2 ironports email security appliance redundancy

Similar Messages

• Cisco Email Security Appliance (ESA) - Reporting

  In previous versions on ESA you could export data and reports in CSV formats using an API. Is that still available?
  >From the following document :
  IRONPORT ASYNCOS 6.4 REPORTING API FOR IRONPORT APPLIANCES
  REPORTING API OVERVIEW
  The Reporting API feature allows you to download the same data collected by the Email Security Monitor component of the IronPort Email Security appliance or Security Management appliance in a comma separated value (CSV) format. This format allows users to integrate the IronPort appliance's data gathering capabilities into other IT and business reporting systems. 
  DOWNLOADING REPORTING DATA
  You can retrieve the data used to build the charts and graphs in the Email Security Monitor feature via HTTP. This is useful if you plan to perform further analysis on the data via other tools. The data is available in standard comma separated value (CSV) format. The easiest way to get the HTTP query you will need is to configure one of the Email Security Monitor pages to display the type of data you want. You can then simply click the Export... link to initiate the download process.

  It went away, there's a new one (RESTful) in 9.0/9.1
  http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-0/ESA_API_1-0_Getting_Started_Guide.pdf

• Cisco Ironport Email Security inline with Microsoft Forefont

  Hi,
  We are going to deploy Cisco C370 Email security appliance as new email relay in our DMZ. Currently Microsoft Forefont is already doing the same functionality and new Ironport email security appliance will be added as 1st layer of email security. 
  I would like to know what are the changes that we should consider in this deployment in order to forward mail to Forefont, is there any specific configuration on both products and what is the best method of deployment etc.
  Also I would appreciate if there is any Cisco/Microsoft documentation available for such deployment senario.
  thanks in advance.

  Hello pemasirid,
  as far as I can see from your description is that you add the ESA C370 as an additional gateway, so I would say there is little you need to change in your current network design. As this is all about SMTP getting forwarded, you basically just need to take care of the following things:
  On Forefront: Allow injections from the ESA(s) and forward all outbound messages to the ESA
  On the ESA(s): Insert the Forefront IPs into the RELAYLIST of the private listener to allow outbound messages. Also set up an SMTP route to forward inbound messages to the Forefront server.
  Also change public DNS to point to the public IPs of the ESAs, in case they are different from what you have used before
  A good starting point for deploying would be the Quickstart Guide for C370, that you can find in the support section for email security on Cisco.com. Also, the user guide, which is also available on the GUI of every email appliance (GUI: Help and Support -> Online Help).
  Hope that helps,
  Andreas

• About CPU utilization value of ironport C370 email-security-appliance

  Hello all,
  What is the normal / abnormal value for the following parameters of ironport C370 email-security-appliance ?
  total active recipients
  active messages in work queue
  CPU utilization

  Each appliance would be a little different based on the expected mail processing, throughput for your environment/domains... and then throw in which processes you have turned up (IPAS, AV, VOF, etc.)...
  Typical C370 (running 8.0.1) should be able to handle:
  1. ~18 +/- recipients/sec
  2. average workqueue ~ 462 
  3. average CPU utilization of ~ 91%
  The #s vary, again, based on what you have enabled and licensed.  You would be well suited to open a dialog with your Sales Ops/Account team, as they have means to determine the proper numbers and outcomes for your environment.
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• Ironport web security appliance

  Hi,
  Just want to check if the IRONPORT
  S series web security appliances support
  failover/clustering of 2 boxes.
  thanks,

  Each Cisco IronPort web security appliance can be configured as a standalone proxy or to co-exist with other proxies (such as in a proxy hierarchy for conditional routing, failover and load balancing

• Ironport C170 Email Security Appliance - No Upgrades Available Error

  Hi All,
  I have a pair of IronPort ESA C170  with Async OS version 7.6.2-014. one of them displayed two versions that are available for upgrade:
  7.6.3 & 8.0.1; however , the other appliance displays "Error - no available upgrades". 
  So we tried to open the link : http://updates.ironport.com/fetch_manifest.html 
  updated the serial number information for the first one and it displayed the two versions ( 7.6.3 & 8.0.6 ) successfully and it didn't display anything when i put the serial number of the second appliance.
  The Problem clearly that we cant upgrade the second appliance.
  So Appreciate to share your experience on this.
  Thanks,

  You will need to open a support case so that we can get your serial number of the appliance, review to make sure it is in the correct upgrade provisioning group, and then also work with you direct to assure that you have the correct network settings to reach the updater servers.  
  You should be able to open a telnet session from the CLI on the appliance(s) to downloads.ironport.com on port 80, update-manifests.ironport.com on port 443...
  8.0.1 is the latest GA release - and will be the last available hop in upgrade paths.  So, if the appliance is on 8.0.1, then there will be no further upgrade availability currently for the appliance.  If you are needing to get to 8.5, which is FCS, you'll need to request provisioning through a support request.
  -Robert

