Cisco Ironport Backup

Similar Messages

• What is the cisco ironport C680 and M680 configuration backup file size?

  what is the cisco ironport C680 and M680 configuration backup file size?

  Size of the XML itself?  That is going to vary based on what you have configured, total lines of code, and # of appliances you may/may not have in cluster.
  M680, based on SMA as stand-alone, should be similar --- you are probably looking @ < 1 MB... 
  Looking @ my test environment, in which I have a nightly cron job set to grab a backup of...
  -rw-rw----  1 robert robert 161115 Sep 26 02:00 C000V-564D1A718795ACFEXXXX-YYYYBAD60A5A-20140926T020002.xml
  So, 161115 bytes = .15 MB
  -Robert

• Cisco IronPort AsyncOS 6.7.6-068 for Management GA Notification

  Cisco is pleased to announce the General Availability (GA) of a new major release of AsyncOS 6.7.6-068 for
  Management to all customers. This release applies to all our Security Management Appliances (M-Series).
  AsyncOS 6.7.6-068 for Management enables Centralized Tracking and Reporting for the new features introduced in AsyncOS 7.0 for Email.
  New Features and Enhancements in AsyncOS 6.7.6-068 for Management
  New Feature: Centralized support for the reporting and tracking changes in the AsyncOS for Email release 7.0:
  RSA Data Loss Prevention
  Marketing Message Detection
  New Feature: Reporting by ESA Groups
  Enhanced: Domain-Based Executive Summary Report now configurable by:
  Domain of Email Server
  Domain of Email Address
  Fixes in AsyncOS 6.7.6-068 for Management
  Fixed: MemoryError after losing Housekeeper thread [Defect ID: 52048]
  Fixed: The Show Details link results in a timeout [Defect ID: 51558]
  Fixed: Safelist/Blocklist should be exportable via CLI [Defect ID: 43360]
  Fixed: LDAP Query strips spaces [Defect ID: 46099]
  Fixed: Tracking database time does not update after system timezone is changed [Defect ID: 49407]
  Fixed: Application error when accessing Online Help from the End User Spam Quarantine page [Defect ID: 52395]
  This release has gone through our beta program, internal soak tests and is also running in production at our FCS customers.
  Please upgrade at your convenience and let us know how you like this new release!
  Cheers,
  Jakob

  Hi,
  We identified an issue in AsyncOS 6.7.6-068 for Management that under certain circumstances can cause loss of historical reporting data when reporting groups are configured. To ensure a high quality release, further testing on our side is required.
  6.7.6-068 is no longer available for upgrade to your M-Series appliances.
  If you already upgraded to 6.7.6-068 we strongly recommend to disable group based reporting to avoid being affected.
  We expect to release a new improved build of 6.7.6 shortly and apologize for any inconvenience or confusion this might have caused.
  If you are required to upgrade to 6.7.6 before a new build is available, please contact Cisco IronPort Customer Support.
  I'll let you know once the new build is available...
  Best Regards,
  Jakob

• Cisco Ironport Certificate ISsue

  Hai All,
  We have cisco ironport WSA 370 version 7.5 .
  We need to decrypt some https traffic . But the issue is our corporate AD support only 2048 bit cert. But our WSA box only support 1024.
  Heared that asycos 7.7 (new release) support 2048 bit cert.  When i check the 7.7 guide, its not mentioned. Can you please suggest???

  Hi Mohamed,
  There is a feature request so the WSA can generate 2048 bit certificate; but you can upload a an Intermediate root signing certificate to the appliance.
  Look for "Uploading a Root Certificate and Key"
  https://www.cisco.com/en/US/docs/security/wsa/wsa7.7/User_Guide/WSA_7.7.0_UserGuide.pdf
  HTH,
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach"
  http://www.cisco.com/web/partners/tools/pdihd.html

• Cisco ironport 370 to 670 Configuration Compatibility Issue

  I have currently Cisco IronPort S360 and want to Upgade with Cisco S670, upload configuration file of Cisco ironport 360 in &760 but unable to succeed.becasue of compatibility issue of OS .any one can help me regarding how to compatible .
  Regards,
  Shafiq

  Hi Shafiq,
  Please open a ticket and send both of your configuration files with the ticket. The CSE will need to verify that the network interfaces are the same or modify your xml file to allow it to be successfully uploaded to the new 670.
  Sincerely,
  Erik Kaiser
  WSA CSE
  WSA Cisco Forums Moderator

