Good day,
I would like to find out how many host IP's are scanned concurrently by 1 Qualys appliance?
Also, does it make a difference if a scheduled scan with 500 host IP's are scheduled through more than one scheduled scan to kick off at 10 minute intervals. So the first scan starts at 9:00, the next at 9:10 and so on. Or should you only create 1 schedule with all 500 IP's in?
Kind regards.
Good morning Herman,
The number of hosts scanned concurrently by a QualysGuard Scanner Appliance (internal or external) is defined in the Option Profile, Performance settings. These vary whether you are running a map or a scan task.
If you run a task (map or scan), against 500 hosts with a setting of 30 hosts in parallel and then 10 minutes later run the same task, you could be assessing 60 hosts at the same time; now if that was an external scan, the task may run on two of our units so it's not a problem but if you were scanning external IP's in a DMZ the firewall may see 60 concurrent assessments and not be able to deal with such volume. Please bare in mind each configuration is different as some firewalls will be absolutely fine with this. If you were running the assessment from a single Scanner Appliance against the hosts and you repeated this task every 10 minutes for an hour, assuming the assessments took a long time, you could be scanning 180 hosts in parallel and the Scanner Appliance may become overloaded. This was more of a concern with our older Scanner Appliances as we not to long ago released a more advanced Scanner Appliance better suited to running more simultaneous tasks but the bigger issues in this scenario would be that you are repetitively scanning the same hosts which is of little value within a short space of time considering you are looking for the same things.
So my advice would be to review the Option Profile to determine settings for map and scan tasks which you find acceptable and run one task against the area you are interested in as defined by an Asset Group. Our standard 'out of the box' Initial Options profile works in the majority of environments but if you have a critical / sensitive area, reduce the performance settings to low or a custom level you are happy with and see how it goes. If you don't need to work around change control windows, it can also be helpful to notify support and networks teams so they are on your side and know who to contact if undesirable situations arise.
Feel free to call or email me if you wish to discuss this further or we can meet up mid-July if you would like to look at this face to face.
All the best,
Nick.