05-25-2017 12:19 AM - edited 02-21-2020 06:05 AM
Hello all,
I have downloaded the Cisco WSA virtual image coeus-9-1-2-022-S000V.qcow2 and have installed the 45-day demo license.
I would like to ask about something that I noticed because I can't make the WSA work:
I have a PC with IP 10.0.1.10/24 and the management port IP of WSA is 10.0.1.1/24
I see "Temporary Redirect" message when the PC is trying to access an HTTP page (for example: www.cisco.com)
When I try from the browser to access an HTTPs page I see "Unsupported method ('CONNECT')":
I have setup the proxy like this on PC's browser:
On the WSA I have the following feature Keys:
The Web Proxy settings:
The HTTPs proxy settings:
The interface configuration: (The P1 is connected to the internet)
And the output of the version command:
ironport2.example.com> version
Current Version
===============
Product: Cisco S000V Web Security Virtual Appliance
Model: S000V
Version: 10.1.1-234
Build Date: 2017-05-03
Install Date: 2017-05-25 06:49:56
Serial #: 919414406E95490495F1-7331443186F2
BIOS: Bochs
CPUs: 1 expected, 2 allocated
Memory: 4096 MB expected, 4096 MB allocated
RAID: NA
RAID Status: Unknown
RAID Type: NA
BMC: NA
Cisco DVS Engine: 1.0 (Never Updated)
Cisco DVS Malware User Agent Rules: 0.554 (Never Updated)
Cisco DVS Object Type Rules: 0.554 (Never Updated)
Cisco Trusted Root Certificate Bundle: 1.4 (Thu May 25 06:53:46 2017)
Cisco Certificate Blacklist: 1.3 (Thu May 25 06:53:46 2017)
L4 Traffic Monitor Anti-Malware Rules: 1495689641 (Thu May 25 06:53:47 2017)
Advanced Malware Protection - Cloud Configuration and Settings: 1.0 (Never
Updated)
Advanced Malware Protection - Engine Definition: 1.0 (Never Updated)
Cisco Internal Certificates - Advanced Malware Protection: 1.0.0-101 (Thu May
25 06:53:46 2017)
Is this some limitation of Cisco Virtual WSA? Or some limitation of the demo license? Because I cannot make it work at all like this.
Thank you very much in advance,
Apostolos
Solved! Go to Solution.
05-25-2017 09:06 PM
Have you told the WSA to act as a proxy on port 8080? I think it defaults to using port 3128.
05-25-2017 09:06 PM
Have you told the WSA to act as a proxy on port 8080? I think it defaults to using port 3128.
05-28-2017 01:12 AM
Hello Philip,
Thank you very much for your reply. Well, it defaults to using ports 80 and 3128.
I changed the browser proxy settings to port 80 and it worked like a charm!
Thank you!
06-18-2017 08:49 AM
Hi,
I'm also planning to get 45 days license for virtual WSA, ESA, and NGFW, but want to understand better how it works.
Is it simply explires after 45 days after activation or after 45 days of total appliance uptime?
When the license expires, it can be extended or reapplied after appliance redeploy? Or I should request a new one? If so, what is limit of demo licenses that can be requested from cisco partner account?
Thanks in advance for any responce or link to explanation
06-18-2017 10:48 PM
The licenses expire 45 days after activation.
Cisco doesn't set a hard limit on the number of partner lab or demo licenses you may acquire. (I would imagine they might push back if you are requesting a large number of them without selling the product.)
05-25-2017 10:17 PM
You must have a root certificate or subordinate CA certificate issued to the WSA itself - i.e. one that can decrypt and resign - for the WSA to inspect https traffic.
See this technote:
http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117792-technote-wsa-00.html
05-28-2017 04:37 AM
Hello Marvin, thanks for the reply.
I created a certificate and a key and then uploaded them to the WSA
Then, I downloaded the cert.pem file, changed it to .cer file and imported that into the Firefox trusted certificates
I had to change the browser proxy settings for SSL to <WSA IP>:80 and it worked.
Any idea why it doesn't work with <WSA IP>:443?
Thank you very much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide