I read a page on your website Scanning - The Basics and it says I need to whitelist Qualys scanner IP addresses. I have few questions on that:
First Question, is it asking me to whitelist IP addresses on my perimeter firewall?
Second question, why will I open outside IP addresses (although for a fixed window typically called scan window) to my DMZ directly. Doesn't it contradict with the purpose of external VA which is to check the security of my external environment?
I am quite confused whether it is really required to whitelist external scanner IP addresses or not?