Ironport Management appliance and smtp routes

Hi Guys,
I'm configuring M170 management appliance for two mail security Ironports (for centralized quarantine).
while going through the configuration, i have found that there is SMTP route can be configured, why do i need to configure SMTP route under the management appliance?
As i know it should be confgured on the Ironport email security appliances, but why on management? Do i need it?
Thanks & Regards,
Rami

Hi,
Thanks for your reply, just want to confirm, this is will be used even for end users Quarantine notification, correct?
I mean that Management appliance will send quarantine notifications to end users by using this smtp route, am i right?
Regards,
Rami

Similar Messages

TLS mutual authentication and Separate default SMTP routes per listener - IronPort c370

Dear all ,
We have two IronPort C370 ESAs , formed in a cluster.
We are in a need to route e-mails targeted to a special group using TLS Required/Verify.
I have two questions :
1. Is TLS mutual authentication possible on both incoming and outgoing ?
2. Due to the nature of the TLS need the existing listener cannot be used. So I created a new listener and respective filters to decide when the recipient requirements are met. The new listener is going to be configured with a policy specifying TLS required/verify. Problem is that there is always a default SMTP route pointing specifically to a cloud service rather than directly to the Internet while for the new listener usedns is required. Is it possible to have two different default SMTP routes assigned to different listeners ?
Thanks and kind regards ,
Gino.
PS : Please bear with me and questions. I am making my first steps in Iron Port administration.

I have made some sort of progress but I would also like to have your expert opinions.
I have came to understand that in order to present TLS mutual authentication for the incoming traffic I will just have to trust the sender(s) CA ( containing SANs etc for both the SMTP domain and the ESA itself ) while if I spread own SANs to the counterparts I will also have TLS mutual authentication on the outgoing traffic as well. Issue is that I will have to declare it in destination controls and it cannot be generic.
Is there any way to make TLS required/verify with mutual authentication the default without having to set destination contol(s) ?
As for my second question I have came to understand that the additional listener is not an aditional MTA and concequently I cannot have separate default SMTP route ( default = what is called as "ALL" in IronPort ). Still if anyone knows something more it would be really helpful if it was shared.

Ironport back-up smtp routes

Hi Guys,
I have 2 lotus notes servers. Is it possible on the ESA to add these two servers on the SMTP routes while using the same domain name?
How will the ESA forward incoming mail then? Some sort of load balancing, or will it be a priority thing?
Thanks,
Adrian

