Qualys Patch Management Embraces CDN for Binary Distribution
We are pleased to announce an update regarding the delivery of new capabilities in Qualys Patch Management with the forthcoming release. Starting with Patch Management 3.10, scheduled for release in approximately November 2025, the new CDN capability enables customers to upload vendor-acquired patches directly to the Qualys CDN for seamless distribution to their endpoints.
This update eliminates the need to host patch files on a customer-managed CDN. Additionally, the Qualys CDN can be leveraged when using the “Install” pre-action option. For cases where customers create their own custom patches, the corresponding binaries can also be securely hosted on the Qualys CDN, rather than within their own environment.
Action Required
To ensure a smooth transition and optimal performance of these two capabilities, we request all our customers to take the following action:
Allow Cloud Agents to Access Qualys CDN URLs: Please ensure that your network configurations allow access to the following CDN URL, based on the platform you use:
Americas:
- US1: https://caskcf.qg1.apps.qualys.com
- US2: https://caskcf.qg2.apps.qualys.com
- US3: https://caskcf.qg3.apps.qualys.com
- US4: https://caskcf.qg4.apps.qualys.com
- CA1: https://caskcf.qg1.apps.qualys.ca
- IAD2: https://caskcf.gov1.qualys.us/
EMEA: - EU1: https://caskcf.qg1.apps.qualys.eu
- EU2: https://caskcf.qg2.apps.qualys.eu
- EU3: https://caskcf.qg3.apps.qualys.it
- UK1: https://caskcf.qg1.apps.qualys.co.uk
- AE1: https://caskcf.qg1.apps.qualys.ae
- KSA: https://caskcf.qg1.apps.qualysksa.com
APAC: - IN1: https://caskcf.qg1.apps.qualys.in
- AU1: https://caskcf.qg1.apps.qualys.com.au
For a comprehensive list of the Cloud Agent URLs and to identify your platform, please refer to Qualys Platform Identification.
How to Check If Your Asset Has Access to the Qualys CDN?
Customers can reach `/status` by running the following command returning an HTTP 200:
Windows PowerShell
iwr https://caskcf.qg1.apps.qualys.com/status
Linux Terminal
curl -v https://caskcf.qg3.apps.qualys.com/status
What Happens to Previous Agent Versions?
Old Agent versions will not support patch download functionality through CDN.
Benefits of CDN Integration:
- No need to manage internal repositories: Customers don’t have to add servers, bandwidth, or storage capacity as endpoint count grows.
- Reduced WAN bandwidth costs: Especially for globally distributed organizations, the edge delivery avoids repeated long-haul traffic to central repositories.
- Improved Reliability and Removal of single point of failure: Internal patch servers can go down; CDNs are designed for high uptime.
- Scalability: The scalable nature of CDN infrastructure allows us to efficiently handle surges in demand, ensuring that our services remain accessible and responsive even during periods of high traffic.
We are confident that this enhancement will further elevate the performance and reliability of our services, providing you with superior experience for managing your security posture.
Frequently Asked Questions
- Why are you switching to CDN?
This is mainly to give customers a seamless and secured download experience. - Why whitelisting is necessary?
Without whitelisting the download will not happen and patching operation will fail. - How does this impact existing agents activated for the patch?
The existing agents will not be able to support the upload as well as download of any of the patch files which to and from the CDN. - What happens if CDN is not allowed? What is the behavior?
There is a fallback mechanism for downloading the Patch Support files using the current mechanism; however, customers will not be able to utilize the software upload and download capability (released as part of the Patch Management 3.10.0.0 release) to and from the Qualys Cloud using CDN in an effective manner.
If you have any questions or require further assistance, please contact our dedicated support team.