8-7
Cisco ASA Series Firewall CLI Configuration Guide
 
Chapter 8      ASA and Cisco Cloud Web Security
  Configure Cisco Cloud Web Security
hostname(config)# scansafe general-options
Step 2 Configure the primary and secondary Cloud Web Security proxy servers.
server primary {ip ip_address | fqdn fqdn} [port port]
server backup {ip ip_address | fqdn fqdn} [port port]
Example 
hostname(cfg-scansafe)# server primary ip 192.168.43.10
hostname(cfg-scansafe)# server backup fqdn server.example.com
When you subscribe to the Cisco Cloud Web Security service, you are assigned primary and backup 
Cloud Web Security proxy servers. Enter their IP addresses (ip), or fully-qualified domain names (fqdn), 
on these commands.
By default, the Cloud Web Security proxy server uses port 8080 for both HTTP and HTTPS traffic; do 
not change this value unless directed to do so.
Step 3 (Optional.) Configure the number of consecutive polling failures to the Cloud Web Security proxy server 
before determining the server is unreachable. 
retry-count value 
Example
hostname(cfg-scansafe)# retry-count 2
Polls are performed every 30 seconds. Valid values are from 2 to 100, and the default is 5.
Step 4 Configure the authentication key that the ASA sends to the Cloud Web Security proxy servers to indicate 
from which organization the request comes. 
license hex_key 
Example
hostname(cfg-scansafe)# license F12A588FE5A0A4AE86C10D222FC658F3 
The authentication key is a 16-byte hexidecimal number. It can be a company or group key.
Step 5 (Multiple context mode only.) Switch to each context where you want to use the service and enable it.
scansafe [license hex_key] 
Example
hostname(config)# changeto context one 
hostname/one(config)# scansafe 
You can optionally enter a separate authentication key for each context. If you do not include an 
authentication key, the one configured for the system context is used.
Examples
The following example configures a primary and backup server:
scansafe general-options
 server primary ip 10.24.0.62 port 8080
server backup ip 10.10.0.7 port 8080
 retry-count 7
 license 366C1D3F5CE67D33D3E9ACEC265261E5