• Configuring Cisco/IronPort plugin for Outlook with CRES

  With the discontinuation of the IronPort IEA appliances we are getting ready to move from our on-premise IEA appliances to CRES.  I have a demo key for Encryption that I am running on my C660s and I have an Outlook client configured with the Email Security Plug-In version 7.2.0.39.  Currently the Outlook Plug in is configured to point to our on premise IEA appliances for the Server URL attribute in Desktop Encryption Options and is working great.
  My question is, what do I use to connect it to CRES for desktop encryption?
  The Admin guide "Cisco IronPort Email Security Plug-in 7.2 Administrator Guide" page 4-46 just says "Server URL Enter the URL for your  Encryption server."
  Thanks

  Hi Jason,
  Thanks for your question.  The short answer is https://res.cisco.com:443 HOWEVER please note the following two points.  First, you will need a CRES account, so that you can download a token to use with the plugin, to authenticate to CRES; you cannot use the default token which you have probably been using with your IEA.  Second, using the current Outlook plug-in version 7.2 with CRES is not supported; it works, but it is not supported.  There are plans to release a supported version.

• Cisco IronPort with On Premise Exchange 2013

  Hello All
  The company I work for is in the process of starting an on premise Exchange 2007 to Exchange 2013 migration.
  Most of the issues I don't think I'll have an issue with; however, where I am not finding much info is in regards to other companies using Cisco IronPort with Exchange 2013.
  SO, I have two questions within this topic...
  One, is anyone using Cisco IronPort with Exchange 2013 (on premise) out here?
  Two, my manager is very controlling.  I am the Exchange Admin; however, anything having to do with this IronPort thing with regards to Exchange HE has to do it. So, if anyone is familiar with this IronPort thing... How much work on the IronPort is going
  to have to be done during this migration to keep things going?

  It shouldn't be any different with Exchange 2013 than it is with Exchange 2007.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Cisco IronPort Plug-In 7.3 breaks when multiple profiles are used?

  In our testing of the Cisco IronPort Plug-In 7.3 we found that if seperate Outlook profiles are used that are configured to different e-mail accounts the plug-in gives an error.
  Here's the scenario.
  Profile A configured with [email protected] up and running receives the BCS Configuratoin File and the plug-in recognizes it and enables the ENCRYPT button.   User1 can use Outlook along with ENCRYPT and all works well.
  But, if that same workstation users opens a different Outlook mail profile is opened that is configured to a different e-mail account.  Profile B configured with [email protected] the following error is generated:  "An error occurred during C:\ProgramData\Cisco\Cisco IronPort Email Security Plug-in\user1\config_2.xml configuartion file initialization.  Some settings have been set to the default values."   Outlook works fine, the decrypt button is greyed out, which is expected, [email protected] is not ENCRYPT enabled.
  The problem is when the user opens up Profile A again, a different error occurs "
  "An error occurred during C:\ProgramData\Cisco\Cisco IronPort Email Security Plug-in\user1\config_1.xml configuartion file initialization.  Some settings have been set to the default values." and the ENCRYPT button is still disabled, even though this user is authorized for ENCRYPTION.   At this point the user has to open the BCS Configuration File again, which does give the message 'This message contains a secure attachment with settings for [email protected]  Do you want to apply these settings?".   If they answer YES, the ENCRYPT button is re-enabled.
  Is Cisco aware of this?   What is the resolution?
  Thanks.

  Same workstation AD login that has full access to both e-mail accounts. 
  Email account A profile A is the same as the workstation login used.   Email account B profile B is a different e-mail address / AD object but user A has full access to the mailbox.
  I would expect Encryption to work for Profile A and not for Profile B, e-mail address B was never sent the configuration file.  But when I go back to use Profile A, encryption is no longer enabled, requireing me to run the configuration again.

• I have a cisco ironport c170, i want set up URL redirect? But i don't khow how to ? Can you help me?

  I have a cisco ironport c170, i want set up URL redirect? But i don't khow how to ? Can you help me?

  The C170 does not support URL redirection prior to OS release 8.5. What exactly do you need to accomplish?

