This was a decision that was made to improve the turnaround time of scans for all of our MSP partners based on the typical size of the companies that are serviced by them.
We originally had a larger IP limit and found that people were indiscriminately running large ranges where no IP's were even in use - and in many cases not even belonging to the company for which the scans/assessments were intended.
Of course there are certainly legitimate cases where larger scans are needed. For those cases, the scans will need to be broken into multiple scans and reports.
Please do not schedule scans against IP ranges that do not belong to your customer. Also, please avoid scanning IP addresses that are not active. Scanning an inactive IP address actually takes significantly longer than scanning one that is in use.
Why are we limited to 50 IP addresses when scheduling an External Vulnerability scan?
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- Scan Range for External Vulnerability Scan
- External Vulnerability Scan Preparation and Explanation
- Data Breach Liability - What does the PII scan look for?
- What is the purpose of the Outbound Vulnerability Report?
- How often are external vulnerability scan definitions updated?
- Does the website section of the security report mean someone is visiting those sites?
- Why are we limited to 50 IP addresses when scheduling an External Vulnerability scan?
- What are CPE, HOST-T and IT-Grundshultz ports on the Vulnerability Scan Detail report?
- The Outbound Security Reports says that certain protocols are not filtered. Does that mean someone is connecting to that?
- Outbound Security Report - User Controls explained
- See more