cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10138
Views
35
Helpful
15
Replies

Cisco Web Security Appliance Licensing for High Availability

edwardwaithaka
Level 1
Level 1

Hi,

I would like to deploy Cisco S170 Web Security Applicance in HA mode.

My question is; What license are avaiable to ensure two appliances work in HA mode?

We have purchased the following licenses and not sure if HA will work;

2 x WSA-S170-K9 WSA S170 Web Security Appliance with Software

250 x WSA-WSP-5Y-S2 Web Premium SW Bundle (WREP+WUC+AMAL) 5YR, 200-499 Users

There are 250 users in our network.

1 Accepted Solution

Accepted Solutions

I'm not an expert on the licensing end, but as far as I know, there isn't a seperate license for HA of the WSA.  From a technical standpoint,  HA for the WSA is handled by how you get the traffic to the boxes.   The WSA's don't know about one another, they don't get "clustered" like the ESA's... 

View solution in original post

15 Replies 15

I'm not an expert on the licensing end, but as far as I know, there isn't a seperate license for HA of the WSA.  From a technical standpoint,  HA for the WSA is handled by how you get the traffic to the boxes.   The WSA's don't know about one another, they don't get "clustered" like the ESA's... 

We've used an ACE or some other type of load balancer for HA.

Correct, licensing is per WSA, with no additional licensing needed for HA as provided by WCCP clustering.
Bookmark it, we can blow it up later.

Kush Srivastava
Level 1
Level 1

HI,

WSA does not have the Clustering Capability. You can however load balance the traffic via WCCP (transparent proxy Deployment) or via PAC files (Explicit Proxy Mode).

Regards,

Kush

amatahen
Cisco Employee
Cisco Employee

I have been going through Support community questions and I noticed your question, we have a setup were HA is achieved by using PAC file which is pushed to users.

HTH

VeNoMouSNZ
Level 1
Level 1

We use netscalers to do an LDNS address sort of like  GSLB, which monitors the proxy port, it is sort of a dynamic dns with a low TTL, if the proxy goes down it changes the return address to the alternate ip.. by doing this, we don't have to proxy through the netscaler and use X-FF... 

alexdelangel
Level 1
Level 1

Hello Edward,

Please, allow me to resurect this old post. What method of HA did you implement? According to this conversation, I clearly understand that WSA can not perform a cluster, so we need to load balance according to our WCCP configuration on the ASA. 

Now, the question is about licensing. For example, if you did acquire 250 licenses, did you install 125 on WSA-1, and 125 on WSA-2???? Imagine that WSA-1 dies, now you just can use the 125 licenses from WSA-2???

Regards!

When you get the WSAs both boxes get the feature keys, but user count isn't tracked...

So when one fails, the boxes don't care that they're handling more...  In a VM world you can create and license as many as you need...

 

Hi,

The licensing portal allows you to generate different licenses for the two appliances both for 250 users. From there, you use WCCP to load share.

Good day,

I would like to know if there is any document showing the step by step to perform load balancing and HA configuration between a WSA and vWSA through WCCP on a Cisco ASA Firewall.

On the other hand I have the doubt when this type of configuration is done as it is done so that when making some configuration change replicate in the two WSA (physical WSA and virtual vWSA).

Thank you in advance for the collaboration and help you give me.

Hi Guys,

What is the meaning of 200-499 Users for licenses? 
Is that the number of concurrent users sessions or licensed user limitation?

 

Please advice.

 

yes up to 499 unique or concurrent users at a time.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

That is the number of unique people that are in the company.

Thanks Balaji and Ken for your reply.

 

Is there any way that we can check the current utilization of those concurrent users out of 499?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: