Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
1
Helpful
2
Replies

Guidance for Virtual WSA with SMA Deployment

MSN
Level 1
Level 1

‎08-14-2025 02:38 PM - edited ‎08-14-2025 02:40 PM

I have a requirement to deploy redundant WSA with SMA. Below are the licenses which i have.

WEB-SEC-SUB – Cisco Web Security XaaS Subscription – 1
WSA-WSP-LIC – Web Advantage SW Bundle (WREP+WUC+AMAL) License – 1000
WSA-AMP-LIC – WSA Advanced Malware Protection License – 1000
SMA-WMGT-LIC – SMA Centralized Web Management Reporting License – 1000
SVS-WEB-SUP-B – Basic Support for Web Security – 1

Can anybody help me with the following queries?

We plan to have 2× WSA and 1× SMA ---- are the above licenses sufficient for this setup?
Does WSA and SMA require a separate VM license?
From these license details, how many users are covered/considered?
Based on these licenses, how should the sizing be done? Which equivalent VM spec should we select — S100V, S300V, or S600V?

Any guidance would be greatly appreciated

0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎08-15-2025 08:15 AM

So there is some sales nuance that you'll want to double check with a Cisco sales guy, but...
That does look sufficient for what you want to do.
WSA and SMA are separate vm licenses, at this point its all SmartLicensing, so you provision that, then deploy the VMs and point them at the SmartLicense site.
That looks like 1000 users.. with virtual WSAs you can spin up as many as you need to cover your load. You may be able to get away with a single 600, but I'd spin up 2, and set them up for load balancing/HA... I used transparent redirection via WCCP from my firewalls, but you can do it with explicit redirection and the built in HA stuff too.

amojarra
Cisco Employee
Cisco Employee

‎08-21-2025 12:55 AM

Hello @MSN 

As Ken mentioned, the licenses are different, so you need to get WSA licenses and the SMA license as well.

regarding the installation of the WSAs and the SMA:

 

https://www.cisco.com/c/en/us/support/docs/servers-unified-computing/vmware-esxi-cisco-ucs/222580-install-secure-web-appliance-on-vmware-e.html

https://www.cisco.com/c/en/us/support/docs/switches/vsg-microsoft-hyper-v/222581-install-secure-web-appliance-on-microsof.html

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance-s690x/222554-configure-secure-web-appliance-initial-s.html

 

you need to make sure the SMA and WSAs are in the compatible version: 

https://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma_all/web-compatibility/index.html

Also it is best to check the release notes, to review the known and fixed issues in the version you are choosing:

here are the links to the relevant release notes:

Secure Web Appliance (WSA) Release Notes: WSA Release Notes

Secure Email and Web Manager (SMA) Release Notes: SMA Release Notes

  • the Model S100-S300-S600 depends on:
    Number of active users
  • Decryption rate
  • Scanning engines 
  • Scanning conditions 
  • Requests per seconds 
  • ...

Also please allow me to share : 

https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance/220375-use-secure-web-appliance-best-practices.html

this for sure will come in handy 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful
Customers Also Viewed These Support Documents