• Command line installation options for Ironport Email Security Plug-in

  We're getting ready to implement email encryption with our C160.  I want to deploy the Outlook plug-in to my users using SCCM.  According to the administrator guide I should be able to do this however I have downloaded the current version of the plug-in and it doesn't seem to support the command line options described in the administrator guide.  Specifically the /f1 switch (page 3-17 of admin guide) used to pass the setup.iss file doesn't work.  This command is then referenced to be used for the distribution package in SCCM.  I'm trying to use CiscoEmailSecurity-7-1-1-002.exe.
  Am I missing something?  Or has something changed in the deployment method?  Thanks for your help.

  Hi Scott,
  Can you include the exact syntax your using?
  it should look like this,
     Start /w CiscoEmailSecurity_7-1-1-002.exe /s /v /qn /f1"J:\install_711002.iss
  Christopher C Smith
  CSE
  Cisco IronPort Customer Support

• How to migrate IronPort email security from C350 (6.5) to C370 (7.6)

  Hello
  i have two IP C350 running ios version 6.5, in a cluster mode and would need to know what would be the best (and quickest) way to replace existing units and migrate current configuration from both IPs and have established cluster again.
  Old IPs are C350, running AsyncOS 6.5.3-007. New units are two C370, running IOS AsyncOS 7.6.1
  If there is any how-to with steps required that you guys are aware of and would like to share would be awesome.
  Appreciated.

  I have completed upgraded of the one ironport out of two. I had issues with clustering since i run upgrade from the GUI (GUI inform you that it would need to disconnect the unit from the cluster in order to perform the upgrade).
  Answering Yes to this the upgrade starts and finishes with no issue. But when you try to migrate config from old unit to the new unit, whole bunch of messages pops out related to cluster, ports, Ethernet, etc. And i put netwrok config part from new unit to the config.
  The CLI at the old unit shows that unit is disconnected from the cluster and not removed, so command to remove the unit from the cluster was issued. After reboot, i export the config from the old unit, made changes to the network part (ports, ethernet, MAC address) and import the config into new unit with no issues.
  Now, i have one new unit handling email and one old unit waiting for replacement. No cluster existis between these units at this point.
  So, for second unit, i will do:
  from CLI remove old unit from the cluster.
  run the upgrade
  reboot
  export configuration and make changes to the network part.
  import config to the new unit and cross fingers (the cross finger method works very well from time to time).
  recreate a cluster.
  Will update the thread once all is done.

• BUG #CSCur27131 - Evaluation of CVE-2014-3566 on Cisco Email Security Appliance

  I have raised a support case with TAC to try and get more information on the preferred config as well as what Ciphers then become available. Points raised in the support case are as follows:
  Current config based from existing artilce pre-POODLE > MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
  Should the new config be > MEDIUM:HIGH:-SSLv2:-SSLv3:-aNULL:@STRENGTH
  Use of strength meaning that the Ciphers are ordered and presented strongest to weakest as negotiation should occur at the first mutually accepted cipher.
  What are the TLSv1 Ciphers used by Ironport (verify under sslconfig CLI appears only to list SSL ciphers)
  Finally, does the Ironport support or plan to support in the future TLSv1.1 and TLSv1.2 ciphers?
  Response from TAC so far is the same as the referenced article - https://tools.cisco.com/bugsearch/bug/CSCur27131 which doesn't address all my points
  Paul

  Negating SSLv2 and SSLv3 in the cipher suite has no effect as long as only enabled TLSv1 is enabled.
  And reordering ciphers by strength won't bring anything since the client's ciphers order will always be preferred.
  Also, MD5 should be disabled as it's widely considered too weak for the job.
  My recommendation would be to use the following suite > HIGH:MEDIUM:!aNULL:!MD5

• Block and Unblock the .zip and .rar files based on doamin or user account base on incoming mails with ironport email security.

  Hi All,
  Request you all to help me out in blocking/dropping only the attachments with the extension .rar and .zip in incoming mails for particular users or domains.
  as of now I have did for all the domains or users.However, I want to unblock it only for some particular/specific users and for rest it should block.
  kindly help me with the steps to do the configuration.
  Thanks a ton in advance
  Regards,
  LRN

  It sounds like you just need to use different incoming mail policies per group of individuals you want to block/drop .rar and .zip and those which you don't want this to happen.
  The fact that you want a specific group to be allowed receipt of these and everyone else should have these blocked I would recommend creating an additional incoming mail policy that does NOT have a content filter that performs this blocking.  Add the appropriate users to this incoming mail policy.  Then create a incoming content filter that does this dropping of .rar and .zip files and apply this to the Default Incoming Mail Policy.
  The content filter in this situation would not need a condition, just a action of strip attachments by file info , filename contains  .rar or .zip
  Here is a useful regex for the content filter action:  (?i)\.(zip|rar)
  Hope this helps!
  Steve

