Qualys allows the configuration of static routes on both virtual and physical scanners. This allows the scanner to direct non-local traffic to the appropriate gateway address when this address is not the default gateway. This configuration may be useful when a scanner is placed on a transit network containing multiple routers for different destinations, such as for remote facilities or business partner network connections.
This feature must be enabled by your TAM, and may not be available for all license types. Please check with your TAM.
In order to configure your appliance with static routes you will need the following information:
- Gateway IP address. The scanner-facing IP address of the router or gateway. There is no requirement for uniqueness, the same gateway may be used for multiple target networks.
- Target network address in CIDR format. The gateway/target network pair must be unique. The same gateway/target network pair cannot be defined in another static route configuration for the same appliance.The target network must have a valid starting IP address for the target mask provided.
- A route name to identify the static route configuration in the static routes list.
Configure the static routes by navigating to Scans->Appliances, selecting the appliance, choosing Edit, and selecting the Static Routes tab on the left. Click New, then click OK once you have read and understood the warning.
When the Edit Route dialog box appears enter the required information and click OK. Click Save once all your Add/Change/Delete operations have been completed.
- All physical scanners support up to 99 static routes.
- Virtual scanners support up to 4094 static routes as long as you are using the latest appliance software distribution. Previous versions support up to 99 VLANs.