You can configure some scanner appliance settings within the VM application. Choose VM/VMDR from the application picker and go to Scans > Appliances. The LAN/WAN network settings are defined using the LCD interface (for a physical appliance) or the virtual appliance console. These settings include IP address, netmask, default gateway and DNS.
Can I group scanner appliances to form a scanner appliance pool?
Can I change the size of an existing virtual scanner instance?
Go to the appliances list (Configuration > Appliances) and check your appliance status. You'll see (Connected) next to your appliance when it is ready to process scans. Your appliance must be connected to our cloud security platform. If not, you need to troubleshoot the issue before you can start scanning.
Do you have a new appliance? It can take a few minutes for your appliance to connect to our platform for the first time. You can refresh your browser periodically to be sure you are seeing the most up to date detail.
Just opt in to the Heartbeat Check Notification in the VM application. We perform a heartbeat check on every appliance every 4 hours to make sure its online and ready to process scans. You can get an email notification when the appliance misses some number of heartbeat checks (1-5). To get the notification: 1) In the VM application go to Scans > Appliances and edit the appliance settings, choose the notification and configure the number of missed checks, and 2) Select User Profile below your user name (in the top right corner), go to Options and select "Scanner Appliance heartbeat check".
Keep in mind that your appliance may come back online after you receive a heartbeat check notification email. If you receive this email, we recommend you investigate further by going to the appliances list and checking the status. If you see (Connected) next to your appliance then it is ready for scanning, and there's no cause for concern.
Managers can set up appliances using the VM application. In order to use a scanner appliance it must be visible in your scanner appliances list within the WAS application. Managers (and users with full rights for WAS) will see all configured appliances in their scanner appliances list. Users without full rights for WAS will see the appliances only if a tag that is applied to the appliance is assigned to the users scope.
You can edit the appliance settings. In the VM application Go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu.
The title is initially set as is_userlogin, where userlogin is the login ID for the user who installed the appliance. When editing the title a maximum of 15 characters may be used, including: alphabetic characters (upper and lower case), numeric characters (0 through 9), dash (-), underscore (_), and dot (.).
The polling interval, in seconds, identifies how often the scanner appliance polls the platform for new information. The initial polling interval is set to 180 seconds (3 minutes). The polling interval can be 60 to 3600 seconds.
These icons tell you the current status of your appliances.
Connected and ready to process scans
Disconnected and not ready to process scan
A physical appliance
A virtual enterprise appliance
The appliance software needs to be updated
The appliance software is up to date
Users who do not have full WAS rights need to be granted access to a scanner appliance in order to use it for scans. You can grant a user access to an appliance by editing the user's scope and assigning a tag that has been applied to that appliance. Want to define tags? It's easy - just go to the CyberSecurity Asset Management (CSAM) application.
You can see how much capacity is currently using, and how much was used for your scans. In the VM application go to Scans > Appliances and click the scanner appliance row. The preview pane shows the available capacity of the scanner appliance expressed as a percentage. For example, Available Capacity: 82% means the appliance is using 18% of its capacity and 82% of its capacity is currently available.
One of the first tasks that an appliance will do after making initial contact with our cloud platform is to download the most recent software for the scanning engine and vulnerability signatures. Software updates will occur automatically several times a week and you do not need to take any action to receive them. When viewing your scanner appliance within the VM application, You might see a yellow indicator next to the version - this tells you the appliance does not have the latest software installed. You can click "Update Now" to get the software update or you can wait for the next automatic update.
How long does it take to update the software?
The time it takes will vary depending on your network load and the download file sizes. Note that scans started before the update completes will run with the older software versions.
Have a physical appliance? The red S2 LED on the front panel of the appliance is lit when an update to the software is in progress. This light turns off when the update is complete.
Yes you can replace an appliance with a new one (if you are a Manager). First check to be sure the appliance is not currently running scans by checking the activity log. In the VM application go to Users > Activity Log. We recommend you wait for scans to complete or cancel them. When you're ready, just go to Scans > Appliances (in the VM application) and select New > Replace Scanner Appliance. We'll transfer settings to the new appliance - these include the polling interval, heartbeat checks, scanning options, VLANs and static routes. We'll update asset groups and schedules with the new appliance if the old one was defined. Also we'll remove the new appliance its previous asset groups and scheduled scans, if any.
Sometimes a reboot of the appliance is necessary. As a first step, check to be sure there are no scans running on the appliance by checking out the activity log. In the VM application go to Users > Activity Log. If there are any running scans, you can wait for them to complete or cancel them. When you're ready to request a reboot, go to Scans > Appliances, edit the appliance and click the Reboot button under General Information.
Tip - While rebooting may necessary at times this can impact our ability to troubleshoot and track down an underlying issue with the appliance, such as its network configuration. Please contact Support if there is a need to reboot an appliance multiple times.
Yes. In the VM application go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu. You can configure your appliance with multiple VLANs and static routes to support VLAN trunking on the LAN interface for scanning traffic. Once configured, the appliance adds a VLAN tag to all scanning packets following the 802.1Q tagging protocol (the VLAN tag designates which VLAN the traffic should be routed to the hosts being scanned at the switch layer).
Check the requirements
- Your appliance must be configured with a static IP address on the LAN interface.
