Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4122
Views
10
Helpful
6
Replies

Cisco WSA Virtual 45-day demo license limitations?

Go to solution
ak085b
Level 1
Level 1

‎05-25-2017 12:19 AM - edited ‎02-21-2020 06:05 AM

Hello all,

I have downloaded the Cisco WSA virtual image coeus-9-1-2-022-S000V.qcow2 and have installed the 45-day demo license.

I would like to ask about something that I noticed because I can't make the WSA work:

I have a PC with IP 10.0.1.10/24 and the management port IP of WSA is 10.0.1.1/24

I see "Temporary Redirect" message when the PC is trying to access an HTTP page (for example: www.cisco.com)

When I try from the browser to access an HTTPs page I see "Unsupported method ('CONNECT')":

I have setup the proxy like this on PC's browser:

On the WSA I have the following feature Keys:

The Web Proxy settings:

The HTTPs proxy settings:

The interface configuration: (The P1 is connected to the internet)

And the output of the version command:

ironport2.example.com> version

Current Version
===============
Product: Cisco S000V Web Security Virtual Appliance
Model: S000V
Version: 10.1.1-234
Build Date: 2017-05-03
Install Date: 2017-05-25 06:49:56
Serial #: 919414406E95490495F1-7331443186F2
BIOS: Bochs
CPUs: 1 expected, 2 allocated
Memory: 4096 MB expected, 4096 MB allocated
RAID: NA
RAID Status: Unknown
RAID Type: NA
BMC: NA
Cisco DVS Engine: 1.0 (Never Updated)
Cisco DVS Malware User Agent Rules: 0.554 (Never Updated)
Cisco DVS Object Type Rules: 0.554 (Never Updated)
Cisco Trusted Root Certificate Bundle: 1.4 (Thu May 25 06:53:46 2017)
Cisco Certificate Blacklist: 1.3 (Thu May 25 06:53:46 2017)
L4 Traffic Monitor Anti-Malware Rules: 1495689641 (Thu May 25 06:53:47 2017)
Advanced Malware Protection - Cloud Configuration and Settings: 1.0 (Never
Updated)
Advanced Malware Protection - Engine Definition: 1.0 (Never Updated)
Cisco Internal Certificates - Advanced Malware Protection: 1.0.0-101 (Thu May
25 06:53:46 2017)

Is this some limitation of Cisco Virtual WSA? Or some limitation of the demo license? Because I cannot make it work at all like this.

Thank you very much in advance,

Apostolos

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions
6 Replies 6

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎05-25-2017 09:06 PM

Have you told the WSA to act as a proxy on port 8080?  I think it defaults to using port 3128.

https://supportforums.cisco.com/document/12162701/wsa-training-series-how-configure-web-proxy-cisco-web-security-appliance

Go to solution
ak085b
Level 1
Level 1
In response to Philip D'Ath

‎05-28-2017 01:12 AM

Hello Philip,

Thank you very much for your reply. Well, it defaults to using ports 80 and 3128.

I changed the browser proxy settings to port 80 and it worked like a charm!

Thank you!

0 Helpful

Go to solution
Not applicable
In response to ak085b

‎06-18-2017 08:49 AM

Hi,

I'm also planning to get 45 days license for virtual WSA, ESA, and NGFW, but want to understand better how it works.

Is it simply explires after 45 days after activation or after 45 days of total appliance uptime?

When the license expires, it can be extended or reapplied after appliance redeploy? Or I should request a new one? If so, what is limit of demo licenses that can be requested from cisco partner account?

Thanks in advance for any responce or link to explanation

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to

‎06-18-2017 10:48 PM

The licenses expire 45 days after activation.

Cisco doesn't set a hard limit on the number of partner lab or demo licenses you may acquire. (I would imagine they might push back if you are requesting a large number of them without selling the product.)

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-25-2017 10:17 PM

You must have a root certificate or subordinate CA certificate issued to the WSA itself - i.e. one that can decrypt and resign - for the WSA to inspect https traffic.

See this technote:

http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117792-technote-wsa-00.html

Go to solution
ak085b
Level 1
Level 1
In response to Marvin Rhoads

‎05-28-2017 04:37 AM

Hello Marvin, thanks for the reply.

I created a certificate and a key and then uploaded them to the WSA

Then, I downloaded the cert.pem file, changed it to .cer file and imported that into the Firefox trusted certificates

I had to change the browser proxy settings for SSL to <WSA IP>:80 and it worked.

Any idea why it doesn't work with <WSA IP>:443?

Thank you very much!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card