Hi Adrian,
Q:
I have 2 lotus notes servers. Is it possible on the ESA to add these two servers on the SMTP routes while using the same domain name?
A:
Yes. Please use SMTP Routes option, under Network > SMTP Routes.
Q:
How will the ESA forward incoming mail then? Some sort of load balancing, or will it be a priority thing?
A:Whenever the appliance accept the connection and the message from the sender host, it will check the destination domain of the recipients and look up for SMTP route to reach that destination domain. If there is a SMTP route the appliance will then use the information configured on how to reach the destination. If you have version 7.x of the AsynOS which allows priorization, then the appliance will follow the configuration. If both destiantion servers configured have the same priority, round-robin fashion will be applied.
If you are running a version prior of AsyncOS 7.x then the appliance will connect to the first server configured. If that server is unreachable then it will try the next one configured.
SMTP Routes Overview
SMTP Routes allow you to redirect all email for a particular domain to a different mail exchange (MX) host. For example, you could make a mapping from example.com to groupware.example.com. This mapping causes any email with @example.com in the Envelope Recipient address to go instead to groupware.example.com. The system performs an “MX” lookup on groupware.example.com, and then performs an “A” lookup on the host, just like a normal email delivery. This alternate MX host does not need to be listed in DNS MX records and it does not even need to be a member of the domain whose email is being redirected. The Cisco IronPort AsyncOS operating system allows up to forty thousand (40,000) SMTP Route mappings to be configured for your Cisco IronPort appliance. (See SMTP Routes Limits.)
This feature also allows host “globbing.” If you specify a partial domain, such as .example.com, then any domain ending in example.com matches the entry. For instance, [email protected] and [email protected] both match the mapping.
If a host is not found in the SMTP Routes table, an MX lookup is performed using DNS. The result is not re-checked against the SMTP Routes table. If the DNS MX entry for foo.domain is bar.domain, any email sent to foo.domain is delivered to the host bar.domain. If you create a mapping for bar.domain to some other host, email addressed to foo.domain is not affected.
In other words, recursive entries are not followed. If there is an entry for a.domain to redirect to b.domain, and a subsequent entry to redirect email for b.domain to a.domain, a mail loop will not be created. In this case, email addressed to a.domain will be delivered to the MX host specified by b.domain, and conversely email addressed to b.domain will be delivered to the MX host specified by a.domain.
"The SMTP Routes table is read from the top down for every email delivery. The most specific entry that matches a mapping wins. For example, if there are mappings for both host1.example.com and .example.com in the SMTP Routes table, the entry for host1.example.com will be used because it is the more specific entry — even if it appears after the less specific .example.com entry. Otherwise, the system performs a regular MX lookup on the domain of the Envelope Recipient."
From our documentation:
"A receiving domain can have multiple destination hosts, each assigned a priority number, much like an MX record. The destination host with the lowest number identifies as the primary destination host for the receiving domain. Other destination hosts listed will be used as backup.
Destinations with identical priority will be used in a “round-robin” fashion. The round-robin process is based on SMTP connections, and is not necessarily message-based. Also, if one or more of the destination hosts are not responding, messages will be delivered to one of the reachable hosts. If all the configured destination hosts are not responding, mail is queued for the receiving domain and delivery to the destination hosts is attempted later. (It does not fail over to using MX records)."
I hope this helps.
Cheers,
Valter

Waas appliance and manager setup

Hi all
we have waas in my new company, we use wccp on the router.
Can anyone explain simply how my traffic will be optimized? will my waas appliance not be an inline appliance, does the traffic flow to the appliance then back to the router? how will the physical connections and traffic flow look? and how does the wccp work ?
hope someone can help
cheers
Carl

hi Carl,
WAAS and WCCP work as follows,
the idea is that we should configure WCCP on the router and the WAAS appliance first take care of that analisys before addressing the traffic from your clients.
things to keep in mind when configuring WCCP:
- will the WAAS device be L2 connected to the Router or there will be devices in between the two of them? ( L3 connected) this is very important to understand what type of WCCP design works the best on your network.
for example if I had a swith directly connected to my WAAS box I will definelty use WCCP L2 redirection which incurs in less CPU utilization.
if I had a Router directly connected to the WAAS box I will be probably force to use WCCP software redirection which is more CPU utilization.
please review the following WCCP and WAAAS design guide:
http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd806d976a_ps6474_Products_White_Paper.html
once WCCP desing has been address, we can start thinking on how the traffic coming from the remote site goes to the data center
based on a simple design where you have a Remote WAAS box at the remote location and you also have a Core WAAS appliance at the Data Center it goes like this:
remote clients > Remote Router> cloud < Core Router < Core Servers
WAAS WAAS
1- it does not matter if you have WCCP and an inline mode on each site of your network, you can use either one or even PBR but I see it more difficult to manage than WCCP or inline mode.
2- there is what we called " WAAS 3 way handshake" basically what it means is that WAAS needs to know that there is another WAAS appliance at the other site of the network and vicersa.
3- how does the WAAS handshake works, that is where your traffic comes into play
3a
remote client is trying to access his email, let's suppose that all your email exchange servers are at the Data Center on the other site of the client's network.
so that initial request comes from the remote client to Remote Router, WCCP will redirect the traffic coming from the "LAN" interface to the WAAS remote appliance , WAAS will just add a "Hello field" to the client email request.
then WCCP/WAAS remote appliance will just return the traffic back to the router and the router send it out to his "WAN" interface
3b
once the packet cross the cloud and gets to the Data Center the same way the Core Router will redirect the remote client request to the WAAS appliance ( as I said either inline or WCCP) and then WAAS will know that there is another WAAS appliance at the other site.
at the core site is the same way WAAS will return the traffic back to the router and then the final destination the email server.
once the traffic comes back it should follow the same path ( no asynchronous paths!!!) and that is how WAAS starts adding optimization to your traffic.
this is explain on my own words and I hope I can address some of your doubst let me know if you have any specific questions.
good luck!

