Re: Connect via P2 Interface to WSA S160 for initial set-up

FLOYD SALAZAR · ‎07-18-2011

Currently have deployed WSA with the following interfaces:

1/ Management : 1.1.2.2/24

2/ P1 : 10.10.20.14/24 (inside DMZ interface for secure network)

3/ P2: 8.8.8.136/28 (Public DMZ interface)

Issue:

I can not reach Management interface on segment at this time to run set-up wizard for configuring the WSA.

I can reach and talk to P2 interface via ASA 5540 which controls all inbound traffic to WSA.

How can I remotely reach WSA via P2 to run setup wizard via GUI for WsA set-up?

I know I must use http://IP_ADS:8080/8443 but how can I get there via public IP Address or proxy.

Note: I have a proxy 5.5.5.5 which I have built acl on 5540 to allow tcp 8080/8443 to 8.8.8.136.

Tery Le Febvere · ‎07-18-2011

Hi,

My name is Tery and I will be happy to help you out with your new deployment questions. The way the WSA is design to work is M1 will be for management or/and data, P1 is for DATA only and P2 is for external data. It looks like everything you have done is correct.

So if you are on 1.1.2.2/24 network can you reach http://IP_ADS:8080 or https://IP_ADS:8443 ? Did you created new routes under Network > Routes?

Thanks,

Tery Le Febvere

FLOYD SALAZAR · ‎07-18-2011

Good Evening Tery,

The problem is that 1.1.2.2 is not accessible, which means the Management segment is not accessible via http or https at all.

It was provisioned given an IP Address which cannot be accessed currently.

So is there another way to use the set-up wizard via the P2 interface at all?

Tery Le Febvere · ‎07-19-2011

Setup wizard can only be access through the management interface(M1). At this moment the only choice will be to connect via console.

You may also connect directly to the unit's COM port using a null modem cable (9-pin serial) in order to establish a command line interface (CLI) session. This is particularly useful during the initial configuration process of the device. In order to proceed, you will need the following:

9-pin female-to-female serial cable (null modem)
Serial console client (such as HyperTerminal or PuTTY)

Please use the following procedure as a guide:

Connect your laptop (or other client device) to the serial port on the back of the unit using a standard 9-pin null modem cable.
Launch your preferred serial console client. Specify the appropriate COM port to use on your local machine, and use the following settings for the connection:

Bits per second: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow control: Hardware (RTS/CTS, DSR/DTR)
Once the session has been opened, you may need to press Enter to trigger output. At this time, you should see a login prompt akin to what would be seen in a Telnet- or SSH-based CLI session.
Log in using your appropriate credentials.

Thanks,

Tery Le Febvere

FLOYD SALAZAR · ‎07-19-2011

Good Day Tery,

Yes I have console or serial port access to the device at this time.

My concern is if you cannot run the set-up wizard via the management interface what effective way can one build the base configuration of the WSA without using the set-up wizard.

And if it can be done via cli is there a guide which reflects the critical components that should be configured to support the turn-up of the applicance?

FLOYD SALAZAR · ‎07-20-2011

Good Evening Tery,

Here is a thought to be able to utilize the setup wizard for the S160 WSA on the management interface.

If I physically move the Management interface to the same subnet of P2 interface with a different IP which is accessible via firewall rule changes from a remote location. Would this allow me to set-up the WSA then once set-up I could move the connection to an DMZ which is isolated but accessible from the internal network of the organization?

edadios · ‎07-21-2011

Hello Floyd,

WSA will not allow configuration of interfaces on same subnet.

The management interface need to be provided an ip address, that willl be reachable via your Firewall, and possibly configure nat for management of that management port on that firewall.

Regards,

Eric