Ironport c150 and c170

Similar Messages

• Cisco ironport c360 and c170

  Dear cisco fellows,
  I've looked everywere, but I can't find the number of emails per hour the C360 and the C170 can handle (not the number of mailbixes).
  I'd appreciate a response
  BR,

  I don't think you will find this information in a public forum.  The throughput is affected by many factors including AV and AS settings, use of TLS and encryption, DKIM signing, use of content filters, size of emails, etc.  You will find guidance on how many users a model of the ESA can support, based on general assumptions.  You may find some "unburdened" numbers which tell you how many emails an ESA could process if all it did was relay the mail, but that is not real world.  I think you will need to speak to your Cisco rep or SE if you want a number of emails based on your particular setup.

• Ironport C150 system corrupted

  Help me !
  We have new Ironport C150 and i update it. First update goes ok, but second update no. After updating i rebooted system, but web based management not work and when i started terminal connection comes this information:
  AsyncOS 5.1 for IronPort C150
  Welcome to the IronPort C150 Messaging Gateway(tm) Appliance
  Traceback (most recent call last):
  File "pycbox_main.py", line 180, in ?
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 103, in _impo
  rt_hook
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 192, in _impo
  rt_top_module
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 219, in impor
  t_top
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 274, in _impo
  rt_one
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 304, in _proc
  ess_result
  File "./cli/cli.py", line 34, in ?
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 103, in _impo
  rt_hook
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 192, in _impo
  rt_top_module
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 219, in impor
  t_top
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 274, in _impo
  rt_one
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 304, in _proc
  ess_result
  File "./cli/cdict_cli.py", line 9, in ?
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 103, in _impo
  rt_hook
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 192, in _impo
  rt_top_module
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 219, in impor
  t_top
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 274, in _impo
  rt_one
  File "/usr/build/godspeed/stackless/Python/Lib/imputil.py", line 304, in _proc
  ess_result
  File "./cli/cli.py", line 30552, in ?
  File "./config/config_access.py", line 982, in get_cluster_section_dict
  File "./config/config_access.py", line 750, in load_definitions
  config_access.ConfigError: Definition file /usr/godspeed/config/hermes.reporting
  /def.cfg is corrupt. Unexpected line format: 'alert_thresholds:li'
  It looks like the system is corrupted. How i can start Ironport for "factory settings"... as same that it was when i bougt it.
  Thanks for help

  Had a few customers that have had this same problem. Something to do with the database/config getting corrupted because the unit was power cycled before the update was complete.
  The way we fixed it was to get Ironport engineers to log in via a tunnel and revert the system to the previous image.
  System came back up; got the customer to upgrade the unit via the CLI so they could check the status of the upgrade and give it plenty of time to reboot and come back up.

• C150 to C170 migration

  We have existing C150 in a cluster. We have a new standalone C170. I believe I should just be able to export the config off of the C150 and import it into the C170 as they are the same product family and then just clean up the C170 config becuase it will have no cluster mate. Does this sound doable?                  

  You'll have issues doing that because the 150 and 170 have different network configs.
  You can export the config, clean up the network stuff (e.g. Remove it), and then import the rest to the 170, but you have to be comfortable digging into the XML.  
  If you get one of the 150s up to the same version as the 170, you can join the 170 to it as part of the cluster, the 170 will get the config.  When you break the cluster up to retire the 150, the 170 will keep the config...
  Others have just done it by hand, though on the 150s, you can export the various tables (HAT, RAT, Destination Control, SMTP routes, etc), use FTP to pull these files off of the 150, and upload them to the 170, then import them, and then make sure all of the rest is set up... 
  Check out this thread:
  https://supportforums.cisco.com/message/3813047#3813047

• What is the cisco ironport C680 and M680 configuration backup file size?

  what is the cisco ironport C680 and M680 configuration backup file size?

  Size of the XML itself?  That is going to vary based on what you have configured, total lines of code, and # of appliances you may/may not have in cluster.
  M680, based on SMA as stand-alone, should be similar --- you are probably looking @ < 1 MB... 
  Looking @ my test environment, in which I have a nightly cron job set to grab a backup of...
  -rw-rw----  1 robert robert 161115 Sep 26 02:00 C000V-564D1A718795ACFEXXXX-YYYYBAD60A5A-20140926T020002.xml
  So, 161115 bytes = .15 MB
  -Robert

