Adding an Nmap Scan Instance

You can set up a separate scan instance for each Nmap module that you want to use to scan your network for vulnerabilities. You can set up scan instances for the local Nmap module on the Secure Firewall Management Center and for any devices you want to use to run scans remotely. The results of each scan are always stored on the management center where you configure the scan, even if you run the scan from a remote device. To prevent accidental or malicious scanning of mission-critical hosts, you can create a blacklist for the instance to indicate the hosts that should never be scanned with the instance.

You cannot add a scan instance with the same name as any existing scan instance.

Procedure

Step 1

Access the list of Nmap scan instances using either of the following methods:

  • Choose Policies > Actions > Instances.
  • Choose Policies > Actions > Scanners.

Step 2

Add the remediation:

  • If you accessed the list via the first method above, locate the Add a New Instance section, choose the Nmap Remediation module from the drop-down list, and click Add.
  • If you accessed the list via the second method above, click Add Nmap Instance.

Step 3

Enter an Instance Name.

Step 4

Enter a Description.

Step 5

Optionally, in the Exempted hosts field, specify any hosts or networks that should never be scanned with this scan instance, using the following syntax:

  • For IPv6 hosts, an exact IP address (for example, 2001:DB8::fedd:eeff)

  • For IPv4 hosts, an exact IP address (for example, 192.168.1.101) or an IP address block using CIDR notation (for example, 192.168.1.0/24 scans the 254 hosts between 192.168.1.1 and 192.168.1.254, inclusive)

  • Note that you cannot use an exclamation mark (!) to negate an address value.

Note

If you specifically target a scan to a host that is in a blacklisted network, that scan will not run.

Step 6

Optionally, to run the scan from a remote device instead of the management center, specify the IP address or name of the device as it appears in the Information page for the device in the management center web interface, in the Remote Device Name field.

Step 7

Click Create.

When the system is done creating the instance, it displays it in edit mode.

Step 8

Optionally, add an Nmap remediation to the instance. To do so, locate the Configured Remediations section of the instance, click Add, and create a remediation as described in Creating an Nmap Remediation.

Step 9

Click Cancel to return to the list of instances.

Note

If you accessed the list of Nmap scan instances via the Scanners option, the system does not display the instance you added unless you also added a remediation to the instance. To view any instances to which you have not yet added remedations, use the Instances menu option to access the list.