AUS Page
The AUS page lets you configure remote updating of a security appliance from a server that supports the Auto Update specification. Auto Update applies configuration changes and software updates to the appliance automatically from the remote server.
Note |
The server you identify on this page must be the same server you identify in the Auto Update section of the Device Properties (from the Tools menu, choose Device Properties). The Device Properties information identifies the AUS server to which Security Manager sends configuration updates, whereas the information on this page defines for the server the device will contact for updates. Also, the Device Identity you provide in the Device Properties must match the Device ID on this page. |
If you change AUS servers, note that the device will continue to use the AUS server defined in its current configuration until it receives a new configuration. Thus, you should change the AUS policy but deploy the configuration using the previous AUS server. After deployment is successful, change the Device Properties to point to the new server. For more information on deploying to AUS, see Deploying Configurations Using an Auto Update Server or CNS Configuration Engine.
Navigation Path
-
(Device view) Select
from the Device Policy selector. -
(Policy view) Select
from the Policy Type selector. Select an existing policy from the Shared Policy selector, or create a new one.
Related Topics
Field Reference
Element |
Description |
||
---|---|---|---|
Auto Update Servers table |
This table lists currently configured Auto Update servers. Use the buttons below the table to manage these entries. The entries are listed in order of precedence for contacting AUS servers. Use the Up and Down arrow buttons to change the ordering of the list by moving the selected entry up or down. Use the Add Row, Edit Row, and Delete Row buttons to add, edit or delete entries. Add Row opens the Add Auto Update Server dialog box, while Edit Row opens the Edit Auto Update Server dialog box for the selected row. See Add and Edit Auto Update Server Dialog Boxes for information about these dialog boxes.
|
||
Device ID Type |
Choose the method used for identifying this device to the AUS server:
|
||
Poll Type |
Choose the method defining how often the AUS server is polled for updates:
Randomization Window – The maximum number of minutes the device can use to randomize the specified polling time; valid values are 1 to 1439. |
||
Retry Count |
The number of times the device will try to poll the AUS server for new information. Optional; if you enter zero or leave this field blank, the device will not retry after a failed poll attempt. |
||
Retry Period |
If Retry Count is not zero or blank, the number of minutes the device will wait to re-poll the AUS server if the previous attempt failed; valid values are 1 to 35791. If Retry Count is not zero or blank and you leave this field blank, the value defaults to five minutes. |
||
Disable Device After: |
Selecting this option ensures that if no response is received from the AUS server within the specified Timeout period, the security appliance will stop passing traffic.
|
Add and Edit Auto Update Server Dialog Boxes
Use the Add Auto Update Server dialog box to configure a new AUS server definition. The security appliance will automatically poll this server for image and configuration updates.
The Auto Update specification allows the Auto Update server to either push configuration information and send requests for information to the security appliance, or to pull configuration information by causing the security appliance to periodically poll the Auto Update server. The Auto Update server can also send a command to the security appliance to send an immediate polling request at any time. Communication between the Auto Update server and the security appliance requires a communications path and local CLI configuration on each security appliance.
Note |
The URL for contacting this AUS server is produced by concatenating the Protocol ://Username :Password @IP IP Address (:Port )/Path provided in these dialog boxes. The Port is included only if you entered a port number other than the default 443. |
With the exception of the title, the Edit Auto Update Server dialog box is identical to the Add Auto Update Server dialog box. The following descriptions apply to both.
Navigation Path
You can access the Add and Edit Auto Update Server dialog boxes from the AUS Page.
Field Reference
Element |
Description |
||
---|---|---|---|
Protocol |
The protocol used to communicate with the AUS server; choose http or https.
|
||
IP Address |
Enter the IP address or Select a Networks/Hosts object representing this AUS server. |
||
Port |
Enter the number of the port on which communications with the AUS server take place. Defaults to 80 if http is chosen as the Protocol, and to 443 if https is chosen. If you enter an arbitrary port number, be sure the AUS server is configured to use the same port. |
||
Path |
The path to AUS services on the server. The standard path is autoupdate/AutoUpdateServlet ; change this to admin/auto-update only if the AUS server host is an ASA. |
||
AUS Interface |
Enter or Select the interface to use when polling the Auto Update server. |
||
Verify Certificate |
Select this option to require SSL verification from the AUS server. The certificate returned by the server will be checked against Certification Authority (CA) root certificates. This requires that the AUS Server and this device use the same Certification Authority. |
||
Username |
Enter a user name to be used for AUS authentication (optional). |
||
Password |
Enter the password to be used for AUS authentication (optional). |
||
Confirm |
Re-enter the password (optional). |