AnsweredAssumed Answered

Block external scans but allow normal internal scanning

Question asked by Jason Shepard on Oct 15, 2015
Latest reply on Oct 16, 2015 by Jason Shepard

We've been hit with authorized Qualys scans externally and want to block them in the future until we are ready to use them. I see the ip range is 64.39.96.0/20  but it looks like blocking this range would also block nomral internal scanning and functionality.

 

I found the ip address  for

 

-qualysguard.qg2.apps.qualys.com:443

- qualysapi.qg2.apps.qualys.com:443

- distribution.qg2.apps.qualys.com:443

- monitoring.qg2.apps.qualys.com:443

- scanservice1.qg2.apps.qualys.com:443

 

 

Can I block all the other ips or is there a better way to block external scans but keep normal internal scanning functionality?

Outcomes