25-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Configuring Cisco Cloud Web Security
Detailed Steps
Examples
The following example configures a primary and backup server:
scansafe general-options
server primary ip 10.24.0.62 port 8080
server backup ip 10.10.0.7 port 8080
retry-count 7
license 366C1D3F5CE67D33D3E9ACEC265261E5
(Multiple Context Mode) Allowing Cloud Web Security Per Security Context
In multiple context mode, you must allow Cloud Web Security per context. See the “Configuring a
Security Context” section on page 6-19 in the general operations configuration guide.
Command Purpose
Step 1
scansafe general-options
Example:
ciscoasa(config)# scansafe general-options
Enters scansafe general-options configuration mode.
Step 2
server primary {ip ip_address | fqdn fqdn}
[port port]
Example:
ciscoasa(cfg-scansafe)# server primary ip
192.168.43.10
Configures the fully qualified domain name or IP address of the
primary Cloud Web Security proxy server.
By default, the Cloud Web Security proxy server uses port 8080
for both HTTP and HTTPS traffic; do not change this value unless
directed to do so.
Step 3
server backup {ip ip_address | fqdn fqdn}
[port port]
Example:
ciscoasa(cfg-scansafe)# server backup fqdn
server.example.com
(Optional) Configures the fully qualified domain name or IP
address of the backup Cloud Web Security proxy server.
By default, the Cloud Web Security proxy server uses port 8080
for both HTTP and HTTPS traffic; do not change this value unless
directed to do so.
Step 4
retry-count value
Example:
ciscoasa(cfg-scansafe)# retry-count 2
(Optional) Enters the value for the number of consecutive polling
failures to the Cloud Web Security proxy server before
determining the server is unreachable. Polls are performed every
30 seconds. Valid values are from 2 to 100, and the default is 5.
See the “Failover from Primary to Backup Proxy Server” section
on page 25-6.
Step 5
license hex_key
Example:
ciscoasa(cfg-scansafe)#
license F12A588FE5A0A4AE86C10D222FC658F3
Configures the authentication key that the ASA sends to the Cloud
Web Security proxy servers to indicate from which organization
the request comes. The authentication key is a 16-byte
hexidecimal number.
See the “Authentication Keys” section on page 25-3.