Cisco Cisco Web Security Appliance S170 사용자 가이드
27-4
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 27 System Administration
Support Commands
Remote Access
Use the Support and Help menu > Remote Access page to allow Cisco IronPort Customer Support
remote access to the Web Security appliance. Click Edit Remote Access Settings to allow Cisco
IronPort Customer Support to access the appliance.
remote access to the Web Security appliance. Click Edit Remote Access Settings to allow Cisco
IronPort Customer Support to access the appliance.
Figure 27-2
Remote Access Page
By enabling Remote Access you are activating a special account used by Cisco IronPort Customer
Support for debugging and general access to the system. This is used by Cisco IronPort Customer
Support for tasks such as assisting customers in configuring their systems, understanding configurations,
and investigating problem reports. You can also use the
Support for debugging and general access to the system. This is used by Cisco IronPort Customer
Support for tasks such as assisting customers in configuring their systems, understanding configurations,
and investigating problem reports. You can also use the
techsupport
command in the CLI.
When enabling the “Secure Tunnel,” the appliance creates an SSH tunnel over the specified port to the
server upgrades.ironport.com. By default this connection is over port 443, which will work in most
environments. Once a connection is made to upgrades.ironport.com, Cisco IronPort Customer Support
is able to use the SSH tunnel to obtain access to the appliance. As long as the connection over port 443
is allowed, this will bypass most firewall restrictions. You can also use the
server upgrades.ironport.com. By default this connection is over port 443, which will work in most
environments. Once a connection is made to upgrades.ironport.com, Cisco IronPort Customer Support
is able to use the SSH tunnel to obtain access to the appliance. As long as the connection over port 443
is allowed, this will bypass most firewall restrictions. You can also use the
techsupport tunnel
command in the CLI.
In both the “Remote Access” and “Tunnel” modes, a password is required. It is important to understand
that this is not the password that will be used to access the system. Once that password and the system
serial number are provided to your Customer Support representative, a password used to access the
appliance is generated.
that this is not the password that will be used to access the system. Once that password and the system
serial number are provided to your Customer Support representative, a password used to access the
appliance is generated.
Once the techsupport tunnel is enabled, it will remain connected to
upgrades.ironport.com
for 7 days.
After 7 days, no new connections can be made using the techsupport tunnel. If there are any existing
connections using the tunnel after 7 days, those connections will continue to exist and work. However,
once those connections are closed, they will not be able to open again because the techsupport tunnel
will have closed after 7 days. The timeout set on the SSH tunnel connection does not apply to the Remote
Access account; it will remain active until specifically deactivated.
connections using the tunnel after 7 days, those connections will continue to exist and work. However,
once those connections are closed, they will not be able to open again because the techsupport tunnel
will have closed after 7 days. The timeout set on the SSH tunnel connection does not apply to the Remote
Access account; it will remain active until specifically deactivated.
Packet Capture
Sometimes when you contact Cisco IronPort Customer Support with an issue, you may be asked to
provide insight into the network activity going into and out of the Web Security appliance. The appliance
provides the ability to intercept and display TCP/IP and other packets being transmitted or received over
the network to which the appliance is attached.
provide insight into the network activity going into and out of the Web Security appliance. The appliance
provides the ability to intercept and display TCP/IP and other packets being transmitted or received over
the network to which the appliance is attached.
You might want to run a packet capture to debug the network setup and to discover what network traffic
is reaching the appliance or leaving the appliance.
is reaching the appliance or leaving the appliance.