cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
891
Views
0
Helpful
11
Replies

ISE 2.4 Integration with Qualys - VA Scan Not Running

john.kiac
Beginner
Beginner

Hi,

 

I'm trying to perform a VA scan with Qualys and ISE when a workstation executes a 802.1x authentication.

 

I can see that the authorization profile for the VA Scan was called and I've integrated Qualys via the Threat Centric NAC portion of the ISE Web GUI.

 

I've checked the Qualys dashboard and no scan was initiated.

Any insights provided are deeply appreciated.

11 Replies 11

Dan Lukes
Advocate
Advocate

Off-topic in feedback forum, moved.

 

See related: Cisco ISE integration with Qualys - CONSULTANT

thomas
Cisco Employee
Cisco Employee

RadiusLog.JPGRadiusLog-AuthProfile.JPG

 

Yes I've followed every step in the document. As you can see from the result of the Authorization Profile, it has downloaded the Qualys Scan Auth Profile.

John,

 

The Qualys documents are missing a very key setup piece.  In the Qualys setup after you define everything and assign it to a PSN.  There is a field marked Option Profile.  That Option profile needs to exactly match the profile name defined in the Qualys cloud that should be used for the scan.   Your Qualys admins will know what that means.  I think it default to Default.  If you debug things you will see the scan being submitted but you don't have the right Option profile and the Qualys cloud never executes.

 

I have told this to the BU in the past to update the documentation.  

Paul,

 

On the Qualys setup in ISE, I've indicated the same Option Profile name on the configuration which is the same as the one in the Qualys Option Profiles tab.

 

I've waited for few hours now and the scan still does not start.