The QualysGuard Scanner Appliance is a hardware-based appliance that provides an out-of-the-box integration for the NAC Framework. When you are ready to install the Scanner Appliance into your network, consider the following things first:
• IP address to be assigned to the LAN interface
• IP address to be assigned to the WAN interface
Even though you can assign a DHCP address on the LAN and WAN interfaces, it is highly recommended that you configure static IP addresses on the interfaces. The QualysGuard Scanner Appliance uses the WAN interface to establish a connection to QualysGuard platform over SSL. The Scanner Appliance uses this connection to get software updates, vulnerability signatures, and security scan results. Consequently, it is important for a WAN interface to have Internet connectivity to reach the QualysGuard platform. On the other hand, the LAN interface is used to scan hosts on the internal network. When the QualysGuard Scanner Appliance is integrated with NAC, the LAN interface scans the agentless hosts and provides results to the ACS server.
NOTE You must contact Qualys, Inc. directly to order a QualysGuard Scanner Appliance.
The QualysGuard Scanner Appliance is 1 rack unit (RU) in height. When it is rack-mounted and using the split configuration, ensure that the LAN interface is connected to your inside network and that the WAN interface is connected to the network providing Internet access.
NOTE The QualysGuard Scanner Appliance supports two network traffic configurations:
• Standard traffic configuration—Uses one interface for both network scans and management traffic
• Split—Uses the WAN interface for management traffic and the LAN interface for network scans
Connect the power cable to the Scanner Appliance to turn it on. The power LED is lit amber, indicating that the Scanner Appliance is powering up. It takes a few minutes for the appliance to boot up. During the boot-up process, the Scanner appliance displays the following message:
Welcome to QualysGuard Qualys Scanner is starting up Filesystem check in progress Qualys Scanner is coming up
NOTE If you deploy the QualysGuard Scanner Appliance in the Standard traffic-configuration mode, connect the LAN interface to the network because the WAN interface is not used.
By default, the QualysGuard Scanner Appliance is set up as a DHCP client. As the Scanner Appliance boots up, it sends a request for a DHCP address. If it receives an IP address, it should display the SA LOGIN prompt for you to log in. If it fails to receive an IP address, it displays a "NETWORK ERROR" message.
If the "NETWORK ERROR" message appears, press the Enter button (the circular button) to start the network-setup process. Press the up arrow to navigate through the menu. Select the Enable Static IP on LAN option and press the Enter button. When you see "CFG LAN STATIC NETWORK PARAMS?", press the Enter button again. The appliance prompts for LAN IP ADDR. Use the up and down arrow buttons to configure a single digit. Use the left and right arrow buttons to move to the next digit. Press the Enter button to accept the IP address. Similarly, configure the LAN NETMASK, LAN GATEWAY, LAN DNS1, LAN DNS2, LAN WINS1, and LAN WINS2 addresses, and the DOMAIN NAME. When these parameters are configured, the "REALLY SET LAN STATIC NETWORK" message appears. Press Enter if you want to accept the current parameters. If you do not have a WINS server, you can skip defining those addresses. However, you must define at least one DNS server.
Similarly, configure an IP address on the WAN interface of the Scanner Appliance if you deploy the appliance in the Split network configuration. When both the interfaces are set up and the Scanner Appliance has access to the QualysGuard platform, you are ready to move on to configure NAC-specific policies after logging into the appliance.
Was this article helpful?