IronPort WSA management through Security Management Appliance

Hi,
I have two identically configured (policies) IronPort WSA S670 appliances running 7.5.0-833 and both added in SMA M670 management appliance running 7.9.1-102. Appliance A has McAfee license expired. Newly installed appliance B has Mcafee running for 28 more days. "Sophos" is enabled on both and working good. Config Master 7.5 was built based on the config from appliance A.
Now, when i want to push the Config Master to both the associated WSA, it fails on appliance B as "McAfee" is disabled in Config Master but enabled on it. The setting "Security Services Display" in M670 was changed to enable "McAfee" but now appliance A fails giving a mis-match error on publishing.
How to workaround this ? Can McAfee license/feature key on appliance B be expired / disabled now without waiting 28 days to let it expire.
Thanks,
Rick.

Hello Rick,
You can disable Mcafee globally on the SMA by going to :
GUI -> Web -> Utilities -> Security Services Display -> Edit Display Settings-> Under Configuration Master 7.5 ->
Do your Web Appliances have McAfee Anti-Malware enabled? -> Uncheck the box and submit.
Also, Disable Mcafee on the appliance that thas 28 days of the licenses left, This way Mcafee will be disabled on all your boxes.
I hope this helps.
Regards,
-Puja

Solution manager, PI and ERP incl FICA (IS-U) test systems on same HANA DB server Appliance

Hello
I wander is it possible to have Solution manager, PI and ERP incl FICA (IS-U). All for test/system purposes:
I am sure we need separate application servers for Solution manager, PI and ERP incl FICA (IS-U),
I would have question regarding Appliance i.e Hana DB server. can Solution manager, PI and ERP incl FICA (IS-U) products reside on same Appliance i.e Hana DB server in MCOS or MCOD? (I am sure that for production use this is no-go option)
What is the case when renting cloud solution?
Thank you a lot in advance
Jan

Check the java part, most of the Solman Web Based thing use the java, check the management console to ensure message server and dispatcher proper work, normally is: http://hostname:50113.
If central note give you problems deimplement all the not complete implemented notes and use SUM
and MOPZ to update your system with the last SP, then apply the central note acording to your SP level.
We found that have the system in the last level prevents a lot of problems because of not complete implemented notes.

SMTP Routes, DNS and Failover

Hi !
I'm configuring an outgoing server (i.e. only a private listener) on ESA C370 with AsyncOS 8.0.1.
I use the Internet's Root DNS Servers, and my default SMTP route is empty. My ESA is connected to 3 networks : production (default gateway), administration and failover (1 interface/network).
I would like to deploy a failover solution with an extra ESA on the failover network : if I lose my internet connection (impossible to join DNS and remote MX), my ESA would redirect all its mails to the extra ESA.
How can I do that ?
Thank you for your help.
Best Regards
Quentin

The ESA has no way to automatically fallback to a static IP if DNS in unreachable. The best on-box solution I can suggest is manually changing the 'All Other Domains' SMTP Routes entry when such an event occurs.
I hope this helps!
- Jackie

Outlook 2010 and 2013 are unable to connect but OWA (and mail routing) works fine

