AnsweredAssumed Answered

Scanning behind a load balancer.

Question asked by hkincannon on Oct 15, 2015
Latest reply on Oct 16, 2015 by Philip Niegos

My question is in regards to scanning behind a load balancer.  Let me preface this by saying, I'm relatively new to Qualys in general so this question may have an easy solution that I'm simply not aware of. 

 

Basically what I am trying to do is perform a full vulnerability scan on a segment of our network behind an F5 load balancer.  The scan finishes without error.  The problem is, my scan is picking up many more hosts than I know actually exist in the segment.  I expect 60 or so hosts and my scan is showing 60,000+ alive. 

 

What I expect is happening is that the load balancer is going into hardware protection mode and is just sending a reply for every single query that Qualys makes to it.  To fix this, I've tried lowering the intensity of the scans and how many hosts that are getting scanned in parallel.  My current custom settings in the option profile are even lower than the low configurations settings.  I also have the option selected in the option profile to detect the presence of a load balancer.  Neither of these changes seemed to have help.  I was wondering if anyone in the community has had similar issues they have been able to resolve. 

 

Thanks in advance

Outcomes