• Email Security Plug-in - Doesn't seem to work with right click or save and send

  I've searched the knowledge base but have not located the answer yet.
  We have the Encrypt Message plug-in installed to flag the email [SEND SECURE].  This works very well when in Outlook.  It does not seem to work when right clicking a file to send outside of Outlook or performing Save and Send from within Microsoft Office.  The add-in still shows and users are clicking it and the Send button but the emails are not going securely.  We are on Microsoft2010 on mostly XP machines.
  How can I get Encrypt Message to work in all instances?
  Thank you.
  Starla

  Andreas
  I am getting an error.  See below for what I'm choosing and the response.  let me know if I'm supposed to be trying to download from another area.
  Thanks
  Starla
  Email Security Plug-in - Doesn't seem to work with right click or save and send
  Cisco IronPort Email Security Appliance C370
  Release:IPAS
  Filename: CiscoEmailSecurity_7-2-0-039.exe
    Remove
  Details
  Release
  IPAS
  Filename
  CiscoEmailSecurity_7-2-0-039.exe
  Release Date
  25/Oct/2011
  Description
  Cisco IronPort Email Security Plug-in (Outlook)
  Size
  32541.84375 KB (33322848 bytes)
  Router Checksum
  0x553f
  MD5
  f0c864697d9e1a3e8f5297062943ac50
  Email Security Plug-in - Doesn't seem to work with right click or save and send
  Save the device to 'My Added Devices' list
  More Info
  'My Added Devices' list could be found by: 1. Clicking on 'My Cisco' Tab and expanding
      the 'Added Devices' section. 2. Selecting any task specific product
     selector and clicking on 'My Added
      Devices' in left pane.
  Email Security Plug-in - Doesn't seem to work with right click or save and send
  Set Cisco Notification Alert
  More Info
  All 'Cisco Notification Alerts' list could be found
  by: 1. Clicking on 'My Cisco' Tab and expanding
      the 'Support Notifications' section.
  Cisco service contract information indicates you are not authorized to download software for the following product(s):
  Cisco IronPort Email Security Appliance C170
  Cisco IronPort Email Security Appliance C370
  Cisco IronPort Email Security Appliance C650
  To download software for other product(s), remove the software for the product(s) listed above.
  Or, if you feel this message is in error, please:
  1. Email technical support for 24x7 assistance. To expedite your request, please include the following information:
           User ID (Cisco.com ID used to download software)
           Contact Name
           Company Name
           Contract Number
           Product ID
           Desired Software Release or File Name
  2. Contact your Cisco Representative, Partner or Reseller to ensure product(s) listed above are covered on a service contract. The Partner Locator link may assist in locating your nearest partner.
  3. Associate contracts for those products to your Cisco.com profile using the Instructions found in Profile Manager. After you submit your additional contracts, verification and updates may take up to 6 hours to complete.

• Encryption is now part of the Email Security forum

  With the release of AsyncOS 5.5.0 for Email, the encryption feature is integrated into the Email Security Appliance. We've integrated the Encryption forum into the Email Security forum to reflect this change.

  Setting up encryption to be applied to outbound email that gets relayed through the Ironport appliance is quick and straight-forward. In a matter of minutes, you can get this feature up and running. Contact Ironport technical support if you have any questions or comments on how to use the encryption feature.
  With the release of AsyncOS 5.5.0 for Email, the encryption feature is integrated into the Email Security Appliance. We've integrated the Encryption forum into the Email Security forum to reflect this change.

• Probleme avec IronPort Email & Reputation

  http://www.senderbase.org/senderbase_queries/detailip?search_string=81.252.163.132
  Bonjour,
  J'ai un souci avec ma réputation sur ce site, alors que je ne suis blacklisté nul part !
  Comment faire pour changer celà ?
  Merci.

  Hello Cedric,
  I did a quick check across the common blacklists, and seems none of them has blacklisted you. As for Senderbase, (which is not a blacklist as it only scores sender IPs and -ranges), your current score is slightly negative, so make sure to have an eye on the traffic that goes trough your Email Security Appliance's, as you are most likely sending spam. Thus, make sure you configure you listeners and HAT to accept outbound traffic (emails from internal to the Internet) only from selected hosts, and not your whole intranet IP range. Otherwise, infected PCs would be able to send spam trough your public IP.
  Hope that helps,
  Andreas

• Email security and AMP ( Sourcefire ) integration

  Hi,
  According to public release from cisco :
  http://newsroom.cisco.com/release/1354516/Cisco-Adds-Advanced-Malware-Protection-to-Web-and-Email-Security-Appliances-and-Cloud-Web-Security?utm_medium=rss
  There is now integration of AMP into the email and web appliance. I cannot find any information regarding versions or licenses needed to take advantage of this functionality. If customer is sitting on a Sophos license today for example, will AMP be an addon or replacement of this license ?
  Any info is appreciated.