Hi-
Not sure why but this past Sunday (just after DST adjustment) outlook clients (using 2010 and 2013) were unable to connect to an Exchange 2013 server. OWA and mail routing (internal and external) is working fine. I've even tried on multiple machines
and all of them experience the same issue. On a new machine with a fresh version of outlook 2013 installed here is what happens:
Click on Outlook 2013
Click Next until the account setup is displayed.
Name and email is auto-populated
Established network connection is good
Searching for email address settings is good (once the self-signed exchange 2013 cert is accepted)
And then the logging onto the mail server fails. The first pop-up is:
The Connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.
Clicking "OK" is followed up with a window with the Microsoft Exchange connection info.
It lists Microsoft Exchange server which is populated with: GUID@<domain suffix>
Mailbox which is populated with: =SMTP:<Valid Email address>
On the Exchange Server I have noticed that the Web Management Service (WMSVC) is stopped and will not start. Starting the service outputs:
EventID 7024
"The Web Management Service terminated with the following service-specific error: Unspecified error"
Not really helpful :)
Since this is only happening with Outlook on multiple clients I'm expecting something with Exchange or the ability for outlook to connect to exchange.
Thanks in advance!

Hi
I know this is an old post, but I'm having a very similar issue. I have CU6 installed and all other client connectivity apart from internal Outlook connectivity is working fine. I have distributed the new Self-Signed Certificate and the tested to verify
the clients trust it. I have tried on multiple machine with multiple accounts and none of them connect.
I'm at the stage of reinstalling, but I would rather troubleshoot the problem, just in case ever hit the same wall in the future. I have run Test-OutlookConnectivity with the following output;
RunspaceId : 71f8d740-c499-4bbe-8baf-9cbb12566fb8
Server : PW-SC-01.companyname.local
MonitorIdentity : Outlook.Protocol\OutlookRpcDeepTestProbe\NEW2013
RequestId : 75641e34-aa49-4fce-aad7-181b56dd7b29
ExecutionStartTime : 10/11/2014 13:50:03
ExecutionEndTime : 10/11/2014 13:50:03
Error : Error 0x6ba (The RPC server is unavailable) from ClientAsyncCallState.CheckCompletion:
RpcAsyncCompleteCall
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 2
EEInfo: Status: 0x000006BA
EEInfo: Detection location: 1710
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 1
EEInfo: prm[0]: Long val: 0 (0x00000000)
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 13
EEInfo: Status: 0x000006BA
EEInfo: Detection location: 1352
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 1
EEInfo: prm[0]: Long val: -1073606646 (0xC002100A)
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 14
EEInfo: Status: 0xC002100A
EEInfo: Detection location: 1380
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 2
EEInfo: prm[0]: Long val: 12175 (0x00002F8F)
EEInfo: prm[1]: Unicode string: /rpc/rpcproxy.dll?PW-SC-01.companyname.local:6001
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 14
EEInfo: Status: 0x00010000
EEInfo: Detection location: 1385
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 2
EEInfo: prm[0]: Long val: 8 (0x00000008)
EEInfo: prm[1]: Binary Buffer: [48-1263-10248-1262-126-9632122164676121-3988104-118-11373-61-94
-111-112-98-1217048136942-12272-122-91311550483449324830638543192311910198979999101115115461121199
91111091091154699111461171074830231349524949485349505348484990231349574949485349505348484990483449
324830638543192311910198979999101115115461121199911110910911546991114611710748-12613448136942-1227
