Notice of New Scanner IPs for Qualys Web Application Scanning
Last updated on: August 4, 2023
This notice is to inform Qualys Web Application Scanning (WAS) customers that there are new IPs from which WAS scans can originate when scanning external facing applications and APIs.
What Steps Do Customers Need To Take?
Customers are required to add the following external IP addresses to their network devices (firewalls, WAFs, etc) allowlists. Customers only need to add both the Primary IP and Secondary IP addresses based on their Qualys platform. Customers with multiple subscriptions across multiple platforms will need to add all applicable IPs.
| Platform | Primary IP | Secondary IP (Backup) |
| AE Platform 1 | 139.185.38.235 | 193.123.77.71 |
| AU Platform 1 | 192.9.177.231 | 168.138.103.122 |
| CA Platform | 129.153.61.18 | 129.153.63.29 |
| EU Platform 1 | 144.24.249.196 | 132.226.222.205 |
| EU Platform 2 | 141.144.196.156 | 158.101.209.126 |
| IN Platform 1 | 168.138.113.116 | 150.230.234.34 |
| KSA Platform 1 | 193.122.80.20 | 193.122.80.229 |
| UK Platform 1 | 151.104.32.104 | 151.104.34.175 |
| US Platform 1 | 139.87.116.247 | 139.87.107.37 |
| US Platform 2 | 139.87.117.141 | 139.87.105.179 |
| US Platform 3 | 139.87.104.123 | 139.87.117.66 |
| US Platform 4 | 139.87.117.45 | 139.87.105.233 |
Additionally, when reviewing scan results, scans will have an origination IP of 128.0.0.0.
Will There Be Any Impact To Customers That Do Not Add The New IPs To Allowlists?
Customers that do not add the new IPs to their Allowlists may have their WAS scans blocked by firewalls, WAFs, and other network devices. A blocked scan may result in false negative results or end in scanning errors. To prevent false negatives or scan errors, it is important for all customers to include the new IPs in their allowlists.
Do Customers Need To Remove Current IP Ranges When Updating To The New IPs?
At this time, it is recommended for customers to keep their prior IP allowlists in place in addition to the platform based IPs in the table above.
If you have any questions or concerns, kindly contact your TAM or Qualys Support.
When exactly will the additional IP addresses be used? Thanks!
Hello Christoph – they will start to phase in as early as in the next 30 days.
They are already in use for many platforms.
Hi, I wonder whether we should only allow “139.87.117.45” or “139.87.117.0/24” in our firewalls for the scanner?
Hello Bob – just the single IP.
Just the single IP. Please note there is also a secondary backup IP as well.
will the portal (Login > Help > About) be updated to reflect the new IP needed to be whitelisted so we have one place to refer to?
It will be when the old IPs are discontinued.