Cisco Cisco Web Security Appliance S690 User Guide
22-30
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
AsyncOS for Web Upgrades and Updates
Local And Remote Update Servers
By default, AsyncOS contacts the Cisco update servers for both update and upgrade images and the
manifest XML file. However, you can choose from where to download the upgrade and update images
and the manifest file. Using a local update server for the images or manifest file for any of the following
reasons:
manifest XML file. However, you can choose from where to download the upgrade and update images
and the manifest file. Using a local update server for the images or manifest file for any of the following
reasons:
•
You have multiple appliances to upgrade simultaneously. You can download the upgrade image
to a web server inside your network and serve it to all appliances in your network.
to a web server inside your network and serve it to all appliances in your network.
•
Your firewall settings require static IP addresses for the Cisco update servers. The Cisco update
servers use dynamic IP addresses. If you have strict firewall policies, you may need to configure a
static location for updates and AsyncOS upgrades. For more information, see
servers use dynamic IP addresses. If you have strict firewall policies, you may need to configure a
static location for updates and AsyncOS upgrades. For more information, see
Configuring a Static
Address for the Cisco Update Servers, page 22-30
.
Note
Local update servers do not automatically receive security service updates, only AsyncOS upgrades.
After using a local update server for upgrading AsyncOS, change the update and upgrade settings back
to use the Cisco update servers so the security services update automatically again.
After using a local update server for upgrading AsyncOS, change the update and upgrade settings back
to use the Cisco update servers so the security services update automatically again.
Updating and Upgrading from the Cisco Update Servers
A Web Security appliance can connect directly to Cisco update servers and download upgrade images
and security service updates. Each appliance downloads the updates and upgrade images separately.
and security service updates. Each appliance downloads the updates and upgrade images separately.
Configuring a Static Address for the Cisco Update Servers
The Cisco update servers use dynamic IP addresses. If you have strict firewall policies, you may need to
configure a static location for updates and AsyncOS upgrades.
configure a static location for updates and AsyncOS upgrades.
Step 1
Contact Cisco Customer Support to obtain the static URL address.
Step 2
Navigate to the System Administration > Upgrade and Update Settings page, and click Edit Update
Settings.
Settings.
Step 3
On the Edit Update Settings page, in the “Update Servers (images)” section, choose Local Update
Servers and enter the static URL address received in step
Servers and enter the static URL address received in step
1
.
Step 4
Verify that Cisco Update Servers is selected for the “Update Servers (list)” section.
Step 5
Submit and commit your changes.
Upgrading from a Local Server
The Web Security appliance can download AsyncOS upgrades from a server within your network instead
of obtaining upgrades directly from the Cisco update servers. When you use this feature, you download
the upgrade image from Cisco once only, and then serve it to all Web Security appliances in your
network.
of obtaining upgrades directly from the Cisco update servers. When you use this feature, you download
the upgrade image from Cisco once only, and then serve it to all Web Security appliances in your
network.
Figure 22-1
shows how Web Security appliances download upgrade images from local servers.