Manage Your Scanner Appliance

You can configure some scanner appliance settings within the user interface. The LAN/WAN network settings are defined using the LCD interface (for a physical appliance) or the virtual appliance console. These settings include IP address, netmask, default gateway and DNS.

How many appliances do I have?

It's easy to find out. Go to Help > Account Info > My Scanner Appliances to see the number of appliances (purchased and activated) for your account. Go to Scans > Appliances to search your appliances and drill-down into appliance details. You can search for appliances that are connected to our cloud platform, busy processing scans and/or have certain settings - like serial number, LAN IP, software version, network and more.

Is my appliance ready for scanning?

Go to the appliances list (Scans > Appliances) and check your appliance status. You'll see Green scanner connected icon

(Connected) next to your appliance when it is ready to process scans. Your appliance must be connected to our cloud platform. If not, you need to troubleshoot the issue before you can start scanning. Learn more

Do you have a new appliance? It can take a few minutes for your appliance to connect to our platform for the first time. You can refresh your browser periodically to be sure you are seeing the most up to date detail.

Notify me when my appliance is offline

Just opt in to the Heartbeat Check Notification. We perform a heartbeat check on every appliance every 4 hours to make sure its online and ready to process scans. You can get an email notification when the appliance misses some number of heartbeat checks (1-5). To get the notification: 1) Go to Scans > Appliances and edit the appliance settings, choose the notification and configure the number of missed checks, and 2) Select User Profile below your user name (in the top right corner), go to Options and select "Scanner Appliance heartbeat check".

Keep in mind that your appliance may come back online after you receive a heartbeat check notification email. If you receive this email, we recommend you investigate further by going to the appliances list and checking the status. If you see Green scanner connected icon

(Connected) next to your appliance then it is ready for scanning, and there's no cause for concern.

Tell me about the indicators on the appliance list

These indicators tell you whether the appliance is connected and whether it's busy with a scan job.

indicates the appliance is connected to our cloud platform and is ready to perform scans.

indicates the appliance is not connected to our cloud platform and it's not ready to perform scans. Check to be sure your appliance is properly configured and can access our cloud platform.

indicates that the scanner is currently busy with a scan job. See preview pane for available capacity.

Changing the friendly name and polling interval

You can edit the appliance settings. Go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu.

The title is initially set as is_userlogin, where userlogin is the login ID for the user who installed the appliance. When editing the title a maximum of 32 characters may be used, including: alphabetic characters (upper and lower case), numeric characters (0 through 9), dash (-), underscore (_), and dot (.).

The polling interval, in seconds, identifies how often the scanner appliance polls the platform for new information. The initial polling interval is set to 180 seconds (3 minutes). The polling interval can be 60 to 3600 seconds.

Assign asset tags to your appliance

(Applicable only when Asset Tagging is enabled for your subscription.) By assigning asset tags to your appliance you'll be able to use the All Scanners in TagSet option at scan time. This option lets you choose scanner appliances based on asset tags in the scan target. Learn more

If the scanner is part of an Asset Group then we will add the corresponding Asset Group tag to the scanner for you. You cannot add Asset Group tags and Business Unit tags.

How do I grant users access to an appliance?

Users who are not Managers need to be granted access to an appliance in order to use it. Without access privileges, a user can't launch a scan using the appliance. It's possible for a user with less than Manager privileges to set up and activate an appliance. In this case the user who set up the appliance needs to be granted access to the appliance in order to use it. Learn more

How can I check appliance capacity?

You can see how much capacity is currently using, and how much was used for your scans. Learn more

Tell me about software versions

One of the first tasks that an appliance will do after making initial contact with our cloud platform is to download the most recent software for the scanning engine and vulnerability signatures. Software updates will occur automatically several times a week and you do not need to take any action to receive them. You might see a yellow indicator next to the version - this tells you the appliance does not have the latest software installed. You can click "Update Now" to get the software update or you can wait for the next automatic update.

The time it takes will vary depending on your network load and the download file sizes. Note that scans started before the update completes will run with the older software versions.

Have a physical appliance? The red S2 LED on the front panel of the appliance is lit when an update to the software is in progress. This light turns off when the update is complete.

Can I replace an appliance?

