Cisco Cisco Web Security Appliance S170 사용자 가이드
C O N F I G U R I N G U P G R A D E A N D S E R V I C E U P D A T E S E T T I N G S
C H A P T E R 2 2 : S Y S T E M A D M I N I S T R A T I O N
519
C O N F I G U R I N G U P G R A D E A N D S E R V I C E U P D A T E S E T T I N G S
You can configure how the Web Security appliance downloads security services updates,
such as Web Reputation Filters and AsyncOS for Web upgrades. For example, you can choose
which network interface to use when downloading the files, configure the update interval. or
disable automatic updates.
such as Web Reputation Filters and AsyncOS for Web upgrades. For example, you can choose
which network interface to use when downloading the files, configure the update interval. or
disable automatic updates.
AsyncOS periodically queries the update servers for new updates to all security service
components, but not for new AsyncOS upgrades. To upgrade AsyncOS, you must manually
prompt AsyncOS to query for available upgrades. You can also manually prompt AsyncOS to
query for available security service updates. For more information, see “Manually Updating
Security Service Components” on page 525.
components, but not for new AsyncOS upgrades. To upgrade AsyncOS, you must manually
prompt AsyncOS to query for available upgrades. You can also manually prompt AsyncOS to
query for available security service updates. For more information, see “Manually Updating
Security Service Components” on page 525.
When AsyncOS queries an update server for an update or upgrade, it performs the following
steps:
steps:
1. Contacts the update server.
IronPort allows the following sources for update servers:
• IronPort update servers. For more information, see “Updating and Upgrading from the
• Local server. For more information, see “Upgrading from a Local Server” on page 520.
2. Receives an XML file that lists the available updates or AsyncOS upgrade versions. This
XML file is known as the “manifest.”
3. Downloads the update or upgrade image files.
By default, AsyncOS contacts the IronPort update servers for both update and upgrade images
and the manifest XML file. However, you can choose from where to download the upgrade
and update images and the manifest file. You might want to specify a local update server for
the images or manifest file for any of the following reasons:
and the manifest XML file. However, you can choose from where to download the upgrade
and update images and the manifest file. You might want to specify a local update server for
the images or manifest file for any of the following reasons:
• You have multiple appliances to upgrade simultaneously. If your organization has
multiple Web Security appliances that need to upgrade, you can download the upgrade
image to a web server inside your network and serve it to all appliances in your network.
image to a web server inside your network and serve it to all appliances in your network.
• Your firewall settings require static IP addresses for the IronPort update servers. The
IronPort update servers use dynamic IP addresses. If you have strict firewall policies, you
may need to configure a static location for updates and AsyncOS upgrades. For more
information, see “Configuring a Static Address for the IronPort Update Servers” on
page 520.
may need to configure a static location for updates and AsyncOS upgrades. For more
information, see “Configuring a Static Address for the IronPort Update Servers” on
page 520.
Note — Only use a local update server for upgrade images, not update images. When you
specify a local update server, the local server does not automatically receive updated security
service updates from IronPort, so the appliances in your network eventually become out of
date. Use a local update server for upgrading AsyncOS, and then change the update and
upgrade settings back to use the IronPort update servers so the security services update
automatically again.
specify a local update server, the local server does not automatically receive updated security
service updates from IronPort, so the appliances in your network eventually become out of
date. Use a local update server for upgrading AsyncOS, and then change the update and
upgrade settings back to use the IronPort update servers so the security services update
automatically again.