- Select Account → IP Assets.
- On the right-hand side of the screen, select Walk Me Through Wizard.
- Confirm on Adding New IPs.
- Confirm on Adding New Domains (if any are in use within your environment).
- Confirm on use of potential Load-Balancers within your environment.
Qualys PCI ASV scanning includes a Discovery Phase which tests 30 common ports to see if a response is received, thus validating that the system is alive. After which, Qualys then moves onto the Scanning Phase to complete your ASV scans.
To ensure that the Qualys Scanner Appliance is able to reach your systems for testing, and to prevent a “Host Not Alive” error (wherein the appliance cannot find your systems), Armor recommends opening the following ports in your firewall before processing new ASV Scans:
TCP: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445
UDP: 53, 111, 135, 137, 161, 500
If customers are still receiving “Host Not Alive” errors when scanning after the above ports are enabled, the direct Scanner Appliance may be whitelisted by including 22.214.171.124/20 (126.96.36.199-188.8.131.52) in the firewall before re-running scans.
Any user may start a new Discovery scan to check ongoing compliance status and current vulnerabilities.