11-01-2022 07:10 PM
Hi,
I'm trying to connect one of our WSA/SWAs (ASyncOS 14.5.0-537) to SecureX and not having any success.
Going by the instructions, I enable the SecureX setting under Network > Cloud Services Settings, and it shows as being enabled after committing the change. However, the instructions says "Wait for few minutes, and check whether the Register button appears on your appliance", which I have done, but this button never appears. This is how the Cloud Service Settings appear, and remain in this state:
As you can see, the Deregister button is greyed out so I am unable to use this. The supplied explanation is as follows:
I've checked in SecureX under Device Manager and the WSA/SWA is not showing as having been connected (I haven't been given the prompt to enter the device token on the WSA/SWA).
I can't seem to find any articles on how to overcome this issue. Does anyone have any advice?
11-18-2022 01:35 AM
may I ask you please check these:
[1] nslookup api.eu.sse.itd.cisco.com
[2] telnet the api.eu.sse.itd.cisco.com on port 443 >-nslookup api.eu.sse.itd.cisco.com
[3] Also please check packet capture to see if there is any issue conencting your WSA to api.eu.sse.itd.cisco.com
[4] you have selected WSA in Secure-X (sometimes it happens to be SMA)
thanks
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
11-24-2022 06:24 PM
Hi @amojarra
I tried what you have suggested above, but queried against api.apj.sse.itd.cisco.com as we are located in APJ region.
I was able to successfully resolve the hostname, and can telnet from the WSA to api.apj.sse.itd.cisco.com over port 443 (see below).
When trying to enable the WSA in SecureX I have gone here:
After going into the above I opened the device manager and generated a token for the WSA, but this is where it doesn't go any further
11-29-2022 12:33 AM
Sorry for late reply
thanks for the detailed information
did you check this: Integrate and Troubleshoot SecureX with Web Security Appliance (WSA) - Cisco
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
11-29-2022 04:57 PM
Hi @amojarra ,
Thankyou for this. I have managed to get one of our WSAs connected to SecureX via this article, however, our primary one still does not work.
I have looked in the sse_connectord_log file on the primary WSA and can see the following entries
Judging by the entries, the connector looks to be somehow configured to connect to the local host address. Do you have any ideas how this can be reset/re-configured?
12-01-2022 07:48 AM
So happy to hear that
at least we have 50% improvement.
could you please try to re-do step3 of the link?
I mean disable > commit > enable > commit
and then the rest of the steps please
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
12-01-2022 04:03 PM
Hi @amojarra ,
I have raised a case with TAC to see if they can assist with resolving this issue. We did try doing what you suggested, but still no luck.
In working through this with TAC, it seems that when I've attempted to set this up in the past it has connected to SecureX (not sure where?) and once connected you cannot un-link/re-register. It looks like this may be an inherent bug in ASyncOS 14, which TAC is investigating.
When I hear more from TAC and/or they provide a solution, I'll provide details here.
Cheers
12-01-2022 11:13 PM
Thanks for the update @mark.wehling
hope the issue will be solve soon
feel free to reach out if anything is needed
BR,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide