Cisco Cisco Web Security Appliance S660 Mode D'Emploi
3-11
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 3 Connect, Install, and Configure
System Setup Wizard
•
User name:
admin
•
Passphrase:
ironport
Step 3
You must immediately change the passphrase.
Step 4
Choose System Administration > System Setup Wizard.
If the appliance is already configured, you will be warned that you are about to reset the configuration.
To continue with the System Setup Wizard, click the Reset Configuration button. The appliance will
reset and the browser will refresh to the appliance home screen.
To continue with the System Setup Wizard, click the Reset Configuration button. The appliance will
reset and the browser will refresh to the appliance home screen.
Step 5
Read and accept the terms of the end-user license agreement.
Step 6
Click Begin Setup to continue.
Step 7
Configure all settings using the reference tables provided in the following sections as required. See
.
Step 8
Review the configuration information. If you need to change an option, click Edit for that section.
Step 9
Click Install This Configuration.
Step 10
Connect the appliance to Cisco Cloud Web Security for Hybrid Web Security policy communications:
a.
Click Register on the Web Policy Connectivity page of the System Software Wizard.
b.
Enter the authorization token you copied from the Cisco ScanCenter portal in the Enter
Authorization Key dialog box and then click Register.
Authorization Key dialog box and then click Register.
See
for more about obtaining an
authorization token.
for information about changing
this authorization token.
Upon successful registration, available security policies are downloaded from Cisco ScanCenter to
the Web Security appliance. See
the Web Security appliance. See
for
additional information.
A Next Steps page should appear once the configuration installed. However, depending on the IP, host
name, or DNS settings you configured during setup, you may lose connection to the appliance at this
stage. If a “page not found” error is displayed in your browser, change the URL to reflect any new
address settings and reload the page. Then continue with any post-setup tasks you wish to perform.
name, or DNS settings you configured during setup, you may lose connection to the appliance at this
stage. If a “page not found” error is displayed in your browser, change the URL to reflect any new
address settings and reload the page. Then continue with any post-setup tasks you wish to perform.
What to Do Next
If any CWS policies to be downloaded contain HTTPS rules or authentication group rules, it is important
that you configure HTTPS proxy settings, Authentication Realms and Identification Profiles on the WSA
shortly after the System Setup Wizard (SSW) finishes configuring Hybrid Web Security mode.
Conversion and download of any CWS policies containing HTTPS rules or authentication group rules
are skipped during WSA hybrid system set-up, and will be completed only after the WSA is set up in
hybrid mode, with HTTPS proxy, Authentication Realms and Identification Profiles configured. (The
conversion/download process is completed automatically, as CWS-to-WSA policy updates occur every
two minutes.)
that you configure HTTPS proxy settings, Authentication Realms and Identification Profiles on the WSA
shortly after the System Setup Wizard (SSW) finishes configuring Hybrid Web Security mode.
Conversion and download of any CWS policies containing HTTPS rules or authentication group rules
are skipped during WSA hybrid system set-up, and will be completed only after the WSA is set up in
hybrid mode, with HTTPS proxy, Authentication Realms and Identification Profiles configured. (The
conversion/download process is completed automatically, as CWS-to-WSA policy updates occur every
two minutes.)
In CWS, an authentication realm refers to SAML and EasyID. On the WSA, the types supported are
different and usually refer to NTLM (SAML is not yet supported on the WSA). If CWS rules have either
auth-user-name or authentication groups configured, you must configure authentication realms and
custom identification profiles with authentication enabled on the WSA.
different and usually refer to NTLM (SAML is not yet supported on the WSA). If CWS rules have either
auth-user-name or authentication groups configured, you must configure authentication realms and
custom identification profiles with authentication enabled on the WSA.
•
Configure HTTPS proxy settings: see
.