02-06-2023 08:58 AM
According to the WSA document, quoted below:
Do not take backup (snapshot) of the virtual appliance using VMware or any other third-party tools, or
restore a virtual appliance from a snapshot. Alternatively, you can take backup of the configuration using
the System Administration > Configuration File menu in the user interface or using the saveconfig
CLI command. You can then load it on another spawned virtual appliance.
I can only backup the configuration and I assume if the appliance went down, I would have to spin-up a new appliance to restore the configuration backup. But why?
Is there a way to do appliance level backup and restore with the v14.5 WSA?
Solved! Go to Solution.
02-06-2023 09:07 AM
02-06-2023 09:07 AM
02-06-2023 09:45 AM
Okey, good to know. But feels like the WSA/ESA AsyncOS is somehow band-aided and outdated over the years from feature set perspective...
02-06-2023 09:55 AM
02-08-2023 12:54 AM
WSA has a feature for failover, which one WSA went down the other WSA will be in production (Using the Common Address Redundancy Protocol (CARP)
in case if you want both Appliance are holding same configuration you might need to back-up and restore manually or simple use SMA for central configuration and management
steps for adding failure has been covered in USerGuide :
User Guide for AsyncOS 11.0 for Cisco Web Security Appliances - Connect, Install, and Configure [Cisco Secure Web Appliance] - Cisco
also I believe it could be nice if you take a look at this link to have this feature works properly on a Virtual WSA:
Ensure Proper Virtual WSA HA Group Functionality in a VMware Environment - Cisco
regarding cloning a virtual machine and keeping it as Failover, you still need some manual configuration, when one WSA is down, and also it is not recommended.
on the other hand there are couple of actions which I am just listing here, you might be interested in them, which are related to load balance and failover
 you can use Transparent deployment, hosting two or more WSAs, then let the router decide when any device is down and not sending the traffic to that WSA
 using PAC file and configuring both (or more) WSA's as proxy server there. (in this case there will be delay till browser makes the decisions to mark first proxy as down and redirect traffic to another WSA for all new sessions- it depends on the browser )
++++ If you find this answer helpful, please rate it as such ++++
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: