Best Practices

Avoid scanning through a firewall from the inside out

Problems can arise when scan traffic is routed through the firewall from the inside out, i.e. when the scanner Appliance is sitting in the protected network area and scans a target which is located on the other side of the firewall. We recommend placing scanner Appliances in your network topology in a way that scanning and mapping through a firewall from the inside out is avoided if possible.

Consult your network group for scanner placement

It's highly recommended that you work with your network group to determine where to place Scanner Appliances in an enterprise network environment. Some things to consider: place Scanner Appliances as close to target machines as possible, and make sure to monitor and identify any bandwidth restricted segments or weak points in the network infrastructure. Scanning through layer 3 devices (such as routers, firewalls and load balancers) could result in degraded performance so you may consider using our VLAN tagging feature (VLAN trunking) to circumvent layer 3 devices to avoid potential performance issues.