https://live.paloaltonetworks.com/t5/general-topics/vulnerability-scanning/m-p/204176#M60107 <P>My requestors wants to perform Vulnerability scanning on the Palo Alto firewall devices and they want to whitelist the Qualys devices residing on ON-Prem. So my question is do i need to create security rule or make modifications to vunerability or allow those scanners on the management interface?</P><P>They provided me the scanner IP's that they wan to whitelist.</P> Wed, 07 Mar 2018 20:22:24 GMT kpotru 2018-03-07T20:22:24Z https://live.paloaltonetworks.com/t5/general-topics/vulnerability-scanning/m-p/204176#M60107 <P>My requestors wants to perform Vulnerability scanning on the Palo Alto firewall devices and they want to whitelist the Qualys devices residing on ON-Prem. So my question is do i need to create security rule or make modifications to vunerability or allow those scanners on the management interface?</P><P>They provided me the scanner IP's that they wan to whitelist.</P> Wed, 07 Mar 2018 20:22:24 GMT https://live.paloaltonetworks.com/t5/general-topics/vulnerability-scanning/m-p/204176#M60107 kpotru 2018-03-07T20:22:24Z https://live.paloaltonetworks.com/t5/general-topics/vulnerability-scanning/m-p/204293#M60108 <P>hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75951">@kpotru</a></P> <P>&nbsp;</P> <P>in an existing security profile you can add exceptions to exclude an IP, but these are on a 'per signature' basis</P> <P>if you want to exclude a device for all signatures, it is more practivcal to create a security rule specific to that device and add security profiles that have been set to alert, or without security profiles</P> Thu, 08 Mar 2018 08:20:58 GMT https://live.paloaltonetworks.com/t5/general-topics/vulnerability-scanning/m-p/204293#M60108 reaper 2018-03-08T08:20:58Z