02-18-2016 12:11 PM
Hi community,
I'm looking for multiple Configuration Master on SMA. Or contexts or something else.
Thank you.
02-21-2016 09:32 PM
Hi,
SMA appliance does do multiple configuration masters with multiple WSAs however you need to be aware of below:
1. SMA will require centralise configuration master feature key to be available and valid
2. Depending on which version that the SMA is running. Certain SMA version can only support certain configuration master version. See below for the compatibility matrix for SMA with WSA and ESA:
http://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma_all/SMA-ESA-WSA_Compatibility.pdf
02-21-2016 11:30 PM
Hi,
Thank you for supporting me in this case.
Multiple WSAs are managable for sure. But not multiple (and different) configurations, right ?
02-23-2016 04:46 PM
In SMA appliance you can create multiple configuration master (CM) versions, for example you can create CM8.0 and also CM 7.7 and CM 8.7 and you can assigned each CM to different WSA appliances however the version in each WSA need to match with the version of the CM that you assigned to it and each CM can have different configurations.
Another functionality that we have in SMA as well, if you are using single CM for multiple WSA appliances. In "Identity" configuration and when you add or edit the Identity configuration, you will have option called "Include These Appliances" under the "Membership Definition" section and from there you can select which WSA appliance that you want this Identity configuration to be apply to or apply to all WSA appliances.
02-23-2016 04:54 PM
Right... if you have multiple WSAs on version x, they all have to use the same configuration/configuration master, so they get the same config
You can have different configurations on different versions.
If you need different configs for several WSAs, you have to manage each set on its own SMA/SMAv
06-01-2018 08:36 AM
08-06-2018 11:16 AM
There is a way to have different configurations on different WSA's that are managed by a single SMA. I am not sure this is why Cisco created this feature because most people I talk to that support the SMA seem to be unaware of this feature. When you create a Identity Policy under membership Definition you can select which WSA appliances this policy applies to. When you push policy you still push the policy to all WSA's and only the appliances chosen here show the policy created.
I have done some basic testing with this, but have not done this in production as of yet. We are in a long term change for web proxy and when the time is right I am going to use this feature unless I can create a more uniform blanket policy across our different locations.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide