Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
1
Helpful
6
Replies

Web Security Appliance SecureX update interval?

Go to solution
Network Diver
Level 3
Level 3

‎07-20-2023 02:07 AM - edited ‎07-20-2023 02:11 AM

Hi,

Today I registered our web security appliances with SecureX. Several hours have passed, but the dashboard shows no data. The devices are shown up as registered and cloud connectivity is reported green. Am I missing something? Nothing mentioned here: https://www.cisco.com/c/en/us/support/docs/security/securex/215985-integrate-and-troubleshoot-securex-with.html 

Regards,
Bernd

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Network Diver
Level 3
Level 3

‎08-07-2023 08:10 AM

Issue solved. The WSA integration guide [1] does not mention with one word that when one uses WSA appliances with central reporting to a SMA appliance only integration of SMA appliance is required. This is explained in another guide [2]. Also a good hint: When integrating the SMA web module in SecureX causes timeout errors, reduce the request timeframe which is 30 days by default. Start with 1 day and work your way up until there is no more a timeout error.

 

[1] Integrate and Troubleshoot SecureX with Web Security Appliance (WSA): https://www.cisco.com/c/en/us/support/docs/security/securex/215985-integrate-and-troubleshoot-securex-with.html

[2] Configure the SMA Integration With SecureX: https://www.cisco.com/c/en/us/support/docs/security/securex/216017-configure-the-sma-integration-with-secur.html 

View solution in original post

6 Replies 6

Go to solution
Ken Stieers
VIP
VIP

‎07-20-2023 11:34 AM

If I remember correctly, that's an "at the moment look", it should be querying the WSA for that data when you open the screen...
0 Helpful

Go to solution
Network Diver
Level 3
Level 3
In response to Ken Stieers

‎07-20-2023 11:04 PM

Hm, the WSA appliances are of course behind a firewall and on the firewall itself I can't see denied requests coming from securex to the WSA appliances trying to send an API call.

 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to Network Diver

‎07-21-2023 03:39 AM

WSAs connect outbound to the Secure Services Exchange, so you won't see an inbound connection...

In SecureX, under Integration Modules, did you add one for the WSA?
0 Helpful

Go to solution
amojarra
Cisco Employee
Cisco Employee

‎07-21-2023 02:16 PM

Hello @Network Diver 

In Addition to what Ken mentioned, I can advise to take a look at : Integrate and Troubleshoot SecureX with Web Security Appliance (WSA) - Cisco

 

also could you please check sse_connectord_logs ?

you can access them from CLI > Grep > select the number associated with sse_connectord_logs ... 

 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful

Go to solution
Network Diver
Level 3
Level 3

‎07-23-2023 10:03 PM

Yes, the Secure Web Appliance dashlets show up on the dashboard, but they show no data. In Network -> Cloud Services Settings the WSA shows up as registered and on SecureX in the devices list, it shows up as connected. The sse_connectord_logs show an error 400 for localhost. 

Mon Jul 24 04:23:28 2023 Info: INFO[wsa1.example.com][client.go:265 dex-gw-client-go:(*Client).send] POST status: 201, X-Flow-Id: DefaultFlowID
Mon Jul 24 04:43:07 2023 Info: INFO[wsa1.example.com][resource.go:359 resource:(*AccessorContext).Do] [Resource] Request (retry:0) POST sent to http://127.0.0.1:8843/context returned with code 404 and headers map[Connection:[keep-alive] Content-Length:[162] Content-Type:[text/html] Date:[Mon, 24 Jul 2023 02:43:07 GMT] Server:[nginx]]
Mon Jul 24 04:43:07 2023 Info: INFO[wsa1.example.com][resource.go:359 resource:(*AccessorContext).Do] [Resource] Request (retry:0) POST sent to http://127.0.0.1:8843/context returned with code 404 and headers map[Connection:[keep-alive] Content-Length:[162] Content-Type:[text/html] Date:[Mon, 24 Jul 2023 02:43:07 GMT] Server:[nginx]]
Mon Jul 24 05:03:07 2023 Info: INFO[wsa1.example.com][resource.go:359 resource:(*AccessorContext).Do] [Resource] Request (retry:0) POST sent to http://127.0.0.1:8843/context returned with code 404 and headers map[Connection:[keep-alive] Content-Length:[162] Content-Type:[text/html] Date:[Mon, 24 Jul 2023 03:03:07 GMT] Server:[nginx]]

 

 

0 Helpful

Go to solution
Network Diver
Level 3
Level 3

‎08-07-2023 08:10 AM

Issue solved. The WSA integration guide [1] does not mention with one word that when one uses WSA appliances with central reporting to a SMA appliance only integration of SMA appliance is required. This is explained in another guide [2]. Also a good hint: When integrating the SMA web module in SecureX causes timeout errors, reduce the request timeframe which is 30 days by default. Start with 1 day and work your way up until there is no more a timeout error.

 

[1] Integrate and Troubleshoot SecureX with Web Security Appliance (WSA): https://www.cisco.com/c/en/us/support/docs/security/securex/215985-integrate-and-troubleshoot-securex-with.html

[2] Configure the SMA Integration With SecureX: https://www.cisco.com/c/en/us/support/docs/security/securex/216017-configure-the-sma-integration-with-secur.html 

Customers Also Viewed These Support Documents