https://live.paloaltonetworks.com/t5/general-topics/qualys-scanner-blocked/m-p/544338#M111401 <P>Hi,</P> <P>&nbsp;</P> <P>We recently deployed Palo Alto and I notice that its blocking qualys scan on my internal network for the traffic passing through the Palo Alto vwire.&nbsp; How can allow all qualys traffic to pass through the Palo Alto?</P> Thu, 01 Jun 2023 13:47:23 GMT ismailsh 2023-06-01T13:47:23Z https://live.paloaltonetworks.com/t5/general-topics/qualys-scanner-blocked/m-p/544338#M111401 <P>Hi,</P> <P>&nbsp;</P> <P>We recently deployed Palo Alto and I notice that its blocking qualys scan on my internal network for the traffic passing through the Palo Alto vwire.&nbsp; How can allow all qualys traffic to pass through the Palo Alto?</P> Thu, 01 Jun 2023 13:47:23 GMT https://live.paloaltonetworks.com/t5/general-topics/qualys-scanner-blocked/m-p/544338#M111401 ismailsh 2023-06-01T13:47:23Z https://live.paloaltonetworks.com/t5/general-topics/qualys-scanner-blocked/m-p/544360#M111406 <P>Hello,</P> <P>You will need to create a security policy to allow the traffic from the scanner's IP address. Something like</P> <P>Source Zone (the zone the scanner is in) - Source Address (IP of the scanner(s) ) - Destination zone and address (can be specific or just any) - ANY application on ANY service. then no security profiles but enable logging at sesstion end.</P> <P>&nbsp;</P> <P>Please make sure to not use an external scanner as you may inadvertently open your network to the internet.</P> <P>&nbsp;</P> <P>Hope this helps.</P> Thu, 01 Jun 2023 16:57:08 GMT https://live.paloaltonetworks.com/t5/general-topics/qualys-scanner-blocked/m-p/544360#M111406 OtakarKlier 2023-06-01T16:57:08Z