How to configure your Offline Scanner

Document created by Qualys Documentation Employee on Aug 13, 2014Last modified by Qualys Documentation Employee on Aug 10, 2016
Version 4Show Document
  • View in full screen mode

Qualys Offline Scanner Appliance lets you scan for vulnerabilities in secure air gap networks that do not have Internet access. This is distributed as a virtual appliance for VMware Workstation. Once you've successfully configured your scanner it'll be ready for scanning.

 

 

A few things to consider...

 

1) You'll need VMware Workstation. We support v9.0 or greater on Windows 7 x64. It should be expected to work on other virtualization platforms, but Qualys can only assist with troubleshooting on this supported platform.

 

2) You should have already 1) downloaded the offline scanner image file (.ova) and 2) obtained a personalization code.

 

 


 

I'm ready to get started. What are the steps?

 

Start your virtualization platform. Locate the offline scanner image file starting with qVSA-O (.ova) on your local system, open the image and power on the virtual machine.

 

Personalize the scanner. Follow these steps in the Console Interface.

 

Press the Right arrow to select "Personalize this scanner" and then type in your personalization code. Don't have your personalization code? Go to the Qualys UI and get it from the Scans > Appliances list.

 

console1.png

 

Now your scanner will connect to the Qualys Cloud Platform to complete the activation and download the latest software. You’ll see the activation progress.

 

console2.png

 

Having trouble activating your scanner? 1 - Check settings in VMware (see VMware Configuration below). 2 - Check network access to scanners. Log into the Qualys UI and go to Help > About to see a list of URLs (at the SOC) that your scanner must be able to contact on port 443.

 

Upon success you'll see the scanner's name and IP address. That's it! You've added your offline scanner to your account. (Note the Web UI URL. You'll need this to log in to the Scanner's Web UI.)

 

console3.png

 

 


 

VMware Configuration

 

The Qualys Offline Scanner Appliance should be configured with two virtual network adapters using your virtualization platform (i.e. VMware Workstation).

 

vmSettings.png

 

Your virtualization software should automatically create an instance of the appliance with the correct network adapters in place.

 

On VMware Workstation, these interfaces will be Network Adapter and Network Adapter 2. Initially, Network Adapter should default as type NAT; and Network Adapter 2 should default as type Host-only.

 

Network Adapter 1 must be configured for Bridged networking when in OFFLINE SCANNING MODE. It can be NAT or Bridged when in CLOUD SYNC MODE. Network Adapter 2 should always be configured for Host-only networking.

 

 

 

 

 

 

Here are the required network settings, depending on the mode you’re in.

 

VMware
Workstation
default label
Appliance
OS
Appliance
Mode
PurposeRequired
VMware
network type
Connect
a host
virtual adapter
Local
DHCP service
Virtual NIC #1Network Adaptereth0CLOUD SYNCCommunicate with the Qualys Cloud PlatformNAT*
- or -
Bridged**

enabled

 

n/a

enabled

 

n/a

OFFLINE SCANNINGScan hostsBridged**n/an/a
Virtual NIC #2Network Adapter 2eth1anyLocal scanner web UIHost-onlyenabledenabled

 

* NAT configuration. NAT is practically the only choice if your external connection goes over a VPN. Bridging from a virtual machine will not work over host VPN adapters.

 

** Bridging to external networks. VMware Workstation may be installed on a host system with multiple network adapters (wired, wireless, VPN). In the Virtual Network Editor, you’ll need to determine which network adapter is appropriate for the external connection and select it. We do not recommend leaving the Bridged virtual network in "Automatic" mode because it almost never works and it is often problematic over wireless adapters.

 

wifi.png

 

 

 


Sample Network Configurations

 

Host-only type

virtual_networking_host_only.png

 

NAT type

virtual_networking_nat.png

 

Bridged type

If you have plugged into the physical network with an Ethernet cable, it is strongly recommended that you manually bridge your virtual network to the physical NIC of your host machine. Leaving the "Bridged to:" setting in Automatic mode allows for the possibility that your virtual network will instead bind to a VPN port or other network adapter.

virtual_networking_bridged_type.png

 


 

Network Troubleshooting

 

How to find your offline scanner appliance’s current IP address(es)

The Console Interface of the offline appliance, viewable only from within VMware Workstation, will display the current IP address(es) of your offline appliance.

 

Use a standard web browser running on your host OS to navigate to the Web UI URL (https://x.x.x.x:8080/) of the appliance. Please note that both https and the 8080 port number must be included when you enter the address into your browser.

 

console_ip.png

 


 

You might also be interested in ...

Offline Scanner Appliance User Guide (PDF)

How to check network access to scanners

Attachments

    Outcomes