2-122-913111503-126115048-1261102-126110-22103-15-109-16-121-119-3121-4-106119-119-9369122-5779121
719-98-24-67-32918-98-236-19-10715326827-76102-61100108-12718-438331-37109-102-57-9942-11389-10374
-77-5-4-107109-11847342222-63-48-7468-17-1067033-56111-33-54-16-105-62-76-1282011-1664-12158-4915-
88-53-9-29-2994-49-54-5211-1364-212121-12396-127-353-396185117-681229-434246070-109818119-4858-128
-106-1279248-49110-44-81-121494199-118-17-106-71106828294-93-110-110-106-415084-127126-45-12331421
-61-2757-24-128-28-25111-52113121-56-98-5821527282-47255245104-111-55-1099747-115-11172-287-12526-
79-12430-119421360-107-6430-5410282-52-51-128533354-116672757-77-75-111-72-118-10114-84484825-40-1
8-70-24-9111-61-5391-8034125-12632-16-19-128112030-8-427523101-93-127-5348-127-5648146385291511-14
4325-9648-127-110638529174-127-11848-127-121-12623119101989799991011151154611211999111109109115469
911146117107-1262211211945115994548494611211999111109109115461081119997108-12626651171161116810511
59911111810111446808767111109109115461081119997108-12626651171161116810511599111118101114468087671
11109109115469911146117107-12613808767111109109115461081119997108-12613808767111109109115469911146
11710748196385293741248106843615573148126385291911-14248048136942-12272-122-913115503-12611081-930
6613-74953718-12745-14-25-94107-80-5-45-2231536-1728-12897-8587577-1252765-892896-83-10267-7926-20
-9841-1079-12-29-4315671111357-684036-40-5129-91-24-461066-12306-65-9118-89115191071-30-20-1067161
-83-91-74105-931649-48-96126-13-71-118-8967567-40-64-104-113-31-51-102357125100-50113-103-113123-9
873-627067-25-908-10131118125122-71-115-37-1850-1055851-31410-77-7312-36848124-26104-10711043-2048
-48-12666611759121127-2960-1571-9-95-98-1036911610-74221-32-25114-108749933-7147562114-3635-101-81
-1058-73108-61-78-128-116-715155112714-37-18-84-8331-2716-1174257-76-5-1598-15-12875-98-7329632178
-10714-123-6312212-1028359-56-76-683-873987-2120-845954-7617-71-57999828110], size=926
Exception : Microsoft.Exchange.Rpc.ServerUnavailableException: Error 0x6ba (The RPC server is unavailable)
from ClientAsyncCallState.CheckCompletion: RpcAsyncCompleteCall
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 2
EEInfo: Status: 0x000006BA
EEInfo: Detection location: 1710
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 1
EEInfo: prm[0]: Long val: 0 (0x00000000)
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 13
EEInfo: Status: 0x000006BA
EEInfo: Detection location: 1352
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 1
EEInfo: prm[0]: Long val: -1073606646 (0xC002100A)
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 14
EEInfo: Status: 0xC002100A
EEInfo: Detection location: 1380
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 2
EEInfo: prm[0]: Long val: 12175 (0x00002F8F)
EEInfo: prm[1]: Unicode string: /rpc/rpcproxy.dll?PW-SC-01.companyname.local:6001
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 14
EEInfo: Status: 0x00010000
EEInfo: Detection location: 1385
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 2
EEInfo: prm[0]: Long val: 8 (0x00000008)
EEInfo: prm[1]: Binary Buffer: [48-1263-10248-1262-126-9632122164676121-3988104-118-11373-61-94
-111-112-98-1217048136942-12272-122-91311550483449324830638543192311910198979999101115115461121199
91111091091154699111461171074830231349524949485349505348484990231349574949485349505348484990483449
324830638543192311910198979999101115115461121199911110910911546991114611710748-12613448136942-1227
2-122-913111503-126115048-1261102-126110-22103-15-109-16-121-119-3121-4-106119-119-9369122-5779121
719-98-24-67-32918-98-236-19-10715326827-76102-61100108-12718-438331-37109-102-57-9942-11389-10374
-77-5-4-107109-11847342222-63-48-7468-17-1067033-56111-33-54-16-105-62-76-1282011-1664-12158-4915-
