How does Qualys scanning work for forwarded interfaces? For example, if scanning a firewall "A" that has a VIP assigned to it, but forwards all web traffic to another perimeter ip address "B". Device "B" could be a public facing web server. In this case no traffic passing through the firewall, but instead client browser is forwarded to connect to another perimeter facing device "B". Does Qualys scan the firewall "A" only, or does it respond to the forwarding and proceed to scan the perimeter device "B".
Like wise, how are WAFs scanned? Is the WAF scanned or do scan results include the devices behind the WAF?
Trying to make sense of how Qualys works in these cases.