Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1011
Views
0
Helpful
4
Replies

Backup the virtual WSA appliance running under VMware

Go to solution
m1xed0s
Spotlight
Spotlight

‎02-06-2023 08:58 AM

According to the WSA document, quoted below:

Do not take backup (snapshot) of the virtual appliance using VMware or any other third-party tools, or
restore a virtual appliance from a snapshot. Alternatively, you can take backup of the configuration using
the System Administration > Configuration File menu in the user interface or using the saveconfig
CLI command. You can then load it on another spawned virtual appliance.

I can only backup the configuration and I assume if the appliance went down, I would have to spin-up a new appliance to restore the configuration backup. But why? 

Is there a way to do appliance level backup and restore with the v14.5 WSA?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎02-06-2023 09:07 AM

No. There is no supported way to backup/restore the app. Just the configuration.

If HA is a requirement, you can spin up as many WSA vms as you need. WSA vms are licensed per user, so build what you need.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ken Stieers
VIP
VIP

‎02-06-2023 09:07 AM

No. There is no supported way to backup/restore the app. Just the configuration.

If HA is a requirement, you can spin up as many WSA vms as you need. WSA vms are licensed per user, so build what you need.

0 Helpful

Go to solution
m1xed0s
Spotlight
Spotlight
In response to Ken Stieers

‎02-06-2023 09:45 AM

Okey, good to know. But feels like the WSA/ESA AsyncOS is somehow band-aided and outdated over the years from feature set perspective...

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to m1xed0s

‎02-06-2023 09:55 AM

Or you're expressing a need for a feature that after over a decade of being deployed, and millions in service (CES is just ESA vms), it turns out they don't actually need it...

0 Helpful

Go to solution
amojarra
Cisco Employee
Cisco Employee

‎02-08-2023 12:54 AM

Hello @m1xed0s 

 

WSA has a feature for failover, which one WSA went down the other WSA will be in production (Using the Common Address Redundancy Protocol (CARP)

 

in case if you want both Appliance are holding same configuration you might need to back-up and restore manually or simple use SMA for central configuration and management

steps for adding failure has been covered in USerGuide :

User Guide for AsyncOS 11.0 for Cisco Web Security Appliances - Connect, Install, and Configure [Cisco Secure Web Appliance] - Cisco

 

also I believe it could be nice if you take a look at this link to have this feature works properly on a Virtual WSA:

Ensure Proper Virtual WSA HA Group Functionality in a VMware Environment - Cisco 

 

regarding cloning a virtual machine and keeping it as Failover, you still need some manual configuration, when one WSA is down, and also it is not recommended.

 

on the other hand there are couple of actions which I am just listing here, you might be interested in them, which are related to load balance and failover

 

[1] you can use Transparent deployment, hosting two or more WSAs, then let the router decide when any device is down and not sending the traffic to that WSA

[2] using PAC file and configuring both (or more) WSA's as proxy server there. (in this case there will be delay till browser makes the decisions to mark first proxy as down and redirect traffic to another WSA for all new sessions- it depends on the browser )

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

0 Helpful
Customers Also Viewed These Support Documents