  Hi Daniel,
  We announced the software integration at RSA last week. It will be available as a feature in the next 2 to 4 weeks as FCS code (First Customer Ship.) It will be a separate software license for the cloud inspection and a separate license for the cloud sandboxing. It will not be included in any existing licenses. This is the upcoming 8.5.5 version of AsyncOS.
  In the mail pipeline it will come after Anti-Spam and Anti-Virus engines and before Content Filters and Outbreak Filters. You will be able to do Content Filter inspections and actions based on AMP results.
  Also at RSA we announced the integration of Web Categorization and Web Reputation technology from the WSA into the ESA. This will be included as part of the Outbreak Filters license. Web Reputation is embedded into the anti-spam engine and Outbreak Filters. Web Categorization is available as a condition and as an action in Content Filters. You can do actions such as defang, re-write to Proxy, or replace URL with text or any other Content Filter action such as drop or quarantine messages with Adult or Pornographic category URLs. This is the 8.5.0 version of AsyncOS and is available today as FCS code.
  Please work with Cisco TAC to have your devices provisioned for 8.5.0 FCS code if you wish to test.
  Thanks,
  Raymond Jett
  Technical Marketing Engineer
  Email Security Products

• Configure Encryption Notifcation Templates for IronPort Email Encryption

  We are running a Cisco C100V Email Security Virtual Appliance and are going to start using the IronPort Email Encryption capabilities to send secure email to recipients outside of our organization.
  I see under Mail Polices --> Text Resources that you can create an "Encryption Notification Template" HTML or text based that gives a general message to a recipient on what to do when they receive this secure email using this process.
  Is there a way that I can customize that template a little more?  I would like to add at least our corporate logo to that template just to make things more visible to the recipient who the message is coming from.
  Ive tried to copy and paste the HTML code out and edit it throwing a <IMG> tag in with a URL as the source back to a logo I put in a folder on our public website however it didn't work.
  Can this be done or am I just stuck with the dull as dishwasher framework of that template..?
  Thanks.

  Yes - you can edit the template to include the logo, or anything you wish --- standard HTML encoding applies...
  Here - I have added in the Pittsburgh Pirates "P" logo --->
  My HTML code --- only choosing to add a NEW template in the text resources, using the template wording --- and inserting the BOLD RED section w/ the image location for the Pirate "P" source:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
  <html>
   <head>
    <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
    <meta name=version
     content="$RCSfile: PostXMessage.html,v $ $Revision: 1.10 $">
    <title>Secure Email Message</title>
   </head>
   <body bgcolor="#EEEEEE">
    <table align=center style="width:80%;border:1px solid #336699;
     background-color:white">
     <tr>
      <td>
       <table width="95%" cellspacing=0 cellpadding=0 align=center>
        <tr>
         <td>&nbsp;</td>
        </tr>
        <tr>
         <th style="font-family:Verdana,sans-serif;font-weight:700;
          font-size:10pt;text-align:left;color:#333333">
          You have received a secure message
         </th>
        </tr>
        <tr>
         <td style="border-top:1px solid black">&nbsp;</td>
        </tr>
        <tr>
  <img  src="http://pittsburgh.pirates.mlb.com/images/homepage/team/y2011/footer/pit.png" border="0">
         <td style="font-family:Verdana,sans-serif;font-size:8pt;
          text-align:left;color:black">
            <strong>Read your secure message by opening the attachment,
            ${AttachmentName}.</strong> You will be prompted to open (view)
            the file or save (download) it to your computer. For best
            results, save the file first, then open it in a Web browser.
            To access from a mobile device, forward this message to
            [email protected] to receive a mobile login URL.
            <br><br>
            If you have concerns about the validity of this message, contact
            the sender directly.
            <br>
            <p>
            <strong>First time users -</strong> will need to register after
            opening the attachment. For more information, click the following Help link.
            <br>
            <strong>Help -</strong> <a href="https://res.cisco.com/websafe/help?topic=RegEnvelope">https://res.cisco.com/websafe/help?topic=RegEnvelope</a><br>
            <strong>About Cisco Registered Email Service -</strong> <a href="https://res.cisco.com/websafe/about">https://res.cisco.com/websafe/about</a>
            </p>
          </td>
        </tr>
        <tr>
         <td>&nbsp;</td>
        </tr>
       </table>
      </td>
     </tr>
    </table>
   </body>
  </html>
  Test your HTML coding out before hand if you need --->
  Can you test the code from this site:
  http://www.w3schools.com/TAGS/tryit.asp?filename=tryhtml_pre
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)