Yes you can replace an appliance with a new one (if you are a Manager or Unit Manager). First check to be sure the appliance is not currently running scans by checking the activity log (Users > Activity Log). We recommend you wait for scans to complete or cancel them. When you're ready, just go to Scans > Appliances and select New > Replace Scanner Appliance. Learn more

Tell me how to reboot an appliance

Sometimes a reboot of the appliance is necessary. As a first step, check to be sure there are no scans running on the appliance by checking out the activity log (Users> Activity Log). If there are any running scans, you can wait for them to complete or cancel them. When you're ready to request a reboot, go to Scans > Appliances, edit the appliance and click the Reboot button under General Information.

Tip - While rebooting may necessary at times this can impact our ability to troubleshoot and track down an underlying issue with the appliance, such as its network configuration. Please contact Support if there is a need to reboot an appliance multiple times.

Tell me about SCAP and IPv6 options

These scanning options can be enabled by editing the appliance settings. Go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu.

Enable the SCAP option under Scanner Options (Manager only). In order to run SCAP scans the appliance must be running Scanner Appliance software version 2.4 or later.

You can enable IPv6 scanning by editing the appliance settings. Under LAN Settings select "Enable IPv6 for this scanner". IP assignment is done through router advertisement if you select "Automatically". You can assign a static IP address instead by choosing "Static". Once configured, scanning traffic will be routed through the LAN interface - LAN IPv4 for scanning IPv4 hosts and LAN IPv6 for scanning IPv6 hosts. Learn more

You can enable IPv6 scanning using the appliance LCD panel. Go to the SETUP NETWORK option and select ENABLE IPV6 ON LAN and press Enter. Once configured, all scanning traffic is routed through the LAN interface and IP assignment is done through router advertisement (a static IP address cannot be configured at this time). Learn more

SCAP and IPv6 scanning must be enabled for your account. Please contact Support or your Technical Account Manager if you are interested in turning on SCAP scanning and/or IPv6 scanning.

These options are not available for offline scanner appliances.

Can I configure VLANs and static routes?

Yes. Go to Scans > Appliances. Hover over the appliance you want to change and select Edit from the menu. You can configure your appliance with multiple VLANs and static routes to support VLAN trunking on the LAN interface for scanning traffic. Once configured, the appliance adds a VLAN tag to all scanning packets following the 802.1Q tagging protocol (the VLAN tag designates which VLAN the traffic should be routed to the hosts being scanned at the switch layer).

- Your appliance must be configured with a static IP address on the LAN interface.

- Your appliance must be running Scanner Appliance software version 2.1 or later.

- VLAN trunking must be enabled for your subscription. Please contact Support or your Technical Account Manager to get this feature.

- All virtual scanners support VLAN trunking except 1) the Amazon EC2/VPC distribution and 2) offline scanner appliances.

VLAN information includes:

IP Address. A valid IP address. The IP address must be unique per appliance. This means the same IP address cannot be defined in another VLAN configuration for the same appliance.

Netmask. A valid netmask.

ID. A VLAN ID. You may specify a number between 0 and 4094, inclusive. The VLAN ID must be unique per appliance. This means the same VLAN ID cannot be defined in another VLAN configuration for the same appliance.

Name. A VLAN name to identify the VLAN configuration in the VLANs list.

Route information includes:

Gateway. A gateway IP address. The gateway/target network pair must be unique per appliance. This means the same gateway/target network pair cannot be defined in another static route configuration for the same appliance.

Target. A target network, in CIDR format. The target network must have a valid starting IP address for the target mask provided. The gateway/target network pair must be unique per appliance. This means the same gateway/target network pair cannot be defined in another static route configuration for the same appliance.

Name. A route name to identify the static route configuration in the static routes list.

Physical scanners - You can add up to 4094 VLANs to devices with a serial number over 29000 and up to 99 VLANs to devices with a serial number under 29000. All physical scanners support up to 99 static routes.

Virtual scanners - You can add up to 4094 VLANs and 4094 static routes to each virtual scanner as long as you are using the latest appliance software distribution. Previous versions support up to 99 VLANs.

Yes however you can add only one VLAN configuration per appliance using the LCD panel (for a physical appliance) or virtual appliance console. Note:

- This VLAN can't have static routes.

- This VLAN can't be viewed or edited within the user interface.

- This VLAN takes precedence. In a case where a user defines a VLAN in the user interface that is identical to a VLAN defined using the appliance, the appliance-defined VLAN will be saved and the user interface-defined VLAN will be ignored.