Upgrade SWA, ESA, SMA Locally

Available Languages

Download Options

  • PDF     (163.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (210.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (158.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:August 26, 2021
Document ID:117804

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the process to upgrade Cisco Secure Web Appliance (SWA) and Cisco Email Security Appliance (ESA) locally.

    Prerequisites

    Cisco recommends that you have knowledge of these topics:

    • Basic knowledge of SWA, ESA, SMA administration.
    • Basic knowledge of web server configuration.

    To perform the local upgrade you need:

    • A Web Server accessible from SWA.

    • Admin access to SWA, ESA or SMA.
    note-icon

    Note: The local upgrade process only performs Async OS upgrades. it does NOT apply to service engine updates.

    Components Used

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    At times, when the network is congested, attempts to upgrade the SWA or the ESA, SMA, via Internet cab fail. For example, if there is an available upgrade for an appliance, the AsyncOS downloads it and installs it simultaneously. However, if the network is congested, the download can hang and the upgrade fails. In scenarios such as these, one available option is to upgrade the SWA or the ESA locally.

    Upgrades for Appliances that Run AsyncOS Versions 10.0 and Later

    In order to upgrade appliances that run AsyncOS Versions 10.0 and later, you must download the AsyncOS upgrade and then apply it to the appliance from a local web server, such as Microsoft Internet Information System (IIS) or Apache server.

    Download the AsyncOS Upgrade

    Complete these steps in order to download the AsyncOS upgrade:

    Step 1. Navigate to the Fetch a Local Upgrade Image page.

    Step 2. Enter the appropriate serial number(s) for physical devices or VLN and model for virtual devices. Separate the serial numbers with commas if there are more than one.

    It must be a valid serial or VLN.

    a) The machine it is downloaded for, must the be the same it is given to.

    b) The manisfest file holds a hash for the VLN or the serial number as part of the authentication process used offline

    Note:The device serial, release tag and model can be determined by logging into the CLI and typing "version". For virtual device VLN details use CLI command "showlicense".

    Step 3. In the Base Release Tag field, enter the current version of the appliance with this format:

    • For the SWA: coeus-x-x-x-xxx (coeus-10-5-1-296, for example)
    • For the ESA: phoebe-x-x-x-xxx (phoebe-10-0-0-203, for example)
    • For the SMA: zeus-x-x-x-xxx (zeus-10-1-0-037, for example)

    Click Fetch Manifest  to view the list of the possible upgrades for the specified serial number(s) or VLN.

    Step 4. In order to download the upgrade, click the release package of the version to which you want to upgrade your appliance.

    Note: This package contains the necessary XML file inside of the zip file that is prepared for the serial number(s) that you entered.

    Step 5. Extract the downloaded package on your Web server.

    Step 6. Verify that the directory structure is accessible and looks similar to this:

    For the SWA

    asyncos/coeus-10-5-1-296/app/default/1
    asyncos/coeus-10-5-1-296/distroot/default/1
    asyncos/coeus-10-5-1-296/hints/default/1
    asyncos/coeus-10-5-1-296/scannerroot/default/1
    asyncos/coeus-10-5-1-296/upgrade.sh/default/1


    For the ESA

    asyncos/phoebe-10-0-0-203/app/default/1
    asyncos/phoebe-10-0-0-203/distroot/default/1
    asyncos/phoebe-10-0-0-203/hints/default/1
    asyncos/phoebe-10-0-0-203/scannerroot/default/1
    asyncos/phoebe-10-0-0-203/upgrade.sh/default/1

    Note: In this example, 10.5.1-296 for SWA and 10.0.0-203 for ESA are the target versions. You are not required to browse the directory at your HTTP server.

    Upgrade the Appliance

    Complete these steps in order to configure the SWA, ESA to use the local upgrade server:

    Step 1. Navigate toSecurity Services > Service Updatesand clickEdit Update Settings.

    Step 2. Beside theUpdate Servers (images)configuration, click theLocal Update Serversradio button. Change theBase URL (IronPort AsyncOS upgrades)setting to your local upgrade server and appropriate port (local.upgrade.server:80, for example).

    Web Security Appliance (WSA) and the Cisco Email Security Appliance (ESA) AsyncOS Upgrades - Manifest File URL

    Step 3. Choose theLocal Update Serversoption beside theUpdate Servers (list)configuration and enter the full URL for the manifest file (http://upgradeServer.local/asyncos/phoebe-10-0-3-003.xml, for example).

    Web Security Appliance (WSA) and the Cisco Email Security Appliance (ESA) AsyncOS Upgrades - Base URL Setting

    Step 4. Once you are finished, submit and commit the changes.

    Step 5. Use the normal upgrade process to download and install the image from the local server.

    Revision History

    Revision Publish Date Comments
    1.0
    26-Aug-2021
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Jaki Hasan
      Cisco TAC Engineer
    • Robert Sherwin
      Cisco TAC Engineer
    • Amirhossein Mojarrad
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products