How Can We Help you?

How Can We Help you?

  1. Home
  2. Knowledge Base
  3. Scan & Reports
  4. Set up external and internal scans
  5. Install Qualys scanning probe

Install Qualys scanning probe

This guide explains how to install a Qualys probe needed to run scans inside of your network

1. Whitelist the following IPs

Start by whitelisting the following IPs outbound in your firewall.

2. Download the internal probe

You can download the installation file for your internal probe using the links in the table below. Please ensure that the format aligns with your target platform.
Distribution package Target platforms File/Package type File location
VMware (Standard)
  • VMware vCenter
  • vSphere
  • ESXi
  • VMware Workstation
  • Workstation Player
  • Fusion
 OVA with VMDK virtual disk format Download
OpenStack
  • OpenStack supported versions
 TAR.GZ with QCOW2 virtual disk format Download
Microsoft Hyper-V
  • Microsoft Windows Server
 ZIP with VHDX virtual disk format Download
For more information on Qualys virtual scanner appliances, please refer to the Scanner Appliance FAQs page.

3. Install the internal probe

You will receive a unique activation code from your Customer Success Manager, which you will need to use during the installation. Installation guides depend on the distribution package you have chosen:
  • VMware (using VMware vCenter, vSphere, ESXi, VMware Workstation, Workstation Player, Fusion): link
  • OpenStack (using OpenStack supported versions): link
  • Microsoft Hyper-V (using Microsoft Windows Server): link
Once you've successfully configured your scanner, start a scan following this guide.

4. Troubleshooting & Frequently Asked Questions

Commonly faced issues are addressed in the Qualys Scanner Appliance Troubleshooting page

How many probes do I need?

The number of probes required depends on the network topology and communication requirements between networks.

  • One probe is needed for every accessible network. If networks are separated by a firewall or other restrictions, additional probes are required.
  • Network Accessibility:
    • Single Probe: Networks that can communicate directly require only one probe.
    • Dual Probes: Firewalls or other restrictions require two probes for scanning.
  • Additional Use Cases:
    • Different Gateways: Networks with distinct gateways may need additional probes.
    • Different VLANs: VLANs may require multiple probes if not reachable through existing infrastructure.
    • Diverse Subnets: Additional probes may be needed if subnets cannot communicate directly.

I am not getting any results - what might I be doing wrong?

Firewalls could be blocking access to specific ports required to perform vulnerability checks. Ensure they allow communication between the probe and target devices on required ports.