• Ironport Whitelist and related questions

  Hi all,
  I have recently started at a new position for a company that is utilising ironport as the email spam filtering/virus checking appliance.
  Almost immediately after starting in my position issues were being discussed, where the senderbase reputation scoring was marking a sister companies mail as spam - obviously due to a bad reputation.
  It was important that these mails were delivered and the obvious answer seemed to be to whitelist the domains, which was implemented by another support person. After the whitelist setting was applied though the mails were still be rejected due to being suspected spam - there is no quarantine setup.
  Today I logged into the boxes to see if I could syslog the mail logs to a seperate linux server and suddenly got wrapped up in this problem. I had a look and could see the domains in the whitelist section within the HAT, after doing some reading I can confirm the whitelist section was ordered as being number 1 in the list and by looking further it looks like the whitelist domains were via the 'add to sender group' button within the monitoring overview screens (this is assumed as both .sistercompany.com and sistercompany.com were appended to the whitelist).
  After a few hours of reading up I couldn't understand why the whitelist wasn't working, I even did a lookup of the domain in the monitoring overview search section for mail recieved by sistercompany.com and could see that it belonged in the whitelist group. I got further confused when reading the help and support guide - it had screenshots that looked very similar to our setup [within the HAT overview and Mail Policies], however it had an sbrs for the whitelist set between 6 and 10, where as that was blank on our system, nowhere in the document would it describe why this sbrs value was set. Bearing in mind I have only had a few hours of experience with this product, so these maybe silly questions but:
  Why would you add an sbrs value to the whitelist - I would have thought whitelists would ignore any score presented.
  If number 1 has nothing to do with why these domains were still being flagged as spam, has anyone got any suggestions as to what the issue maybe?
  For a small bit of information we have the C660 appliances installed.
  Any help would be much appreciated

  I'm taking a wild guess here since there are a lot of missing details. Forgive me if I'm covering ground you've already trod.
  Remember that the HAT controls how incoming SMTP connections are handled, so entries in the HAT must correspond to the remote SMTP servers that are connecting to you. You don't put the "domain" part of "user@domain" in the HAT ("sistercompany.com" in your case), you put in the the domain names of the actual remote SMTP servers or a wildcard that matches them all. In your case, this might be ".sistercompay.com" (note the leading "." indicating that this will match any domain name ending with ".sistercompany.com"), but only if their SMTP servers have host names in that domain.
  Whitlisting by domain name requires that the IP addresses of those remote SMTP servers have correct rDNS. If they don't, you'll have to list them in the HAT by IP address. FYI, we never put anything in the HAT by IP address unless it is unavoidable. Using domain names and requiring correct rDNS forces good DNS hygiene, and also provides a layer of abstraction. The server's address can change, but so long as the DNS is kept up to date we don't have to change our HAT entries.
  You can see from the mail logs what sender group is being applied on each SMTP connection. Find one of the rejected messages in the log and see what sender group its connection landed in. If it didn't land in the whitelist (which will almost certainly be the case, given that the message was not in fact whitelisted), then you know the HAT entry is wrong. You can also use the log to determine the actual domain name of the remote server, assuming the rDNS for its IP address is correct.
  The example screenshot in the manual showing SBRS between 6 and 10 being whitelisted is demonstrating that you can whitelist by SBRS as well as by explicit listing in the sender group. Your whitelist simply isn't doing this, which is fine. In this age of rampant spamming from stolen accounts on reputable servers, whitelisting by SBRS can let spam in. We raised the lower limit from 6 to 8 several years ago after getting hit in this exact way.
  ++Don

• Ironport S170 and Microsoft RADIUS

  I'm trying to setup management logins for the IronPort S170 using RADIUS.  I have the Windows server configured and the server information is in the S170, but I'm having trouble with the Group Mapping.  Under the RADIUS Class Attribute, what is an example of something that would go there?  Is it an AD group?  If not, is it some attribute number that I need to configure on the AD user object?  If so, where?  TAC has no idea how to do this. 

  This error occurs when the user’s account is not stored in reversible encryption.
  CHAP requires that the secret be available in plaintext form. CHAP cannot use irreversibly encrypted password databases that are commonly available. If the RADIUS server does not have access to the plaintext password, it cannot perform the one-way hash to verify the user and the authentication will fail. By default, Microsoft Active Directory does not store user accounts with reversible encryption.
  Reversible encryption is a user class attribute and is not enabled by default in the Active Directory. You must enable this setting manually on each account or through Group Policy Objects when dealing with multiple users.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• ESA c160 and c170 in one cluster?

    Heelo Community,
  is there something that I should take care about if I want to run a c160 and a c170 in one management-cluster?

