I was having the same query as here IP range for Cloud agent and seems we open up a huge chunk for this communication which is 220.127.116.11/20
The error I see when it fails to talk with Cloud platform is says:
12/11/2017 8:56:29.0520 [41E4]: Error: Failed to send request to web service: Error: 12002, "(WinHttp) The request has timed out".
12/11/2017 8:56:29.0520 [41E4]: Error: CommRequest() failed to send the data. Error: 12002. URI("https://qagpublic.qg2.apps.qualys.com/CloudAgent/v1.0/customer/C..E84B163A20B8/agent/CF..B926/CAPI"), Port(443), Secure(1)
12/11/2017 8:56:29.0520 [41E4]: Error: Unable to communicate with the server. Error: 12002, "(WinHttp) The request has timed out".
So shouldn't it be only that "qagpublic.qg2.apps.qualys.com" or the IP it resolves to be set as destination IP? Please provide some details as how this communication requires that /20 subnet or is that only for scanners?