Cisco Cisco Web Security Appliance S160 Nota De Lançamento
4
Release Notes for the June 25, 2015 SSH Vulnerability Patch for Cisco Content Security Virtual Appliances
Installation Instructions
Would you like to email the current configuration before upgrading?
[N]>
Performing an upgrade may require a reboot of the system after the upgrade is applied.
You may log in again after this is done. Do you wish to proceed with the upgrade?
[Y]>
Checking if 'Cisco-Ironport SSH Keys Vulnerability' patch is required
'Cisco-Ironport SSH Keys Vulnerability' patch is required
'Cisco-Ironport SSH Keys Vulnerability' patch applied
Upgrade will be complete after this mandatory reboot.
Upgrade installation finished.
Reboot takes about 20 minutes to complete. Do not interrupt power to the appliance during
this time.
Are you sure you want to reboot?
[N]> y
System shutting down. Please wait while the system services are stopped...Connection to
<your wsa> closed by remote host.
Connection to <your wsa> closed.
The appliance will now reboot.
After Installation
After installing the patch:
•
Perform all of the activities you would normally do after an upgrade. See the release notes and the
online help or user guide for your release.
online help or user guide for your release.
•
Remove the existing entry for your appliance from the known hosts list in your ssh utility. Then ssh
to the appliance and accept the connection with the new key.
to the appliance and accept the connection with the new key.
•
If you use SCP push to transfer logs to a remote server (including Splunk): Clear the old SSH host
key for the appliance from the remote server.
key for the appliance from the remote server.
•
On Security Management appliances:
–
Use the
logconfig > hostkeyconfig > delete
CLI command as many times as needed to
clear the old key associated with each managed ESA and WSA virtual appliance.
–
Re-establish the connection to each managed appliance and (if applicable) reassign each
managed appliance to the appropriate configuration master:
managed appliance to the appropriate configuration master:
1. Go to Management Appliance > Centralized Services > Security Appliances and click the link
for an appliance in the list.
for an appliance in the list.
2. Click Establish Connection.