Scanner Appliance FAQs

Document created by Qualys Documentation Employee on Jan 10, 2013Last modified by Qualys Documentation Employee on Dec 19, 2017
Version 10Show Document
  • View in full screen mode

The following FAQs apply to physical scanner appliances and virtual scanner appliances.

Communication Failure message

Appliance Configuration Error

Network Errors using older appliance model

Tell me about proxy support

Tell me about split network configuration

 


Communication Failure message

The COMMUNICATION FAILURE message appears if there is a network breakdown between the scanner and the Qualys Cloud Platform.

 

The communication failure may be due to one of these reasons: the local network goes down, Internet connectivity is lost for some reason, or any of the network devices between the scanner and the Qualys Cloud Platform goes down.

 

Note the sequence of events following a network breakdown:

 

- If there are no scans and/or maps running on the appliance: The next time the scanner sends a polling request to the Qualys Cloud Platform, the polling request fails, and then the COMMUNICATION FAILURE message appears.

 

- If there are scans and/or maps running on the appliance: The COMMUNICATION FAILURE message appears after the running scans and/or maps time out. In this case it is recommended you cancel any running scans and/or maps and restart them to ensure that results are accurate.

 

Once the network breakdown is resolved, you'll see the scanner friendly name and IP address and you scan start new scans.

 

The COMMUNICATION FAILURE message remains until the next time the scanner makes a successful polling request to the Qualys Cloud Platform. There may be a lag time after the network is restored and before the scanner is back online, depending on when the next polling request is scheduled. Additional time is necessary for communications to be processed by a Proxy server if the scanner has a Proxy configuration.

 

Appliance Configuration Error

scanner console error

 

An appliance configuration error indicates the Scanner attempted to connect to the Qualys Cloud Platform and failed.
Important! The Scanner is not functional until the error is resolved.

 

Error listing
General
No response to HTTP request from Qualys Cloud Platform
Invalid proxy IP
Invalid proxy configuration

libcurl error=7 [Failed to connect to host]

(For complete list of libcurl error codes, refer to curl(1) manual page)

Unexpected QG HTTP/404
(where QG represents Qualys Cloud Platform)
Unexpected proxy HTTP/407 (Proxy Authentication Failure)
LAN related
LAN interface is down
No CARRIER on LAN interface
LAN has no IPv4 address   
LAN has no DNS servers
LAN DNS servers can't resolve Qualys Cloud Platform URL   
LAN has no default IPv4 gateway   
Invalid LAN IP configuration
LAN DNS servers can't resolve proxy URL   
WAN related
WAN interface is down   
No CARRIER on WAN interface
WAN has no IPv4 address   
WAN has no DNS servers
WAN DNS servers can't resolve Qualys Cloud Platform URL   
WAN has no default IPv4 gateway   
Invalid WAN IP configuration   
WAN DNS servers can't resolve proxy URL   

 

Network Errors using older appliance model

A network error is an appliance configuration error indicating the Scanner Appliance attempted to connect to the Qualys Cloud Platform and failed.

 

Have an older appliance model? Errors are reported differently using older models. You might want to check out our Quick Start Guide (prior version)
https://www.qualys.com/docs/qualys-scanner-appliance-quick-start-guide-3120-a1.pdf

 

Important! The Scanner Appliance is not functional until the error is resolved.

Please refer to the description provided to help you resolve the issue. If you still need help, identify the error code when you contact Qualys Support.

 

Error CodeDescription
E00, E01Internal error (NTLM Proxy error)
E02Internal error (Proxy error)
E03Proxy configuration error
E04No connectivity after the Proxy was disabled
E05DNS lookup of the Qualys server failed (maybe network connectivity problem)
E06Cannot reach the Qualys server via HTTPS
E07Invalid LAN IP address or LAN gateway address
E08Invalid WAN IP address or WAN gateway address
E09LAN IP address or LAN gateway address cannot be 127.0.0.1
E10Could not configure the LAN interface
E11WAN IP address or WAN gateway address cannot be 127.0.0.1
E12Could not configure the WAN interface
E13DNS lookup of the Qualys server failed due to a network connectivity problem
E14DNS lookup of the Qualys server failed during scanner activation due to a network connectivity problem

 

More general error codes may be overwritten by more specific ones. For example, the scanner may return the error code E04 (No connectivity after the Proxy was disabled). After trying to connect for a while, the error code may be overwritten by E13 (DNS lookup of the Qualys Cloud Platform server failed). When troubleshooting the network error, it's useful to watch these error codes scroll by.

 

Tell me about proxy support

The scanner appliance includes Proxy support with or without authentication - Basic or NTLM. The Proxy server must be assigned a static IP address and must allow transparent SSL tunneling. Proxy level termination (as implemented in SSL bridging, for example) is not supported. The appliance does not support Proxy servers in networking environments where the Proxy server IP address is dynamically assigned. The appliance does not support SOCKS proxies.

 

While using a scanner appliance with a Proxy configuration, you may notice the following:

 

- Lag Time for configuration changes to take effect. Changes may take effect after a period of time that is significantly longer than the polling interval. This is because there is additional time necessary for communications to be processed by the Proxy server.

 

- No results or incomplete results. If the Proxy server sets limits for the absolute session timeout and/or the amount of outbound data that can be sent from the scanner, you may receive no results or incomplete results. It’s possible that your scans will terminate if these limits are set and a large number of IPs are scanned.

 

Tell me about split network configuration

By default the scanner appliance LAN interface services all traffic to the Qualys Cloud Platform. This includes management traffic (software updates, health check, scan data upload) and scanning traffic.

 

traffic_stand.jpg

 

You have the option to configure a split network configuration for your appliance by configuring the WAN interface using the scanner appliance console. This enables the use of scanner appliance in networks that do not have Internet access - either direct or via SSL proxy. Once configured, management traffic will be routed through the WAN interface and scanning traffic will be routed through the LAN interface. No internal traffic will be routed or bridged to the WAN interface, and no management traffic will be routed or bridged to the LAN interface.

 

traffic_split2.jpg

4 people found this helpful

Attachments

    Outcomes