Web security virtual appliance technical overview for ses
1 / 21

Web Security Virtual Appliance Technical Overview for SEs - PowerPoint PPT Presentation

  • Uploaded on

Web Security Virtual Appliance Technical Overview for SEs. AsyncOS 7.7.5 for Web. January 7 , 2013. New Features in this Release Getting Set Up & Operating Your Virtual WSA(s) Q&A. Agenda. What is Penglai (AsyncOS 7.7.5 for Web)?. Virtual form factor of Web Security Appliance (WSA)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Web Security Virtual Appliance Technical Overview for SEs' - dai

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Web security virtual appliance technical overview for ses

Web Security Virtual Appliance Technical Overview for SEs

AsyncOS 7.7.5 for Web

January 7, 2013


New Features in this Release

Getting Set Up & Operating Your Virtual WSA(s)



What is penglai asyncos 7 7 5 for web
What is Penglai (AsyncOS 7.7.5 for Web)?

  • Virtual form factor of Web Security Appliance (WSA)

  • Functionally equivalent to a hardware WSA running Pikes Peak (AsyncOS 7.7.0). Major features in AsyncOS 7.7 are:

    • Multi-NTLM Forest Support

    • SOCKS proxy support

  • Plus benefits of running a VM:

    • One license (digital certificate), unlimited VMs

    • Self-service provisioning – you can provision & activate new VMs, fully loaded with your licensed feature keys, whenever you want

    • This beta program will be focused on testing the VM features only

Hypervisor hardware requirements
Hypervisor & Hardware Requirements

  • Hypervisor: VMware ESXi 4.x or 5.0

  • Hardware: Cisco UCS (officially supported), other vendors (best-effort support)

  • There are 3 standard VM images (corresponding to HW models in capacity). Allocate HW resources based on the VM image you download & the matrix below:

Four easy steps for setting up a virtual wsa
Four Easy Steps for Setting Up a Virtual WSA

  • Make sure the XML license that was emailed to you is ready

  • Download the VM

  • Unzip the VM & deploy it with vSphere

  • Run System Setup Wizard

Start by downloading the vm file
Start by Downloading the VM File

Download the VM file from the Cisco Software Download Center, under the Cisco Web Security Appliance.

  • Download the file for the model you want:

    • S000V: coeus-X-Y-X-070-S000V.zip

    • S100V: coeus-X-Y-X-070-S100V.zip

    • S300V: coeus-X-Y-X-070-S300V.zip

  • Zipped OVF (Open Virtualization Format)

  • Sample contents for S100V zip file:


    • coeus-X-Y-X-070-S100V.ovf

    • coeus-X-Y-X-070-S100V-disk1.vmdk

    • coeus-X-Y-X-070-S100V.mf

Next deploy the vm
Next: Deploy the VM

Uncompress the zip file to a designated file path (e.g. C:\WSAV\S000V_pristine)

  • If you want to run multiple VMs, use vSphere’s native cloning capabilities or duplicate the zip directory. Cloning must be done before the appliance’s first run. You can also download a pristine image later if you want more VMs.

  • Follow the process below for each VM:

    • With a connected vSphere client, click to select the host or cluster you want to have the image deployed

    • Choose File-->Deploy OVF Template.

    • Enter the path of the OVF file, click Next

    • Follow the wizard to finish the deployment

Next load your license file
Next: Load Your License File

  • XML file – looks like picture here

  • Can be applied to multiple VMs (reusable)

    • Apply during System Setup Wizard for each VM

  • Has customer ID, feature keys (Web Reputation, Web Usage Controls, Antivirus signatures) & expiration date embedded

  • If you purchase new feature keys, a new license is issued

  • When license expires, all functionality stops – including proxy

    • You will receive multiple alerts as expiry is approaching

  • Next install the license file
    Next: Install the License File

    • From the console, note the IP address of the appliance

    • From SSH or telnet, login to the virtual appliance with admin/ironport

    • Enter loadlicense, then

      • Input the license file by pasting its contents and pressing Ctrl-D, OR

      • Load the license file that has been uploaded to the virtual appliance via FTP (covered in next slide)

    Loading the license via ftp or scp
    Loading the License via FTP or SCP

    • Use FTP to transfer license file to appliance:

      • ftp to appliance with admin/ironport

      • cd into directory configuration

      • putlicense.xml

      • exit

    • OR use SCP to copy license file to appliance:

      • scplicense.xml admin@<IP>:configuration

    Finishing setup after loading license file
    Finishing Setup After Loading License File

    • Read and agree to the EULA

    • Enter showlicense to view the license details

    • Log on to the web UI (http://<IP>:8080) and run the System Setup Wizard

    • You are now ready to import your configuration

    Importing your configuration
    Importing your Configuration

    If you are configuring your Virtual WSA from scratch,ignore this step

    • If you provided your config file for migration, you should have received a Config File for your Virtual WSA from the beta team

      • We will have an automated config migration tool available when we release

    • Copy the config file to your new WSAV (Virtual WSA):

      • scpmy_config_file.xmladmin@new_WSAV:configuration

    • Load the config file on your new WSAV:

      • loadconfigmy_config_file.xml

    New and modified cli commands

    New and modified CLI commands

    New cli commands loadlicense
    New CLI commands: loadlicense


    • Reads a license file from a file or cut and paste

    • Verifies the validity of the license

    • Creates and installs the new feature keys

    • Removes old feature keys

    New cli commands showlicense
    New CLI commands: showlicense


    • Show data about current license, including expiry date

    vm10c02esa0120.eng> showlicense

    Virtual License


    vln VLNWSA171717

    begin_date Sun Jan 15 00:00:00 2012 GMT

    end_date Sat Jan 15 16:06:49 2028 GMT

    company Ironport Test Company

    seats 17

    serial 12B

    email cstillso@ironport.com

    issue fe8f1761f1a94463bc9ddbcf03569805

    license_version 1.0

    Modified cli commands version
    Modified CLI commands: version


    • For virtual appliances, this command will show CPU and memory of appliance, along with limits

    Modified cli commands ipcheck
    Modified CLI commands: ipcheck


    • Platform

    • Serial No.

    • RAM reported in MB

    Modified cli commands featurekey
    Modified CLI Commands: featurekey


    All feature keys currently active on appliance & remaining time on license

    More information for ses
    More Information for SEs

    • WSAV Questions? Contact wsa-pm@cisco.com

    • ESAV Questions? Contact esa-pm@cisco.com