簡介
本文說明如何排解安全電子郵件閘道(SEG)下一代GUI中的錯誤「API伺服器未啟動或無法連線」。
必要條件
從AsyncOS 11.4開始,再到用於安全管理裝置(SMA)的AsyncOS 12.x,Web使用者介面(UI)經歷了重新設計以及資料的內部處理。
需求
思科建議您瞭解以下主題:
- 安全電子郵件閘道(SEG)
- 安全管理裝置(SMA)
- Web使用者介面(UI)訪問
採用元件
- 11.4版或更高版本上的SEG
- 12.x版或更高版本上的SMA
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
問題
無法訪問下一代Web介面並獲取錯誤「API伺服器未啟動或無法訪問」。
解決方案
步驟 1.驗證是否已在安全電子郵件網關/安全管理裝置的管理IP中啟用AsyncOS API HTTPS
注意:對於Cisco Secure Email Cloud Gateway,請聯絡TAC以檢視IP配置。
sma.local> interfaceconfig
Currently configured interfaces:
1. Management (10.31.124.134/26 on Management: esa14.mexesa.com)
Choose the operation you want to perform:
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]> edit
Enter the number of the interface you wish to edit.
[]> 1
IP interface name (Ex: "InternalNet"):
[Management]>
Would you like to configure an IPv4 address for this interface (y/n)? [Y]>
IPv4 Address (Ex: 192.168.1.2 ):
[10.31.124.134]>
Netmask (Ex: "24", "255.255.255.0" or "0xffffff00"):
[0xffffffc0]>
Would you like to configure an IPv6 address for this interface (y/n)? [N]>
Ethernet interface:
1. Management
[1]>
Hostname:
[sma.local]>
Do you want to configure custom SMTP Helo to use in the SMTP conversation? [N]>
Do you want to enable SSH on this interface? [Y]>
Which port do you want to use for SSH?
[22]>
Do you want to enable FTP on this interface? [N]>
Do you want to enable Cluster Communication Service on this interface? [N]>
Do you want to enable HTTP on this interface? [Y]>
Which port do you want to use for HTTP?
[80]>
Do you want to enable HTTPS on this interface? [Y]>
Which port do you want to use for HTTPS?
[443]>
Do you want to enable Spam Quarantine HTTP on this interface? [N]>
Do you want to enable Spam Quarantine HTTPS on this interface? [N]>
Do you want to enable AsyncOS API HTTP on this interface? [N]>
Do you want to enable AsyncOS API HTTPS on this interface? [N]> Y
步驟 2.確認主機名配置
確保裝置主機名未在任何其它配置或裝置中使用,運行sethostname命令以驗證它或更改配置(如果需要)。
sma.local> sethostname
[sma.local]>
步驟 3.驗證網路訪問
對於下一代GUI,需要允許先行器和埠443。
運行命令trailblazerconfig status。
sma.local> trailblazerconfig status
trailblazer is not running
sma.local> trailblazerconfig enable
trailblazer is enabled.
步驟 4.訪問下一代GUI
訪問下一代Web介面。
如果問題仍然存在,請與Cisco TAC聯絡。
相關資訊