Bypass vulnerability management scan traffic in Deep Security
If you are using a vulnerability management provider such as Qualys or Nessus (for PCI compliance, for example), you need to set up Deep Security to bypass or allow this provider’s scan traffic through untouched.
- Create a new IP list from the vulnerability scan provider IP range/addresses
- Create firewall rules for incoming and outbound scan traffic
- Assign the new firewall rules to a policy to bypass vulnerability scans
After these firewall rules have been assigned to the new policy, the Deep Security Manager will ignore ANY traffic from the IPs you have added in your IP List.
Deep Security will not scan the vulnerability management provider traffic for stateful issues or vulnerabilities – it will be allowed through untouched.
Have handy the IP addresses that the vulnerability scan provider has given you.
- In the Deep Security Manager, go to Policies.
- In the left pane, expand Lists > IP Lists.
- Click New > New IP List.
- Type a Name for the new IP List, for example "Qualys IP list".
- Paste the IP addresses that the vulnerability management provider has given you into the IP(s) box, one per line.
- Click OK.
After you’ve created the IP list, you need to create two firewall rules: one for incoming and one for outgoing traffic.
Name them as suggested, below:
<name of provider> Vulnerability Traffic – Incoming
<name of provider> Vulnerability Traffic – Outgoing
- In the main menu, click Policies.
- In the left pane, expand Rules.
- Click Firewall Rules > New > New Firewall Rule.
- Create the first rule to bypass Inbound AND Outbound for TCP and UDP connections incoming and outgoing to/from vulnerability management provider.
Tip: For settings not specified, you can leave them as the default.
Name: (suggested) <name of provider> Vulnerability Traffic – Incoming
Packet Source: IP List and then select the new IP list created above.
- Create a second rule:
Name: <name of provider> Vulnerability Traffic – Outgoing
Packet Destination: IP List and then select the new IP list created above.
Identify which policies are already used by computers that will be scanned by the vulnerability management provider.
Edit the policies individually to assign the rules in the firewall module.
- Click Policies on the main menu.
- Click Policies in the left pane.
- In the right pane, for each policy, double-click to open the policy details.
- In the pop-up, in the left pane, click Firewall.
- Under Assigned Firewall Rules, click Assign/Unassign.
- Ensure your view at the top-left shows All firewall rules in the .
- Use the search window to find the rules you created and select them.
- Click OK.