Upgrade Process for Secure Web Appliance

Available Languages

Download Options

  • PDF     (218.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (271.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (230.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:June 10, 2022
Document ID:217911

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the process to Upgrade Secure Web Appliance (WSA).

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Physical or Virtual WSA Installed
    • License activated or installed
    • Secure Shell (SSH) Client
    • Internet reachability for the WSA appliance
    • The setup wizard is completed
    • Administrative Access to the WSA
    • Check the release notes to find the upgrade path
    • Review the Compatibility Matrix for Cisco Secure Email and Web Manager
    • Check the release notes to find the latest features and defects for your target version
    • Check for any additional prerequisites on the release notes

    Components Used

    This document is not restricted to specific software and hardware versions.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    WSA is delivered with the least supported version. One of the first steps to be done once the appliance is installed is to get it upgraded to the right version that meets your environment. This document describes the steps required to get the appliance to the target version.

    Upgrade Process through WUI

    Review the Prerequisites section and go through these steps to upgrade from the current to the target release:

    1. Log in to the WSA Web User Interface (WUI) through admin credentials.

    2. From the main menu tab, choose System Administration, then click System Upgrade  as shown in this image.

    Select System UpgradeSelect System Upgrade

    3. Click the Upgrade Options as shown in this image.

    Select Upgrade OptionsSelect Upgrade Options

    4. From the Displayed settings, select Download and install or Download only as shown in this image.

    Select download and install, or download onlySelect download and install, or download only

    5. From the list of available upgrade images, select the target version as shown in the image.

    Select Upgrade versionSelect Upgrade version

    6. Select a method to save a backup for your configuration from the Upgrade Preparation section as shown in this image.

    Configuration Backup optionsConfiguration Backup options

    7. Click on Proceed.

    8. A progress bar shows the upgrade or download process. You can close the page and come back to it after the upgrade is completed.

    Upgrade progress status barUpgrade progress status bar

    Note: If you have upstream proxies, ensure to configure proxy settings on System Administration > Update and Upgrade Settings.

    Upgrade Process through CLI

    Review the Prerequisites section and go through these steps:

    1. Access the WSA Command Line Interface (CLI) through SSH Client.
    2. Type the command Upgrade.
    3. Some versions offer the options (otherwise move to step 5.):
      DOWNLOAD: Downloads the version, and you can go back through steps (1-3) and select INSTALL in order to install the version.
      DOWNLOADINSTALL: Downloads and installs the version in the same step.
      INSTALL:       Installs the version if it was downloaded before (This option is available if the version was downloaded before).
      STATUS: Displays the status of the download if the DOWNLOAD option was chosen previously.
    4. Select the appropriate option based on the current state of the upgrade.
    5. Select the target version.
    6. Press Enter key in order to start the upgrade process.
    7. After the upgrade is completed a reboot  is required to apply the upgrade.

    Verify

    Use this section to confirm that your configuration works properly.

    After the upgrade and restart are complete. Use the CLI command versionto verify the system is now on the correct target release.

    Troubleshoot

    This section provides information you can use to troubleshoot your configuration.

    The upgrade can fail due to multiple reasons; most of these issues are related to network connectivity or drops at the time of the upgrade process.

    Unable to Reach Update Servers

    WSA_CLI> upgrade
Choose the operation you want to perform:
- DOWNLOADINSTALL - Downloads and installs the upgrade image (needs reboot).
- DOWNLOAD - Downloads the upgrade image.
[]> download
1. AsyncOS 12.5.1 build 043 upgrade For Web, 2021-02-11, is a release available for General Availability
2. AsyncOS 12.5.2 build 007 upgrade For Web, 2021-07-08, is a release available for Maintenance Deployment
3. AsyncOS 12.5.2 build 011 upgrade For Web, 2021-09-16, is a release available for Maintenance Deployment
4. AsyncOS 12.5.3 build 002 upgrade For Web, 2021-11-22, is a release available for Maintenance Deployment
5. AsyncOS 12.5.4 build 005 upgrade For Web, 2022-04-26, is a release available for Maintenance Deployment
[5]> 1

Download error: http://updates.ironport.com/asyncos/coeus-12-5-1-043/hints/default/1

    The Error message is caused due to unable to reach the update servers.

    Verify the WSA appliance has the correct resolution for the update servers, for detailed steps review this article.

    Note: Attempt to upgrade from the WUI if the CLI fails or the SSH session times out.

    Note: Firewalls need to allow idle connections to stay active, especially for the upgrade process.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    10-Jun-2022
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Fuad Al Asouli
      Cisco TAC Engineer
    • Nik Kale
      Cisco TAC Technical Leader

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products