- Your appliance must be running Scanner Appliance software version 2.1 or later.
- VLAN trunking must be enabled for your subscription. Please contact Support or your Technical Account Manager to get this feature.
- All virtual scanners support VLAN trunking except for the Amazon EC2/VPC distribution.
What VLAN information is needed?
VLAN information includes:
IP Address. A valid IP address. The IP address must be unique per appliance. This means the same IP address cannot be defined in another VLAN configuration for the same appliance.
Netmask. A valid netmask.
ID. A VLAN ID. You may specify a number between 0 and 4094, inclusive. The VLAN ID must be unique per appliance. This means the same VLAN ID cannot be defined in another VLAN configuration for the same appliance.
Name. A VLAN name to identify the VLAN configuration in the VLANs list.
What static route information is needed?
Route information includes:
Gateway. A gateway IP address. The gateway/target network pair must be unique per appliance. This means the same gateway/target network pair cannot be defined in another static route configuration for the same appliance.
Target. A target network, in CIDR format. The target network must have a valid starting IP address for the target mask provided. The gateway/target network pair must be unique per appliance. This means the same gateway/target network pair cannot be defined in another static route configuration for the same appliance.
Name. A route name to identify the static route configuration in the static routes list.
How many VLANs and static routes can I add?
For each physical scanner appliance, you can add up to 99 VLANs and up to 99 static routes.
For each virtual scanner appliance, you can add up to 4094 VLANs and up to 4094 static routes as long as you are using the latest distribution. You'll have the latest virtual scanner if you've deployed it using scanner image qvsa-2.0.13-1 or later. (If you have a previous version, you can add up to 99 VLANs.)
Can I add VLANs using the appliance?
Yes however you can add only one VLAN configuration per appliance using the LCD panel (for a physical appliance) or virtual appliance console. Note:
- This VLAN can't have static routes.
- This VLAN can't be viewed or edited within the user interface.
- This VLAN takes precedence. In a case where a user defines a VLAN in the user interface that is identical to a VLAN defined using the appliance, the appliance-defined VLAN will be saved and the user interface-defined VLAN will be ignored.
Connected tells you the scanner appliance is ready for scanning. It connected successfully to our cloud security platform on the date and time shown. You'll see the software versions installed on the appliance and the latest available software on our cloud security platform. Software updates occur automatically. Want to update the software right away? Just go to VM/VMDR > Scans Appliances, edit the appliance and request a software update.
In the Standard network configuration, the LAN connector services both scanning traffic and management traffic to the platform. In the Split network configuration, the scanner appliance separates scanning traffic and management traffic, using both the LAN and WAN connectors. In the Split configuration, no internal traffic is routed or bridged to the WAN port, and no management traffic is bridged to the LAN port.
LAN IP Configuration
Enabled. Indicates whether LAN IP configuration is enabled for the scanner appliance.
Configuration. The network traffic configuration for the LAN interface: DHCP or Static IP. By default, the scanner appliance is pre-configured with DHCP but may have been configured to use a static IP address.
IP Address. The IP address for the LAN interface.
Duplex. The duplex setting for the LAN port links: Full Duplex, Half Duplex, or Unknown if details are unavailable.
Speed. The speed setting for the LAN port links: 10Mbits/second, 100Mbits/second, 1000Mbits/second (1Gbit/second), or Unknown if details are unavailable.
Netmask. The netmask value for the LAN interface.
Default Gateway. The gateway IP address for the LAN interface.
DNS Servers. The DNS Domain name IP address or the LAN interface.
WINS Servers. The WINS IP addresses.
WAN IP Configuration
Enabled. Indicates whether WAN IP configuration is enabled for the scanner appliance.
Configuration. The network traffic configuration for the WAN interface: DHCP or Static IP.
IP Address. The IP address for the WAN interface.
Duplex. The duplex setting for the WAN port links: Full Duplex, Half Duplex, or Unknown if details are unavailable.
Speed. The speed setting for the WAN port links: 10Mbits/second, 100Mbits/second, 1000Mbits/second (1Gbit/second), or Unknown if details are unavailable.
Netmask. The netmask value for the WAN interface.
Default Gateway. The gateway IP address for the WAN interface.
DNS Servers. The IP address for the DNS server.
Enabled. Indicates whether proxy settings are enabled for the scanner appliance.
IP Address. The IP address for the proxy server.
Port. The port number assigned to the proxy server.
User. The user name for proxy authentication on the proxy server if authentication is enabled at the proxy level.
The preview pane appears under the list area when you click anywhere in a scanner appliance row. The preview displays the scanner version, signatures version and serial number, and shows whether or not the scanner appliance is currently online.
Yes. You can group the scanner appliances by tagging them with single or multiple asset tags and add the tags to the web application or scan configuration. All the scanner appliances associated with the tags form a pool for the web application. During scan run time, the best available scanner gets selected from the group of tagged scanners.
Yes. Virtual scanner instances can be increased in size only up to 16 CPUs and 16 GB RAM.
Instances can only be increased in size; they cannot be reduced back as this may create unexpected functionality issues on the scanner. The virtualization platform will require you to turn off the instance before you increase the size. Recommended increase is 1:2 ratio, 1-CPU, 2-RAM. Any size is accepted within supported range but disproportionate increase will probably be an overkill and may not be useful.