• QoS Cisco SCE8000, Caching Cisco IronPort WSA, Loadbalancing Cisco ACE solution

  Hi all,
  Our customer is a mobile operator. They need a integrated solution for caching, QoS and Loadbalancing in a combination. From my understanding of their goals, they need to providing stable and speedy broadband access as well as good user experience by the differentiation service offering. They need to classify IP traffic and prioritize and control of content-based services for a given subscriber while transparently and dynamically redirect and load balance the application level classified of IP traffic to a proxy caching server regardless of protocols such as http, https, ssl, ftp, flv, mms and rstp, sip, p2p....
  Attached pls find the RFP and technical specification for Caching and QoS.
  I appreciate your expertise to consult me whether I can propose for them the Cisco ACE standalone appliance or ACE engine module for 7600/6500 for loadbalancing, Cisco IronPort WSA for caching and dual Cisco SCE8000 for QoS as an integrated solution. Is this solution feasible/workable and where could I find the same reference or solution design or technical guidance on this?
  Thanks a lot and would like to hear from you at the soonest!
  Best regards,

• Any methods to simulate Cisco IronPort WSA appliance for practice

  Similar to GNS3 on which we can simulate ASA/Routers, same way any other methods to simulate Cisco IronPort WSA appliance for practice or testing? Please let me know. Thanks.

  You can download the virtual WSA. I have not tried it so I'm not sure how it works without a license.
  http://software.cisco.com/download/release.html?mdfid=284806698&flowid=41610&softwareid=282975114&release=7.7.5&relind=AVAILABLE&rellifecycle=GD&reltype=latest

• HT4864 Emails from .mac or .me emails being bounced by Cisco Ironports

  Is anyone else having problems with their .mac or .me email being bounced by Cisco Ironports?  Mine recently began bouncing when sending email to my wife at work.  She investigated it with their IT team and got the following response.
  We did some research and with the system administrators assistance we've figured out what is causing this. Seems that a lot of @mac.com accounts have been compromised lately and have earned themselves a bad reputation with our spam blocking service, Cisco IronPorts. What this means is that it's not any settings on either side, nor anything we control but it is in Apple's court to remedy the issue with their e-mail servers to get a proper reputation again. This is causing e-mails to be blocked from @mac.com, @me.com and @icloud.com accounts worldwide.

  I have also been having this issue for the last several weeks. Apple seriously needs to adjust whatever is causing outbound emails to get flagged. Apple also has the ability to work on their end to remove accounts that cause our email accounts to be lumped in with those causing the bad reputation. They also have the ability to work with upper level people at the companies where the rejection as spam is occuring, to help create specific algorithms to work around this for those not at fault. This has caused major disruptions in my business and is strangly unpredictable. Sometimes I get rejected, and sometimes it goes through to the same address. It doesn't make any sense to me but then again, I'm not a programmer. APPLE, PLEASE FIX THIS!

• Cisco IronPort - Youtube filtered except when logged on google

  Hello everybody
  Have you heard about that ?
  My Cisco Ironport filters youtube videos. I cant play any video.
  But, if I log on google first, with a google account, I can access youtube and watch videos.

  Hi,
  My guess is you are not using https inspection, if you were it would work as you wanted.
  This does require work to set up though.
  An external supplied proxy we use provided a workaround, although I haven't had time to see if it's possible to replicate on an IronPort, this was done to enforce safe search when someone was logged into Google:
  The changes made today are as follows:
  - Requests for www.google.com or www.google.co.uk are returned with nosslsearch.google.com by the WFS Gateway.
  - Requests for encrypted.google.com are blocked.
  The way this works is that when a user requests www.google.com or www.google.co.uk they are instead asking for nosslsearch.google.com - This way Google does not redirect the user to the encrypted HTTPS version of www.google.com or www.google.co.uk - Now that the webpage is not encrypted the Content Filter can now enforce the safe search options.
  Thanks
  Chris

• Silient Uninstall Cisco Ironport Outlook Plugin

  Basically need to uninstall 7-2-7.3 versions of the outlook plugin silently on hundreds of machines.
  Basically the opposite of:
  Cisco Ironport Email Security Plug-in.exe /exenoui /qu UseCustomConfig=\\server\shared\config\
  I have tried different variations with no luck.

  I found my answer. Pretty simple, could have been easier. 
  msiexec /x {GUID} /q
  the GUID or Product ID, I was able to find using SCCM. Each version of the plugin is a different GUID. I used a script to se the right uninstalled line fore which version is installed. 

• Cisco Ironport failover

  Hi all
  Can someone please assist me im trying to setup two Cisco Ironport WSA devices to failover for each other, what would i require for this to happen.
  With Thanks
  Kuda

  Hi Vince
  Yes, i had that issue using pac files and IE9.
  i opened a case with Microsoft Tech support, and after 2 months, they said that there is an IE9 bug, and will be considered on new patch releases. (it was 6 months ago, and i think is not a patch available yet...)
  The Microsoft solution was use IE8 (failover works as expected)...and don't upgrade to IE9...
  i didn't test it on IE10, i think the issue is the same as IE9, but you should test it with all the patches up to date.