How to troubleshoot a live system reported as “No Host Alive” during External Scanning for PCI.
The "No Host Alive" message means we did not detect a live system at that IP Address when performing the Discovery phase of our Scan. The Discovery Phase tests 30 common ports to see if we receive a response, thereby validating that the system is alive, at which point we then move onto the scanning phase. If we don’t receive a response on those 30 common ports, we list the system as Not Alive.
To remediate this situation there are several different options: A) Enable ICMP to the system which should allow the system to be discovered alive, and B) Notify Qualys Support of the unique port available to the internet, which can be added to the discovery list of your subscription.
The easiest of these solutions is to simply enable ICMP to the system on the firewall, which should be easy to modify and not introduce adverse security concerns.
Here are the Ports we check during our initial discovery phase:
PCI Scan - Host Discovery
TCP: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445
UDP: 53, 111, 135, 137, 161, 500
Lastly, since PCI does require both Internal and External scanning, if a system cannot be scanned from the External perspective, it should still be scanned and secured Internally, thereby providing the required security of the cardholder data environment.
Qualys Support KnowledgeBase