  Raph,
  In order to successfully create cluster, both appliances (ESA - Email Security Appliances) must be running the exact same version and build. So, to answer your question, no, that will not work.
  It is interesting tough, that your devices cannot see the same version.
  Either you please send us the serial number (only the digits after the hifen will do it) or you open a TAC case and ask for assistance.
  I hope this helps and if it does, please mark the question as answered.
  Regards,
  -Valter

• Ironport - Incoming and Outgoing relay

  Hi,
  for my understanding:
  1) incoming mails and outgoing mails will be classified by the HAT
  2) HAT entry with relay decision classifies as "outgoing"
  Now my problem:
  i am using the same relay server for incoming and outgoing messages. So, my ironport gets the messages for both direction from the same device.
  Question:
  does anybody see a solution to do so? at the moment all messages will be classified as incoming or outgoing (depends what is configured in HAT). Anybody using the same relay for both directions before?

  Hi Asffe,
  You a can have an single HAT for outbound and inbound email. At the top of the HAT you must have the a "RELAY"" action specifing the internal email server. When the traffic comes inbound it should hit any of the other entries on the HAT depending of what type of email it is.
  Take a look to the deployment guide.
  http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_BN_EmailSecurityUsingCiscoESADeploymentGuide-Feb2013.pdf
  HTH
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
  http://www.cisco.com/web/partners/tools/pdihd.html

• Ironport WCCP and PAC

  Can I run a single Ironport in a proxy redirection for one site and a pac file for a different site?

  I'm assuming by site you mean business sites? or offices?  If so, then yes.  Turning on transparent redirection (eg. WCCP) doesn't turn off the explicit proxy (eg via a PAC file).
  Really you can break it down to IP if you like, based on how crazy you want to be with the WCCP ACLs.

• Ironport C150 Mystery Shutdown

  Hi,
  Our C150 running 6.4.0-273 switched off on its own today, and we have no idea why. When we switched it back on again, it worked fine and so far no problems. It's been running perfectly normal for a long time (many months) and we've never had this problem before.
  Is there a logfile we can check somewhere that could indicate the cause of the shutdown?
  Thanks.

  Might this be caused by an incidenticaly pressing of the power button on the appliance?
  Customer support said that:
  After looking through your support request and looking through the system via remote access, the only thing we found was a process that locked up and caused the reboot. This should not happen often at all. Please keep an eye on the system and let us know if it reboots unexpectedly again.
  I emailed them back saying that whatever did it caused a shutdown and not a reboot, and asking if that is normal.

• IronPort Encyrption and Spoofing?

  We just recently deployed two IronPort IEA boxes. With our current configuration external recipients can login to our IEA boxes to send encrypted e-mail. When they use the "Automatically Blind Carbon Copy Me" option the system will send an e-mail to their real mail account so that they have a record of the e-mail.
  The problem that I am just now learning about is some of the recipients e-mail systems block these e-mails because we are spoofing their e-mail domain.
  Is there a "best practice" to apply here? I am currently advising the recipients to have their IT staff whitelist our IP addressess for spoofing but wanted to see what everyone else thinks.
  Thanks...

  Jason- Some mail gateways are configured to check SPF records and others block inbound mail with domain spoofing. Its a tough task to get the bcc messages through. I'm sure some other folks in the forum might have a work around (temp).
  Since you host your own keys (IEA) with push method (envelopes), why not use the manage messages section on the left pane for external users to retrieve their sent mail?
  Cheers,
  Kishore

• Ironport Realm and Subdomains

  Folks,
  I am creating Web Access policies that will be applied to security groups that exist in a child domain under the root of our forest.
  When i try to browse the directory it only displays groups in the root of the forest.
  Does anyone know how to get access policies applied to groups in child domains.
  The group in question is a universal group.
  Cheers                  

  Hi,
  Easiest way to do it is to type the whole thing in.
  If you're unsure of what it wants do a policy trace for one of the users and you should see the name come up in the Group Membership.
  Cheers
  Chris

• Audit logging on Cisco Ironport ESA and WSA

  How do I audit the admin activity for changes done on the Ironport appliances. The log subscriptions does not log the actions performed by a administrator on the GUI.

  How do I audit the admin activity for changes done on the Ironport appliances. The log subscriptions does not log the actions performed by a administrator on the GUI.

• IronPort C150, unable to connect

  Does anyone have any experience with IronPort? I am unable to connect to it via Ethernet or by serial.
  Is there a way to set it to factory default?

  Is it a new device? You should be able to connect via the Data 1 Ethernet port on the 192.168.42.42 address.