Knowledge Base
      2. Set up and manage scans
      3. Set up external and internal scans

      Install Qualys scanning probe

      This guide explains how to install a Qualys probe needed to run scans inside of your network

      Table of content

      1. Whitelist the required IPs
      2. Download the internal probe
      3. Install the internal probe
      4. Troubleshooting & FAQs

      1. Whitelist the following IPs

      Start by whitelisting the following IPs outbound in your firewall.

      2. Download the internal probe

      You can download the installation file for your internal probe using the links in the table below. Please ensure that the format aligns with your target platform. 

      Distribution package Target platforms File/Package type File location

      VMware
      (Standard)
      • VMware vCenter
      • vSphere
      • ESXi 
      • VMware Workstation
      • Workstation Player
      • Fusion

      OVA

      with VMDK virtual disk format

      		 Download
      OpenStack
      • OpenStack supported versions

      TAR.GZ

      with QCOW2 virtual disk format 

      		 Download
      Microsoft Hyper-V
      • Microsoft Windows Server

      ZIP

      with VHDX virtual disk format

      		 Download

      For more information on Qualys virtual scanner appliances, please refer to the Scanner Appliance FAQs page.

      3. Install the internal probe

      You will receive a unique activation code from your Customer Success Manager, which you will need to use during the installation.

      Installation guides depend on the distribution package you have chosen:

      • VMware (using VMware vCenter, vSphere, ESXi, VMware Workstation, Workstation Player, Fusion): link
      • OpenStack (using OpenStack supported versions): link
      • Microsoft Hyper-V (using Microsoft Windows Server): link 

      Once you've successfully configured your scanner, start a scan following this guide.

      4. Troubleshooting & Frequently Asked Questions

      Commonly faced issues are addressed in the Qualys Scanner Appliance Troubleshooting page

      How many probes do I need?

      The number of probes required depends on the network topology and communication requirements between networks.

      • One probe is needed for every accessible network. If networks are separated by a firewall or other restrictions, additional probes are required.
      • Network Accessibility:
        • Single Probe: Networks that can communicate directly require only one probe.
        • Dual Probes: Firewalls or other restrictions require two probes for scanning.
      • Additional Use Cases:
        • Different Gateways: Networks with distinct gateways may need additional probes.
        • Different VLANs: VLANs may require multiple probes if not reachable through existing infrastructure.
        • Diverse Subnets: Additional probes may be needed if subnets cannot communicate directly.

      I am not getting any results - what might I be doing wrong?

      Firewalls could be blocking access to specific ports required to perform vulnerability checks. Ensure they allow communication between the probe and target devices on required ports.