Hi,For the virtual WSA, you

Sullivand08 · ‎07-22-2014

We just got our web filter back online and its been offline since jan/feb time. I have the Update Servers list using the "Cisco Ironport Update servers" option checked under "Update Setting for Security Services". I then go to Web Reputation and Malware to update the Web Reputation Engine and etc and it all fails to fetch the manifest. I've even tried inputting the server manually (update-manifests.ironport.com port 443) and still fails. Any suggestions?

Sullivand08 · ‎07-22-2014

I can also telnet to update-manifests.ironport.com port 443. but fail to fetch manifest on every update.

kushsriva · ‎07-24-2014

Hi,

For the virtual WSA, you would need to configure the update server: update-manifests.sco.cisco.com, but this needs to be configured from the CLI using the updateconfig command

Here are the steps:

updateconfig

Choose the operation you want to perform:
- SETUP - Edit update configuration.
[]> dynamichost

Enter new manifest hostname:port
[update-manifests.ironport.com:443]> update-manifests.sco.cisco.com:443

Choose the operation you want to perform:
- SETUP - Edit update configuration.
[]> <Enter>

vWSA> commit

Changes committed: Mon Nov 11 11:20:01 2013 GMT

vWSA> updatenow

- IF the updates still do not work, make sure you have a valid license installed and it is active.

Do Rate if Helpful

Regards,

Kush

Sullivand08 · ‎07-24-2014

ok i just tried going through those steps and it seems that it was already configured for that manifest hostname. The license is current and active. we just got it from Cisco a few weeks ago.

kushsriva · ‎07-25-2014

Hi,

In that case please try the following steps:

- Make sure have connections allowed to that server. telnet to "update-manifests.sco.cisco.com 443" and make sure the connection is allowed.

- Sometimes even when you see license installed, it is not installed correctly and that's why the updates do not work. If possible try to replace the license key and then check the updates.

Regards,

Kush

Sullivand08 · ‎07-25-2014

telnet was successful. everything seems fine. feature keys are active but ill double check on the license key.

Thanks!

Vance Kwan · ‎07-28-2014

Cisco Licensing had an issue recently. Go ahead and go to the SSH and run the command 'show license'. I can't recall off the top of my head, but if your VLN # is 8 digits, you may have been affected.

The root cause is that when the appliance connects to update-manifests, it will identify itself using the VLN #. The update manifests server should have a record of it. If it does not, the connection ends. There was a spreadsheet I saw of all affected customers. You may be amongst one of them. Doesn't hurt to check.

I recommend opening a TAC case on this to confirm. The solution would be to get another license XML file.

Sullivand08 · ‎07-30-2014

ok I believe that may be the issue. After running showlicense command my VLN# is VLNWSAxxxxxxxx. so 8 digits trailing behind "VLNWSA". Ill open a case.

Thanks all for your help.

IronPort S100v update fails