Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Select Account → IP Assets.
  2. On the right-hand side of the screen, select Walk Me Through Wizard.
    1. Confirm on Adding New IPs.
    2. Confirm on Adding New Domains (if any are in use within your environment).
    3. Confirm on use of potential Load-Balancers within your environment.

Firewall Rules

Qualys PCI ASV scanning includes a Discovery Phase which tests 30 common ports to see if a response is received, thus validating that the system is alive. After which, Qualys then moves onto the Scanning Phase to complete your ASV scans.

To ensure that the Qualys Scanner Appliance is able to reach your systems for testing, and to prevent a “Host Not Alive” error (wherein the appliance cannot find your systems), Armor recommends opening the following ports in your firewall before processing new ASV Scans:

  • TCP:   21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445

  • UDP:   53, 111, 135, 137, 161, 500

  • ICMP:   On

If customers are still receiving “Host Not Alive” errors when scanning after the above ports are enabled, the direct Scanner Appliance may be whitelisted by including ( in the firewall before re-running scans.

New Scans

Any user may start a new Discovery scan to check ongoing compliance status and current vulnerabilities.