Can I scan networks that require a VPN tunnel be established prior to scanning?
VPN networks perform preliminary authentication to allow host connections. Since this authentication cannot be bypassed, QualysGuard cannot establish a VPN connection and scan the VPN.
However, QualysGuard can scan down an already established VPN tunnel, for example when the VPN is site-to-site and created by a third party device such as a VPN concentrator or Firewall.
This is not a recommended configuration, because of limitations in the available MTU size, encapsulation problems and security measures integrated into the VPN.
However, QualysGuard can scan the device which handles VPN connections, and this is a good practice since several vulnerabilities have been discovered on VPN devices. These vulnerabilities could affect the security/privacy of your VPN secured networks.
You can use the Tools > KnowledgeBase to find information about vulnerabilities that may be discovered on a device that handles VPN connections. See QIDs 38108-38112, 38115, 45014, 90022. Several search options allow you to search the knowledgebase for more vulnerabilities that may threaten the security of your VPN network.
Qualys Support KnowledgeBase