Manage your scanner appliance

You can configure some scanner appliance settings within the VM application. Choose VM/VMDR from the application picker and go to Scans > Appliances. The LAN/WAN network settings are defined using the LCD interface (for a physical appliance) or the virtual appliance console. These settings include IP address, netmask, default gateway and DNS.

Is my appliance ready for scanning?

Tell me about software versions

Notify me when my appliance is offline

Can I replace an appliance?

Who can manage scanner appliances?

Tell me how to reboot an appliance

Changing the friendly name and polling interval

Can I configure VLANs and static routes?

Tell me about the icons in the appliances list

Tell me about connectivity and versions

How do I grant users access to an appliance?

Tell me about network configurations

How can I check appliance capacity?

Tell me about the preview pane

Can I group scanner appliances to form a scanner appliance pool?

Can I change the size of an existing virtual scanner instance?


Is my appliance ready for scanning?

Go to the appliances list (Configuration > Appliances) and check your appliance status. You'll see Icon indicating scanner appliance is connected. (Connected) next to your appliance when it is ready to process scans. Your appliance must be connected to our cloud security platform. If not, you need to troubleshoot the issue before you can start scanning.

Do you have a new appliance? It can take a few minutes for your appliance to connect to our platform for the first time. You can refresh your browser periodically to be sure you are seeing the most up to date detail.

Notify me when my appliance is offline

Just opt in to the Heartbeat Check Notification in the VM application. We perform a heartbeat check on every appliance every 4 hours to make sure its online and ready to process scans. You can get an email notification when the appliance misses some number of heartbeat checks (1-5). To get the notification: 1) In the VM application go to Scans > Appliances and edit the appliance settings, choose the notification and configure the number of missed checks, and 2) Select User Profile below your user name (in the top right corner), go to Options and select "Scanner Appliance heartbeat check".

Keep in mind that your appliance may come back online after you receive a heartbeat check notification email. If you receive this email, we recommend you investigate further by going to the appliances list and checking the status. If you see Icon indicating scanner appliance is connected. (Connected) next to your appliance then it is ready for scanning, and there's no cause for concern.

Who can manage scanner appliances?

Managers can set up appliances using the VM application. In order to use a scanner appliance it must be visible in your scanner appliances list within the WAS application. Managers (and users with full rights for WAS) will see all configured appliances in their scanner appliances list. Users without full rights for WAS will see the appliances only if a tag that is applied to the appliance is assigned to the users scope.

Changing the friendly name and polling interval

You can edit the appliance settings. In the VM application Go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu.

The title is initially set as is_userlogin, where userlogin is the login ID for the user who installed the appliance. When editing the title a maximum of 15 characters may be used, including: alphabetic characters (upper and lower case), numeric characters (0 through 9), dash (-), underscore (_), and dot (.).

The polling interval, in seconds, identifies how often the scanner appliance polls the platform for new information. The initial polling interval is set to 180 seconds (3 minutes). The polling interval can be 60 to 3600 seconds.

Tell me about the icons in the appliances list

These icons tell you the current status of your appliances.

 

How do I grant users access to an appliance?

Users who do not have full WAS rights need to be granted access to a scanner appliance in order to use it for scans. You can grant a user access to an appliance by editing the user's scope and assigning a tag that has been applied to that appliance. Want to define tags? It's easy - just go to the CyberSecurity Asset Management (CSAM) application.

How can I check appliance capacity?

You can see how much capacity is currently using, and how much was used for your scans. In the VM application go to Scans > Appliances and click the scanner appliance row. The preview pane shows the available capacity of the scanner appliance expressed as a percentage. For example, Available Capacity: 82% means the appliance is using 18% of its capacity and 82% of its capacity is currently available.

Tell me about software versions

One of the first tasks that an appliance will do after making initial contact with our cloud platform is to download the most recent software for the scanning engine and vulnerability signatures. Software updates will occur automatically several times a week and you do not need to take any action to receive them. When viewing your scanner appliance within the VM application, You might see a yellow indicator next to the version - this tells you the appliance does not have the latest software installed. You can click "Update Now" to get the software update or you can wait for the next automatic update.

How long does it take to update the software?

Can I replace an appliance?

Yes you can replace an appliance with a new one (if you are a Manager). First check to be sure the appliance is not currently running scans by checking the activity log. In the VM application go to Users > Activity Log. We recommend you wait for scans to complete or cancel them. When you're ready, just go to Scans > Appliances (in the VM application) and select New > Replace Scanner Appliance. We'll transfer settings to the new appliance - these include the polling interval, heartbeat checks, scanning options, VLANs and static routes. We'll update asset groups and schedules with the new appliance if the old one was defined. Also we'll remove the new appliance its previous asset groups and scheduled scans, if any.

Tell me how to reboot an appliance

Sometimes a reboot of the appliance is necessary. As a first step, check to be sure there are no scans running on the appliance by checking out the activity log. In the VM application go to Users > Activity Log. If there are any running scans, you can wait for them to complete or cancel them. When you're ready to request a reboot, go to Scans > Appliances, edit the appliance and click the Reboot button under General Information.

Tip - While rebooting may necessary at times this can impact our ability to troubleshoot and track down an underlying issue with the appliance, such as its network configuration. Please contact Support if there is a need to reboot an appliance multiple times.

Can I configure VLANs and static routes?

Yes. In the VM application go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu. You can configure your appliance with multiple VLANs and static routes to support VLAN trunking on the LAN interface for scanning traffic. Once configured, the appliance adds a VLAN tag to all scanning packets following the 802.1Q tagging protocol (the VLAN tag designates which VLAN the traffic should be routed to the hosts being scanned at the switch layer).

Check the requirements

What VLAN information is needed?

What static route information is needed?

How many VLANs and static routes can I add?

Can I add VLANs using the appliance?

Tell me about connectivity and versions

Connected tells you the scanner appliance is ready for scanning. It connected successfully to our cloud security platform on the date and time shown. You'll see the software versions installed on the appliance and the latest available software on our cloud security platform. Software updates occur automatically. Want to update the software right away? Just go to VM/VMDR > Scans Appliances, edit the appliance and request a software update.

Tell me about network configurations

In the Standard network configuration, the LAN connector services both scanning traffic and management traffic to the platform. In the Split network configuration, the scanner appliance separates scanning traffic and management traffic, using both the LAN and WAN connectors. In the Split configuration, no internal traffic is routed or bridged to the WAN port, and no management traffic is bridged to the LAN port.

LAN IP Configuration

WAN IP Configuration

Proxy Configuration

Tell me about the preview pane

The preview pane appears under the list area when you click anywhere in a scanner appliance row. The preview displays the scanner version, signatures version and serial number, and shows whether or not the scanner appliance is currently online.

Preview pane displaying the details of the scanner appliance you selected from the list.

Can I group scanner appliances to form a scanner appliance pool?

Yes. You can group the scanner appliances by tagging them with single or multiple asset tags and add the tags to the web application or scan configuration. All the scanner appliances associated with the tags form a pool for the web application. During scan run time, the best available scanner gets selected from the group of tagged scanners.

Option to add tags to scanner appliances in Scan Settings.

Can I change the size of an existing virtual scanner instance?

Yes. Virtual scanner instances can be increased in size only up to 16 CPUs and 16 GB RAM.

Instances can only be increased in size; they cannot be reduced back as this may create unexpected functionality issues on the scanner. The virtualization platform will require you to turn off the instance before you increase the size. Recommended increase is 1:2 ratio, 1-CPU, 2-RAM. Any size is accepted within supported range but disproportionate increase will probably be an overkill and may not be useful.