Notice of New Scanner IPs for Qualys Web Application Scanning – Action Required by December 31, 2023
Last updated on: January 10, 2024
Qualys has launched a next-generation scanning engine marking a pivotal enhancement in Qualys Web Application Scanning (WAS) and harnessing the prowess of the latest, most advanced browser engines for web application security. The new scanning engine is designed to offer flexibility and dynamic scaling capabilities, effectively minimizing errors in application crawling, authentication, and scanning processes.
But it’s not just about advanced technology; it’s also about seamless integration and improved efficiency as the new engine continues to utilize the well-established published QIDs, ensuring consistency and familiarity for our users. Moreover, it significantly boosts the detection accuracy on websites developed with the latest technologies, providing an extra layer of security in an ever-changing digital environment.
Action Required
To ensure a smooth and uninterrupted WAS experience, the next-gen scanners are hosted in different network pools and operate with a new set of IP addresses mentioned in this blog below.
We encourage you to update your system configurations and whitelist the new IP addresses, corresponding to your specific PODs, detailed in this blog. This step is vital to ensure that your web applications continue to benefit from Qualys’ robust scanning without any disruptions.
Note: The deadline for this update is December 31, 2023.
What Steps Do Customers Need To Take?
Customers are required to add the following external IP addresses to their network devices (firewalls, WAFs, etc) allowlists by December 31, 2023. Customers only need to add both the Primary IP and Secondary IP addresses based on their Qualys platform. Customers with multiple subscriptions across multiple platforms will need to add all applicable IPs.
| Platform | Primary IP | Secondary IP (Backup) |
| AE Platform 1 | 139.185.38.235 | 193.123.77.71 |
| AU Platform 1 | 192.9.177.231 | 168.138.103.122 |
| CA Platform | 129.153.61.18 | 129.153.63.29 |
| EU Platform 1 | 144.24.249.196 | 132.226.222.205 |
| EU Platform 2 | 141.144.196.156 | 158.101.209.126 |
| IN Platform 1 | 168.138.113.116 | 150.230.234.34 |
| KSA Platform 1 | 193.122.80.20 | 193.122.80.229 |
| UK Platform 1 | 151.104.32.104 | 151.104.34.175 |
| US Platform 1 | 139.87.116.247 | 139.87.107.37 |
| US Platform 2 | 139.87.117.141 | 139.87.105.179 |
| US Platform 3 | 139.87.104.123 | 139.87.117.66 |
| US Platform 4 | 139.87.117.45 | 139.87.105.233 |
Will There Be Any Impact To Customers That Do Not Add The New IPs To Allowlists?
Customers that do not add the new IPs to their Allowlists may have their WAS scans blocked by firewalls, WAFs, and other network devices. A blocked scan may result in false negative results or end in scanning errors. To prevent false negatives or scan errors, it is important for all customers to include the new IPs in their allowlists.
Do Customers Need To Remove Current IP Ranges When Updating To The New IPs?
At this time, it is recommended that customers keep their prior IP allowlists in place in addition to the platform-based IPs in the table above.
If you have any questions or concerns, kindly contact your TAM or Qualys Support.
When exactly will the additional IP addresses be used? Thanks!
Hello Christoph – they will start to phase in as early as in the next 30 days.
They are already in use for many platforms.
Hi, I wonder whether we should only allow “139.87.117.45” or “139.87.117.0/24” in our firewalls for the scanner?
Hello Bob – just the single IP.
Just the single IP. Please note there is also a secondary backup IP as well.
will the portal (Login > Help > About) be updated to reflect the new IP needed to be whitelisted so we have one place to refer to?
It will be when the old IPs are discontinued.
Hi John,
May I ask if these IP addresses have been released and are currently in use