Notice of Datacenter Migration of Qualys US3 Platform

Lane Smith

This advance notification is to inform customers with subscriptions on the US3 platform that we will be migrating from our existing colocation datacenter to another colocation datacenter. This migration is scheduled to take place on 27th November 2024, from 5:00 PM PST, and will require a 15-hour downtime.

Please refer to the Frequently Asked Questions (FAQs) below to learn more about this move and what is needed from customers to ensure a smooth transition.

Frequently Asked Questions

What is the scope of the migration activity?

The Qualys US3 Shared Cloud Platform (SCP) will undergo a migration to a new datacenter. All customer data will be moved along with all applications and services from the existing SCP environment in the current data center to the new data center environment.

When is this activity scheduled?

This migration will take place on 27th November 2024, from 5:00 PM PST. It will take place during the scheduled Quarterly Maintenance Downtime for the US3 Platform.

Which customers are affected by this migration?

Customers with subscriptions on the US3 platform will be affected. Please refer to https://www.qualys.com/platform-identification/ for help identifying your platform.

What testing has been done?

Our Operations team has completed extensive testing to ensure this migration will go through smoothly. We have also successfully migrated our other shared cloud platforms in other regions in a similar manner over the last year.

Will there be any impact on customers during this migration?

Qualys services will be unavailable during this migration as we migrate customer data along with applications and services to the new colocation data center environment. Scans using an external scanner might get interrupted until the platform is back online. Qualys recommends pausing scans and resuming them once the platform is back online.

The IP address used for communication between Cloud Agents / Scanner Appliances / Qualys Gateway Appliance and the Shared Cloud Platform will change.

What steps does the customer need to take?

As part of this migration, the IP addresses associated with the FQDNs (URLs) & the Qualys scanners will change. For customers who have already whitelisted the Qualys IPv4 supernet 64.39.96.0/20 in both directions for incoming & outgoing traffic and IPv6 supernet 2602:FDAA::/36, there will be no change. Only those customers who have allowed specific IPs of US3 pod are requested to add the below IPs to the Allowlist to ensure uninterrupted connectivity with Qualys services & scanners. Customers are requested not to remove the existing IP addresses until further notice. The additional IPv4 addresses are within the existing Security Operations Center (SOC) netblock.

URL/ServiceCurrent IP AddressAdditional IP address to whitelistServicesTraffic Direction
qualysapi.qg3.apps.qualys.com64.39.96.13664.39.101.65HTTP, HTTPSOutgoing
qgadmin.qg3.apps.qualys.com64.39.96.13764.39.101.66HTTP, HTTPSOutgoing
portal.qg3.apps.qualys.com64.39.96.13864.39.101.67HTTP, HTTPSOutgoing
portal-bo.qg3.apps.qualys.com64.39.96.13964.39.101.68HTTP, HTTPSOutgoing
distribution.qg3.apps.qualys.com64.39.96.14064.39.101.69HTTP, HTTPSOutgoing
monitoring.qg3.apps.qualys.com64.39.96.14164.39.101.70HTTP, HTTPSOutgoing
scanservice1.qg3.apps.qualys.com64.39.96.14264.39.101.71HTTP, HTTPSOutgoing
gateway.qg3.apps.qualys.com64.39.96.14364.39.101.72HTTP, HTTPSOutgoing
download.qg3.apps.qualys.com64.39.96.14464.39.101.73HTTP, HTTPSOutgoing
rns.qg3.apps.qualys.com64.39.96.14564.39.101.74HTTP, HTTPSOutgoing
certs.qg3.apps.qualys.com64.39.96.14764.39.101.75HTTP, HTTPSOutgoing
rns-bo.qg3.apps.qualys.com64.39.96.14864.39.101.76HTTP, HTTPSOutgoing
qpatchpublic.qg3.apps.qualys.com64.39.96.14964.39.101.77HTTP, HTTPSOutgoing
debug.qg3.apps.qualys.com64.39.96.15464.39.101.78HTTP, HTTPSOutgoing
kube.qg3.apps.qualys.com64.39.96.15664.39.101.79HTTP, HTTPSOutgoing
nac-le-service.qg3.apps.qualys.com64.39.96.17264.39.101.80HTTP, HTTPSOutgoing
camspm.qg3.apps.qualys.com64.39.96.17364.39.101.81HTTP, HTTPSOutgoing
camsrepo.qg3.apps.qualys.com64.39.96.17464.39.101.82HTTP, HTTPSOutgoing
camspublic.qg3.apps.qualys.com64.39.96.17564.39.101.83HTTP, HTTPSOutgoing
semca.qg3.apps.qualys.com64.39.96.17664.39.101.84HTTP, HTTPSOutgoing
qepp-update.qg3.apps.qualys.com64.39.96.18664.39.101.85HTTP, HTTPSOutgoing
wasoob-dns.us3.qualysperiscope.com64.39.96.15564.39.101.86DNSOutgoing
qagpublic.qg3.apps.qualys.com64.39.104.11364.39.105.32HTTP, HTTPSOutgoing
cmsqagpublic.qg3.apps.qualys.com64.39.104.11464.39.105.33HTTP, HTTPSOutgoing
qpatchpublic.qg3.apps.qualys.com64.39.104.11564.39.105.34HTTP, HTTPSOutgoing
qgadmin.qg3.apps.qualys.com2602:fdaa:2:801::ac10:41122602:fdaa:c3:1::ac1a:0242HTTP, HTTPSOutgoing
scanservice1.qg3.apps.qualys.com 2602:fdaa:2:801::ac10:41152602:fdaa:c3:1::ac1a:0247HTTP, HTTPSOutgoing
download.qg3.apps.qualys.com2602:fdaa:2:801::ac10:41162602:fdaa:c3:1::ac1a:0249HTTP, HTTPSOutgoing
distribution.qg3.apps.qualys.com 2602:fdaa:2:801::ac10:41132602:fdaa:c3:1::ac1a:0245HTTP, HTTPSOutgoing
monitoring.qg3.apps.qualys.com2602:fdaa:2:801::ac10:41142602:fdaa:c3:1::ac1a:0246HTTP, HTTPSOutgoing
qualysapi.qg3.apps.qualys.com2602:fdaa:2:801::ac10:41102602:fdaa:c3:1::ac1a:0241HTTP, HTTPSOutgoing
qagpublic.qg3.apps.qualys.com2602:fdaa:0:4801::ac10:41192602:fdaa:c4::ac1a:0220HTTP, HTTPSOutgoing
Scanner IPv6 block2600:c02:1020::/48 2603:c0f2:5001:4500::/56 2602:fdaa::/482602:fdaa:c5::/48ANYIncoming & Outgoing
Scanner IPv4 block64.39.96.0/20 139.87.112.0/2364.39.103.0/24ANYIncoming & Outgoing  

Customers are recommended to allowlist Qualys’ own IP supernet 64.39.96.0/20 & 2602:FDAA::/36, instead of individual IP, which will prevent them from allowing individual IP.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *