It is your responsibility to confirm that the PCI network scan of your entire in-scope infrastructure can be performed without interference from intrusion detection systems (IDSs) and intrusion prevention systems (IPSs). This is per the PCI Council's Program Guide.
Only IPs that are accessible from the Internet are scanned by the service. The service automatically provides multiple scanners for external (perimeter) scanning, located at the Security Operations Center (SOC) that is hosting the PCI compliance service. Depending on your network, it may be necessary to add the scanner IPs to your list of trusted IPs, so the service can send probes to your in-scope system components.
64.39.96.0/20 (64.39.96.1-64.39.111.254)
139.87.112.0/23 (139.87.112.1-139.87.113.254)