Whitelist Qualys Scanner - F5 Big-IP VE

Question

I have searched around F5 DevCentral and forums, but can't find an answer, so apologies if I'm asking a question that has already been asked.
We are being scanned for PCI compliance by Qualys, and we are getting a fail for 86732 - Exhaustive Web Testing Skipped.  Qualys have reduced the bandwidth setting, but still getting the fail.
We have a Big-IP VE, running APM.  I've had a look through and cannot see an obvious way for me to whitelist the source address on the existing VIP facing the Internet.  I have seen articles about ASM, but we do not have ASM.
Can anyone point me in the right direction?  Any help appreciated.&nbsp;

boneyard · Answer

this is perhaps clear to you but what does this actually mean: "86732 - Exhaustive Web Testing Skipped"?&nbsp;
do you want the Qualys scanner to bypass the APM authentication? does it even authenticate now?&nbsp;
you could setup another VIP without APM profile and put a source for the Qualys scanner IP, would that be enough?&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Whitelist Qualys Scanner - F5 Big-IP VE

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

BotPoke Scanner Switches IP

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

Nessus 6 XSLT Conversion for ASM Generic Scanner Import

Global Blacklist or Whitelist

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS