Steps to Deploy Virtual Web Security Appliance (vWSA)
From where can we download the image for virtual WSA? Please share the link as well.
This is not available yet as it is still beta and will shortly be moving to FCS. You will have to contact your cisco sales team.
Customer Support Engineer
Cisco Web Content Security Appliance
Cisco Technical Assistance Center RTP
does we get trail lice i want that for my study
You can download the vm from
Instead of set up the date and time parameters through the command datetime, is there a way to point to an NTP server?
Thanks! for the reviewing, yes we can configure an NTP server from the GUI (once the setup wizard ran):
System Administration > Time setting > Edit setting > "Use Network Time Protocol" and configure the NTP servers.
Have a Great! day
Thanks to you for your help Zack,
I will start to deploy a demo about this vWSA, and let me tell you that I am sure that you have helped a lot of people with this tutorial. I have another question, the license that we recevie via email (for demo), for how many users will it work?
Again, thank you so much for your support.
Thanks! for the feedback we greatly appreciated it, it depends on the model but the demo and S100v model should support up to 1000 connections.
Please let me know if you have any other questions,
Thanks again for the feedback,
I have a new issue, when I try to load the demo license either FTP or CLI. It sends me an error about the demo license is not available yet. I mean, when I paste the content of the XML file through the CLI and then I type the Ctrl + D sends me that error. Or when I type the command loadlicense, and then option 2, I type the license.xml and it still sends me that error. Could you please help me? It is a demo and we are competing against blue coat and other vendor.
Thanks for reaching out, I have seen this error. Please set the clock on the vWSA to make sure it has the current date and times. because their is a date in the license file.
from the CLI:
Current time Wed Aug 06 19:08:53 2014 GMT.Please enter the time in MM/DD/YYYY HH:MM:SS format.
<enter the month,day....>
enter out and commit the change.
Please let me know if you still have an issue.
Thanks for your answer, but I had already set the date and clock. What else could be the origin of this issue?
Sorry you are having trouble installing license, I was advise that some of the vWSA license were invalid, I would suggest to reach out the contact you got the license from and get another one quickly. in addition you can also call Cisco TAC # 1 800 553 2447 and speak with the licensing team and they will provide you a "demo" license.
The issue did reside on the date. I started to read the content of XML file and the Begin date was an hour later, I changed the time on Ironport and I was able to load the license. Now I have another question. How can we now for how much users the demo license is? I downloaded a S000v, and the showlicense prompts the next result:
Unknown command: SHOWLICENSEPlease run System Setup Wizard at http://192.168.210.156:8080ironport.example.com> showlicense
vln VLNWSA38996279begin_date Wed Aug 06 16:14:51 2014 GMTend_date Mon Sep 22 16:14:50 2014 GMTcompany CONNEXT SOLUCIONES SA DE CVseats 1country MXserial 65FCemail email@example.com 1fc3c71bdeca4bb2ba2ec57756cd6314license_version 1.1
I am glad you were able to load the license, you must need to run the setup Wizard and as for the number of users this should support few hundred users less than 1000, for the demo purpose and testing you be ok.
Thanks for the info Zack,
I have already run the setup wizard, now what is next? It is the first time I configure a Web Security Appliance, would you have another tutorial for the active directory integration, explicit proxy configuration?
Yes and they all reside here:
The issues about Attempting to fetch user information... and Attempting to fetch group information... in the Test, really are because of a bad Bin DN and a bad Password? Are there other origin of these errors?
Checking DNS resolution of WSA hostname(s)...Failure: Unable to resolve 'proxy.citrofrut.com' :Unknown hostnameChecking DNS resolution of LDAP Server(s)...Success: Resolved 'jfm0204.citronet.com' address: 192.168.210.69Checking connectivity of LDAP Server(s)...Success: Server 'jfm0204.citronet.com' responding to queries on port 389.Checking the type of LDAP Server(s)...Warning: The server 'jfm0204.citronet.com' is an Active directory server and is configured on port 389.Consider using the global catalog server on port 3268 instead.Checking if Referrals are enabled...Success: Referral option is disabled.Attempting to fetch user information...Failure: Queries to server 'jfm0204.citronet.com' on port 389 failed :Invalid Computer Account (AD realm) or Bind DN or Password (LDAP realm)Attempting to fetch group information...Failure: Queries to server 'jfm0204.citronet.com' on port 389 failed :Invalid Computer Account (AD realm) or Bind DN or Password (LDAP realm)Test completed: Errors occurred, see details above.
Please go ahead and create a Cisco TAC case our support team can help you,
1 800 553 2447
Great Video - I'm still not clear on how a license is obtained for this. Went to cisco.com/go/license - get other licenses - email/web security - get activation codes for iron port product tc - it asks for a source serial # / virtual device #. what are those - where do i find them?
Thanks for the feedback, enclosed are the steps:
How Existing Customers get their WSAV Licenses
1. Go to www.cisco.com/go/License
2. Log in with CCO ID.
3. Click on Get New at the top. Select License for Email & Web Security Appliance from the dropdown menu.
4. A page for requesting an activation code to get the license appears. Under Product, select SW Bundles (if you have an existing SW bundle) or TC (if you have a single a la carte feature).
5. Source Serial Number – Enter an existing WSA Serial Number here.
6. Select Destination Appliance Type – Select Virtual.
7. Leave Target SN / Virtual Device Identifier blank.
8. Send to – Enter email address for activation code to be sent to.
9. Click on Request Code.
10.Once the code is emailed, repeat Steps 1-3. Select Use Activation Codes & hit Next
11.Select the Web Security software SKUs that should embedded on the virtual license. Hit Next.
12.Enter in the email address for the Virtual WSA license to be sent to. Click on Get License.
13.You should receive a Processing Request popup. Once it is processed you will see a confirmation. The key will be sent within 3 hours.
PS. if you currently do not have WSA appliance, please call in TAC HOT line and speak to License Team and they will provide an Evaluation license. TAC # United States: 1 800 553 2447
Thank you so much for your video, i have a doubt, exist smarnet for Virtual appliance????
Thank you! for the comment, if you have a physical appliance you may want to reach out to your Cisco Account team, they will be able to provide ALL the detailed around the coverage, but as long as you have the physical WSA *should be cover"
Why, when i am running the System Setup Wizard by GUI, i receive a Mssg just with the "Reset Configuration" option???
Puedo compartir mi licencia del appliance físico para el vWSA? o hay que comprar las licencias de WSA virtual para que los dos queden activos y poder realizar balanceo de carga.
Can I share my physical appliance license for vWSA? or you have to buy virtual WSA licenses so that both of you remain active and can perform load balancing.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.