Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
0
Helpful
2
Replies

WSA configuration sync

urosbajzelj
Level 1
Level 1

‎12-17-2013 05:57 AM

Hello

I have two WSA appliances and I want to make automatic configuration synchronization with script.

So here is my question. When I load configuration to secondary appliance, do I have to load whole configuration or I can only load the xml file with sections that are different to the previous configuration.

For example I have two config files:

-wsa1_config.xml

-wsa2_config.xml

And the only difference is that I have added another user in wsa1_config.xml. That would result in new section in wsa1_config.xml

  <users>

    <user>

      <username>test_user</username>

      <fullname>Test User</fullname>

      <group>admin</group>

      <enc_password>encrypted_password</enc_password>

      <date_range>current_day</date_range>

      <display_rows>10</display_rows>

      <landing_page></landing_page>

      <language>en-us</language>

    </user>

  </users>

Can I create diff.xml with the following data in xml and load this config to secondary wsa server?

<config>

  <users>

    <user>

      <username>test_user</username>

      <fullname>Test User</fullname>

      <group>admin</group>

      <enc_password>encrypted_password</enc_password>

      <date_range>current_day</date_range>

      <display_rows>10</display_rows>

      <landing_page></landing_page>

      <language>en-us</language>

    </user>

  </users>

</config>

Will this procedure add only new user to secondary appliance or it will delete the whole configuration?

Labels:
0 Helpful
2 Replies 2

Valter Da Costa
Cisco Employee
Cisco Employee

‎12-24-2013 03:56 AM

Preferably, use a SMA to manage the config on multiples WSAs.

If you load the complete file, you will have problems with IP addressing.

Load partial files or editing the config file is not officially supported.

I personally did not test loading partial config files in a WSA. If you try to load it does it return an error? I can give it a try and let you know later today.

Sent from Cisco Technical Support iPad App

0 Helpful

urosbajzelj
Level 1
Level 1
In response to Valter Da Costa

‎01-14-2014 12:16 AM

I took configuration from wsa1, deleted part of the configuration that I knew it didn't change, changed IP addresses and upload only partial config file.

It was loaded without issues and configuration changes were applied to the wsa2. So it looks like it works to load and change only part of the configuration files.

I know that SMA could be used to manage configs on multiple WSAs, but I believe this is kind of overkill for SMB organizations with only 2 WSAs.

Best regards

0 Helpful
Customers Also Viewed These Support Documents