The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
When the virtual appliance is first powered on, the Management port gets an IP address from your DHCP host. If the virtual appliance is unable to obtain an IP address from a DHCP server, it will use 192.168.42.42 as the Management interface’s IP address. The CLI displays the Management interface’s IP address when you run the System Setup Wizard on the virtual appliance.
 Note |
You cannot open a Technical Support tunnel before installing the virtual appliance license. Information about Technical Support tunnels is in the User Guide for your AsyncOS release. |
The Cisco Secure virtual appliance requires an additional license to run the virtual appliance on a host. You can use this license for multiple, cloned virtual appliances. Licenses are hypervisor-independent.
For AsyncOS for Web Security 8.5 and later:
Feature keys for individual features can have different expiration dates.
After the virtual appliance license expires, the appliance will continue to serve as a web proxy without security services for 180 days. Security services are not updated during this period. On the Cisco Secure Web appliance, administrators and end users cannot manage quarantines and scheduled deletion of quarantined messages will occur.
Note |
For information about the impact of reverting the AsyncOS version, see the online help or user guide for your AsyncOS release. |
Note |
If you cloned the virtual security appliance image, perform the following steps for each image. |
(Optional) FTP into the virtual appliance to upload the license file. If you will paste the license into the terminal, you do not need to do this.
|
Step 1 |
Using SSH or telnet in a terminal application, log into the appliance’s CLI as the admin/ironport user.
|
||
|
Step 2 |
Run the loadlicense command. |
||
|
Step 3 |
Install the license file using one of the following options:
|
||
|
Step 4 |
Read and agree to the license agreement. |
||
|
Step 5 |
(Optional) Run showlicense to review the license details. |
For Microsoft Hyper-V deployments:
Return to Deploy on Microsoft Hyper-V.
For KVM deployments:
Return to Deploy on KVM.
For ESXi deployments:
For more information on the Management interface’s IP address, see Deploy on VMWare ESXi.
If you cloned the virtual security appliance image, repeat the procedure in this topic for each image.
See remaining setup steps in Deploy on VMWare ESXi.
You can use VMware® VMotion™ to migrate a running virtual appliance to a different physical host.
Requirements:
Both physical hosts must have the same network configuration.
Both physical hosts must have access to the same defined network(s) to which the interfaces on the virtual appliance are mapped.
Both physical hosts must have access to the datastore that the virtual appliance uses. This datastore can be a storage area network (SAN) or Network-attached storage (NAS).
Note |
Migrate the virtual machine using the VMotion documentation. Automatic VMotion is currently not supported in Secure Web Appliance. |
For instructions on cloning a virtual machine, see VMWare’s technical documentation at http://www.vmware.com/support/ws55/doc/ws_clone.html.
For information on how to manage the network settings and security features of your appliance, see the user guide for your Cisco Secure product and release.
|
Step 1 |
Disable centralized services on your Web Security appliances. |
|
Step 2 |
Shut down the virtual appliance using the shutdown command in the CLI. |
|
Step 3 |
Clone the virtual appliance image. |
|
Step 4 |
Start the cloned appliance using the VMware vSphere Client and perform the following:
|
|
Step 5 |
Start the original virtual appliance using the VMware vSphere Client and resume operation. Make sure that it is running properly. |
|
Step 6 |
Resume operation on the cloned appliance. |
The following actions are the equivalent of pulling the plug on a hardware appliance and are not supported, especially during AsyncOS startup:
— In KVM, the Force Reset option.
— In VMWare, the Power Off and Reset options.
The Cisco Secure Web virtual appliances include updates to existing CLI commands and includes a virtual appliance-only command, loadlicense. The following CLI command changes have been made:
|
Command |
Information |
|---|---|
|
loadlicense |
This command allows you to install a license for your virtual appliance. You cannot run System Setup Wizard on the virtual appliance without installing a license using this command first. |
|
etherconfig |
The Pairing option is not included on virtual appliances. |
|
version |
This command will return all the information about the virtual appliance except for the UDI, RAID, and BMC information. |
|
resetconfig |
Running this command leaves the virtual appliance license and the feature keys on the appliance. |
|
reload |
Running this command removes the virtual appliance license and all the feature keys on the appliance. |
|
showlicense |
View license details. For Secure Web Appliance, additional information is available via the featurekey command. |
AsyncOS on virtual appliances will not report any hardware-related information and no hardware-related traps will be generated. The following information will be omitted from queries:
powerSupplyTable
temperatureTable
fanTable
raidEvents
raidTable
Feedback