I have a custom test environment that we have firewalled off from our where the Qualys box sits.
What ports do I need to have opened for me to scan the environment?
For best results you should allow the appliance through on all ports. Restricting the ports will restrict the services we are able to detect and thus the detection we can run. If you are forced to scan through a firewall the best option to take is to whitelist the appliance IP so that the traffic can pass through uninterrupted.
Is it two way flow or one way flow (from Scanner to host or to & Fro?)
Also is this flow apply for the external scan too? Do we need to open all ports for the external scan for the external scanner?Regards,
The flow of traffic is from the scanner to target, also applies to external scans.
The ports to be opened would depend on what you're trying to scan - this is what you define in your Option Profile settings.
Retrieving data ...