cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Steps to Deploy Virtual Web Security Appliance (vWSA)

10512
Views
6
Helpful
28
Comments
Atazazuddin Shaikh
Cisco Employee

Steps to Deploy Virtual Web Security Appliance (vWSA)

28 Comments
alexdelangel
Beginner

Thanks for the info Zack,

I have already run the setup wizard, now what is next? It is the first time I configure a Web Security Appliance, would you have another tutorial for the active directory integration, explicit proxy configuration?

Regards!

Atazazuddin Shaikh
Cisco Employee

Yes and they all reside here:

https://supportforums.cisco.com/community/5786/web-security?view=video#quicktabs-community_activity=3

 

Regards,

Zack

 

alexdelangel
Beginner

Hi Zack!

The issues about Attempting to fetch user information... and Attempting to fetch group information... in the Test, really are because of a bad Bin DN and a bad Password? Are there other origin of these errors?

Regards!

Checking DNS resolution of WSA hostname(s)...
Failure: Unable to resolve 'proxy.citrofrut.com' :
Unknown hostname


Checking DNS resolution of LDAP Server(s)...
Success: Resolved 'jfm0204.citronet.com' address: 192.168.210.69

Checking connectivity of LDAP Server(s)...
Success: Server 'jfm0204.citronet.com' responding to queries on port 389.

Checking the type of LDAP Server(s)...
Warning: The server 'jfm0204.citronet.com' is an Active directory server and is configured on port 389.Consider using the global catalog server on port 3268 instead.

Checking if Referrals are enabled...
Success: Referral option is disabled.

Attempting to fetch user information...
Failure: Queries to server 'jfm0204.citronet.com' on port 389 failed :
Invalid Computer Account (AD realm) or Bind DN or Password (LDAP realm)


Attempting to fetch group information...
Failure: Queries to server 'jfm0204.citronet.com' on port 389 failed :
Invalid Computer Account (AD realm) or Bind DN or Password (LDAP realm)


Test completed: Errors occurred, see details above.

 

Atazazuddin Shaikh
Cisco Employee

Please go ahead and create a Cisco TAC case our support team can help you, 

1 800 553 2447

 

Regards

Zack

 

 

moody
Beginner

Hi Zack,

 

Great Video - I'm still not clear on how a license is obtained for this.  Went to cisco.com/go/license - get other licenses - email/web security - get activation codes for iron port product tc - it asks for a source serial # / virtual device #.  what are those - where do i find them?

Atazazuddin Shaikh
Cisco Employee

Hi 

Thanks for the feedback, enclosed are the steps:

How Existing Customers get their WSAV Licenses

1.    Go to www.cisco.com/go/License

2.    Log in with CCO ID.

3.    Click on Get New at the top.  Select License for Email & Web Security Appliance from the dropdown menu.

4.    A page for requesting an activation code to get the license appears.  Under Product, select SW Bundles (if you have an existing SW bundle) or TC (if you have a single a la carte feature).

5.    Source Serial Number – Enter an existing WSA Serial Number here.

6.    Select Destination Appliance Type – Select Virtual.

7.    Leave Target SN / Virtual Device Identifier blank.

8.    Send to – Enter email address for activation code to be sent to.

9.    Click on Request Code.

10.Once the code is emailed, repeat Steps 1-3.  Select Use Activation Codes & hit Next

11.Select the Web Security software SKUs that should embedded on the virtual license.  Hit Next.

12.Enter in the email address for the Virtual WSA license to be sent to.  Click on Get License.

13.You should receive a Processing Request popup.  Once it is processed you will see a confirmation.  The key will be sent within 3 hours.

PS. if you currently do not have WSA appliance, please call in TAC HOT line and speak to License Team and they will provide an Evaluation license.  TAC # United States: 1 800 553 2447

 

Regards,

Zack

 

 

carlos_galano
Beginner

Thank you so much for your video, i have a doubt, exist smarnet for Virtual appliance????

Atazazuddin Shaikh
Cisco Employee

Hi Carlos

Thank you! for the comment, if you have a physical appliance you may want to reach out to your Cisco Account team, they will be able to provide ALL the detailed around the coverage,  but as long as you have the physical WSA *should be cover"

 

Regards,

Zack

 

braulio.santos
Beginner

Hi Shaikh,

Why, when i am running the System Setup Wizard by GUI, i receive a Mssg just with the "Reset Configuration" option???

Thks,

JS

andresmen598
Beginner

Buen día,

 

Puedo compartir mi licencia del appliance físico para el vWSA? o hay que comprar las licencias de WSA virtual para que los dos queden activos y poder realizar balanceo de carga. 

andresmen598
Beginner

Good day,

 

Can I share my physical appliance license for vWSA? or you have to buy virtual WSA licenses so that both of you remain active and can perform load balancing.

jeffhouston
Beginner

Is there any detailed information about setting up vwsa on Windows Hyper-V? I have been able to get a shared license, download the vhdx, install and setup the VM but I am having trouble getting the interfaces up.

After I did the initial setup my P1 interface is gone. I am unclear on how that needs to be setup in Hyper-V such as Legacy, or attached to the virtual switch?

Also, IOS 11 on vWSA vs. S170 10.x? will the configuration transfer?

trihd0821
Beginner

login-vWSA-error.PNGHi all

 

Please kindly help. I have deployed the S000V vWSA image on my laptop and it repeated appears an error like this: "The daemon is not responding." I haven't changed any configuration yet.

 

Secondly, once I have bypassed this step with no reason (indeed), I could load the web guide but when I type the username and password in Chrome, the page did not run while I tried to click to the button manytimes.

 

Thanks for your help.