07-18-2011 02:56 PM
Currently have deployed WSA with the following interfaces:
1/ Management : 1.1.2.2/24
2/ P1 : 10.10.20.14/24 (inside DMZ interface for secure network)
3/ P2: 8.8.8.136/28 (Public DMZ interface)
Issue:
I can not reach Management interface on segment at this time to run set-up wizard for configuring the WSA.
I can reach and talk to P2 interface via ASA 5540 which controls all inbound traffic to WSA.
How can I remotely reach WSA via P2 to run setup wizard via GUI for WsA set-up?
I know I must use http://IP_ADS:8080/8443 but how can I get there via public IP Address or proxy.
Note: I have a proxy 5.5.5.5 which I have built acl on 5540 to allow tcp 8080/8443 to 8.8.8.136.
07-18-2011 06:37 PM
Hi,
My name is Tery and I will be happy to help you out with your new deployment questions. The way the WSA is design to work is M1 will be for management or/and data, P1 is for DATA only and P2 is for external data. It looks like everything you have done is correct.
So if you are on 1.1.2.2/24 network can you reach http://IP_ADS:8080 or https://IP_ADS:8443 ? Did you created new routes under Network > Routes?
Thanks,
Tery Le Febvere
07-18-2011 11:45 PM
Good Evening Tery,
The problem is that 1.1.2.2 is not accessible, which means the Management segment is not accessible via http or https at all.
It was provisioned given an IP Address which cannot be accessed currently.
So is there another way to use the set-up wizard via the P2 interface at all?
07-19-2011 05:40 AM
Setup wizard can only be access through the management interface(M1). At this moment the only choice will be to connect via console.
You may also connect directly to the unit's COM port using a null modem cable (9-pin serial) in order to establish a command line interface (CLI) session. This is particularly useful during the initial configuration process of the device. In order to proceed, you will need the following:
Please use the following procedure as a guide:
Thanks,
Tery Le Febvere
07-19-2011 11:06 AM
Good Day Tery,
Yes I have console or serial port access to the device at this time.
My concern is if you cannot run the set-up wizard via the management interface what effective way can one build the base configuration of the WSA without using the set-up wizard.
And if it can be done via cli is there a guide which reflects the critical components that should be configured to support the turn-up of the applicance?
07-20-2011 10:54 PM
Good Evening Tery,
Here is a thought to be able to utilize the setup wizard for the S160 WSA on the management interface.
If I physically move the Management interface to the same subnet of P2 interface with a different IP which is accessible via firewall rule changes from a remote location. Would this allow me to set-up the WSA then once set-up I could move the connection to an DMZ which is isolated but accessible from the internal network of the organization?
07-21-2011 05:52 PM
Hello Floyd,
WSA will not allow configuration of interfaces on same subnet.
The management interface need to be provided an ip address, that willl be reachable via your Firewall, and possibly configure nat for management of that management port on that firewall.
Regards,
Eric
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide