There's just a few steps to get started with scanning your IPv6 hosts.
A few things you need... |
IPv6 Scanning feature must be enabledIPv6 Scanning feature must be enabled The IPv6 Scanning feature must be enabled for your account. Please contact Support or your Technical Account Manager if you would like have this feature turned on. Not sure if IPv6 Scanning is enabled? Go to your scanner appliances list (Scans > Appliances) and see if the LAN IPv6 column shows up. If yes, then IPv6 Scanning is turned on and you're ready to get started. |
Configure a scanner applianceConfigure a scanner appliance You'll need to configure a scanner appliance in your account (go to Scans > Appliances). You can add a physical appliance or a virtual appliance. Please be sure your scanner appliance has recently connected to the Qualys Cloud Platform and has obtained the latest software updates. |
Enable IPv6 Scanning on your scanner applianceEnable IPv6 Scanning on your scanner appliance The configuration steps depend on whether you're using a physical or virtual appliance. Once configured all scanning traffic is routed through the LAN interface - LAN IPv4 for scanning IPv4 hosts and LAN IPv6 for scanning IPv6 hosts. IP assignment is done through router advertisement. If you have a virtual appliance you have the option to configure a static IP instead. What are the steps for a physical appliance?What are the steps for a physical appliance? Using the LCD panel select SETUP NETWORK, press the Down arrow and select ENABLE IPv6 ON LAN, then press Enter. When you see REALLY ENABLE IPv6 ON LAN? press Enter. What are the steps for a virtual appliance?What are the steps for a virtual appliance? Go to Scans > Appliances and edit the scanner appliance. Go to the LAN Settings section and select IPv6 Scanning. |
Add special IPv4 addressesAdd special IPv4 addresses Go to Assets > Host Assets and select New > IP Tracked Hosts (or DNS Tracked Hosts). You can't add IPv6 addresses to your account directly. What you'll do is add IPv4 addresses that fall within a special range (0.0.0.1-0.254.255.255). (Then you'll create mappings between these IPv4 hosts and your IPv6 hosts.) Why can't I use NetBIOS tracking?Why can't I use NetBIOS tracking? This is not supported because NetBIOS over TCP/IP (NetBT) is not defined for IPv6. Read this Microsoft document to learn more: http://technet.microsoft.com/en-us/library/bb727013.aspx |
Create mappingsCreate mappings A mapping associates one IPv6 address to one of the special IPv4 addresses you've added to your account. At scan time you'll enter IPv4 addresses and we'll map them to IPv6 addresses. To create mappings go to Assets > Host Assets and select Filters > IPv6 to IPv4 Mappings. Tell me about IPv6 address typesTell me about IPv6 address types We support these IPv6 address types: Global Unicast (prefix 2000::/3), Unique Local Unicast (prefix fc00::/7 and fd00::/8) and Link Local Unicast (prefix fe80::/10). Maximum supported range for IPv6 Pre-fix is /64. How do I add a single mapping?How do I add a single mapping? Go to File > Add Mapping and enter an IPv6 address. We'll assign an IPv4 address automatically. Select Custom if you want to overwrite the IPv4 address with different one that's in your account (and hasn't already been mapped). How do I import mappings?How do I import mappings? Go to File > Import and select a CSV file containing mappings. Each row must include a single IPv6 address, and may include the IPv4 address (we'll assign one if not provided). Use a comma to separate the addresses. |
I'm ready to start my scan. What are the steps? |
Go to Scans > New > Scan (or Schedule Scan), and tell us: 1) which IPs to scan - select the IPv4 addresses that you've created mappings for (plus any other IPv4 addresses if you wish), 2) which scan settings (option profile) to use, and 3) which scanner appliance - the appliance must have IPv6 Scanning enabled |
I started my scan. What's next? |
Check out your scan resultsCheck out your scan results How do I know when the scan is done? You'll know when the scan status shows "Finished". At this time you can select View from the Quick Actions menu to see the full results in an HTML report. Both. The Report Summary will show the mapped IPv4 address. The Detailed Results for a vulnerability scan will show the IPv6 address that was scanned. When can I run reports?When can I run reports? We'll merge (process) your scan results into your account. Watch for the solid green circle to know the results are processed. Then you're ready to create reports based on the most recent scan findings. Where else will I see IPv6 addresses?Where else will I see IPv6 addresses? We'll display the IPv6 address in place of the mapped IPv4 address whenever possible. IPv6 addresses appear in the host assets list (after the mapped IP), in the remediation tickets list and in all scan reports. |
Verify that authentication workedVerify that authentication worked Information about whether hosts passed or failed authentication appears in your scan results - look at the Report Summary and the Appendix. Make sure you resolve any authentication failures before the next scan. Learn more |
Still have questions? |
Can I create asset groups for my IPv6 addresses?Can I create asset groups for my IPv6 addresses? Yes. Go to Assets > Host Assets and select Filters > IPv6 to IPv4 Mappings. Mark the check box next to each host you want to add to the asset group and select "Add to a new Asset Group" from the Actions menu. You can also create asset groups from an Asset Search Report. |
What about changing the mappings?What about changing the mappings? You can change your IPv4 to IPv6 mappings at any time. If you change an IPv6 address, you can choose to keep any existing scan data or remove it entirely (purge it). If you change an IPv4 address, all host data collected from previous scans is removed (purged). Tip - Removing host data makes it no longer available for reporting. |
Tell me about IANA reserved IPsTell me about IANA reserved IPs IP addresses in the 000/8 range (0.0.0.0-0.255.255.255) are IANA reserved and cannot be scanned. |