Scanning Assets Across Different Network Segments in Saner CVEM

Modified on Mon, 13 Jul at 3:11 AM

Overview

Saner CVEM supports scanning assets located across different network segments — including those outside your internal network — as long as the designated Network Scanner can communicate with the target systems.

This article explains the configuration requirements and best practices for performing such scans effectively.


1. Scenario Description

In this setup, the Network Scanner is hosted at one site, and you intend to scan assets located in a different network segment, possibly accessible through a public IP.

Yes, this configuration is supported in Saner CVEM, provided the necessary connectivity and permissions are in place.


2. Connectivity Requirements

To successfully perform scans across different network segments, ensure the following:

  • Direct Communication:
    The Network Scanner must be able to establish direct network communication with all target devices.

  • Firewall and NAT Configuration:
    If there are firewalls, NAT gateways, or routers between the scanner and the external network, they must allow outbound and inbound traffic between the scanner and target assets on the required ports and protocols.

  • IP Mapping:
    Maintain accurate IP mapping for all target systems to improve detection accuracy and reporting consistency.
    Avoid performing scans across broad IP ranges, as this can increase scan time and reduce precision.


3. Best Practices

  • Verify connectivity between the scanner and target systems using basic network tools (e.g., ping or telnet) before initiating the scan.

  • Use dedicated scanners for external or remote segments to optimize performance and minimize network latency.

  • Ensure compliance with your organization’s network security policies before enabling external scans.


Summary

Saner CVEM provides flexibility to scan both internal and external assets across different network segments.

By ensuring proper network connectivity, firewall configurations, and IP mapping, you can achieve accurate and efficient vulnerability detection across distributed environments.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article