External IP Scan Fails

This article explains how to diagnose and resolve issues where an External IP scan fails or is blocked by network or firewall controls.

Symptoms

• External IP scan fails to start

• External IP scan does not complete

• Scan returns no results

• External scan appears blocked

Common Causes

• Firewall or network security controls blocking inbound scan traffic

• Required Cyrisma external scanning source IP addresses are not allowlisted

Diagnostic Steps

Follow the steps below in order. Do not skip steps.

1. Check Firewall or Perimeter Security Controls

External IP scans originate from Cyrisma-managed external infrastructure. If inbound traffic from these sources is blocked, the scan will fail.

What to check

• Perimeter firewall rules

• Network security devices controlling inbound traffic

If blocking is detected, proceed to IP allowlisting.

2. Verify Required Source IP Addresses Are Allowlisted

External scans may originate from any of the following IP addresses, which should be allowlisted where inbound filtering is enforced:

3.16.88.2
3.130.94.37
3.132.30.96
3.149.173.97
3.150.35.86
3.150.79.210
18.223.219.71
18.224.112.97

If inbound traffic from these IP addresses is blocked, scan results may be incomplete or missing expected findings.

Resolution

Most External IP scan failures are resolved by:

• Allowlisting the required Cyrisma external scanning source IP addresses

• Adjusting firewall rules to permit inbound scanning traffic

Once changes are applied, rerun the scan and verify successful completion.

When to Contact Support

Contact Cyrisma Support if:

• The scan continues to fail after IP allowlisting is confirmed

• External scan traffic is still blocked

Provide:

• Confirmation that required source IP addresses are allowlisted

• Any error messages returned by the scan

Related Articles

• Web Application Scan Fails

• Scan Fails Due to Target or Resource Constraints

• Data Scan Stuck or Does Not Complete