Preparing for the vulnerability scan
For best results, before running a vulnerability scan, you should prepare the network and target hosts for the vulnerability scan.
Live web sites
Fortinet strongly recommends that you do
not scan for vulnerabilities on live web sites. Instead, duplicate the web site and its database in a test environment such as a staging server and perform the scan in that environment. For more information, see
“Scan Mode”.
Network accessibility
You may need to configure each target host and any intermediary NAT or firewalls to allow the vulnerability scan to reach the target hosts.
Traffic load & scheduling
You should talk to the owners of target hosts to determine an appropriate time to run the vulnerability scan. You can even schedule in advance the time that the FortiWeb will begin the scan.
For example, you might schedule to avoid peak traffic hours, to restrict unrelated network access, and to ensure that the target hosts will not be powered off during the vulnerability scan.
To determine the current traffic load, see
“Real Time Monitor widget”. For scheduling information, see
“Scheduling web vulnerability scans”.
| Rapid access can result in degraded network performance during the scan. If you do not rate limit the vulnerability scan, some web servers could perceive its rapid rate of requests as a denial of service (DoS) attack. You may need to configure the web server to omit rate limiting for connections originating from the IP address of the FortiWeb appliance. Alternatively, you can configure the vulnerability scan to send requests more slowly. See “Delay Between Each Request”. |
See also