88-53-9-29-2994-49-54-5211-1364-212121-12396-127-353-396185117-681229-434246070-109818119-4858-128
-106-1279248-49110-44-81-121494199-118-17-106-71106828294-93-110-110-106-415084-127126-45-12331421
-61-2757-24-128-28-25111-52113121-56-98-5821527282-47255245104-111-55-1099747-115-11172-287-12526-
79-12430-119421360-107-6430-5410282-52-51-128533354-116672757-77-75-111-72-118-10114-84484825-40-1
8-70-24-9111-61-5391-8034125-12632-16-19-128112030-8-427523101-93-127-5348-127-5648146385291511-14
4325-9648-127-110638529174-127-11848-127-121-12623119101989799991011151154611211999111109109115469
911146117107-1262211211945115994548494611211999111109109115461081119997108-12626651171161116810511
59911111810111446808767111109109115461081119997108-12626651171161116810511599111118101114468087671
11109109115469911146117107-12613808767111109109115461081119997108-12613808767111109109115469911146
11710748196385293741248106843615573148126385291911-14248048136942-12272-122-913115503-12611081-930
6613-74953718-12745-14-25-94107-80-5-45-2231536-1728-12897-8587577-1252765-892896-83-10267-7926-20
-9841-1079-12-29-4315671111357-684036-40-5129-91-24-461066-12306-65-9118-89115191071-30-20-1067161
-83-91-74105-931649-48-96126-13-71-118-8967567-40-64-104-113-31-51-102357125100-50113-103-113123-9
873-627067-25-908-10131118125122-71-115-37-1850-1055851-31410-77-7312-36848124-26104-10711043-2048
-48-12666611759121127-2960-1571-9-95-98-1036911610-74221-32-25114-108749933-7147562114-3635-101-81
-1058-73108-61-78-128-116-715155112714-37-18-84-8331-2716-1174257-76-5-1598-15-12875-98-7329632178
-10714-123-6312212-1028359-56-76-683-873987-2120-845954-7617-71-57999828110], size=926
at Microsoft.Exchange.Rpc.ClientAsyncCallState.CheckCompletion()
at Microsoft.Exchange.Rpc.ExchangeClient.ClientAsyncCallState_Connect.End(IntPtr&
contextHandle, TimeSpan& pollsMax, Int32& retryCount, TimeSpan& retryDelay, String& dn
PoisonedCount : 0
ExecutionId : 63105129
SampleValue : 33.5194
ExecutionContext : Mailbox logon verification
EMSMDB.Connect()
Task produced output:
- TaskStarted = 10/11/2014 13:50:03
- TaskFinished = 10/11/2014 13:50:03
- Exception = Microsoft.Exchange.Rpc.ServerUnavailableException: Error 0x6ba (The RPC
server is unavailable) from ClientAsyncCallState.CheckCompletion: RpcAsyncCompleteCall
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 2
EEInfo: Status: 0x000006BA
EEInfo: Detection location: 1710
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 1
EEInfo: prm[0]: Long val: 0 (0x00000000)
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 13
EEInfo: Status: 0x000006BA
EEInfo: Detection location: 1352
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 1
EEInfo: prm[0]: Long val: -1073606646 (0xC002100A)
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 14
EEInfo: Status: 0xC002100A
EEInfo: Detection location: 1380
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 2
EEInfo: prm[0]: Long val: 12175 (0x00002F8F)
EEInfo: prm[1]: Unicode string: /rpc/rpcproxy.dll?PW-SC-01.companyname.local:6001
EEInfo: ComputerName: n/a
EEInfo: ProcessID: 14544
EEInfo: Generation Time: 2014-11-10 13:50:03.737
EEInfo: Generating component: 14
EEInfo: Status: 0x00010000
EEInfo: Detection location: 1385
EEInfo: Flags: 0
EEInfo: NumberOfParameters: 2
EEInfo: prm[0]: Long val: 8 (0x00000008)
EEInfo: prm[1]: Binary Buffer: [48-1263-10248-1262-126-9632122164676121-3988104-118-11373-61-94
-111-112-98-1217048136942-12272-122-91311550483449324830638543192311910198979999101115115461121199
91111091091154699111461171074830231349524949485349505348484990231349574949485349505348484990483449
324830638543192311910198979999101115115461121199911110910911546991114611710748-12613448136942-1227
2-122-913111503-126115048-1261102-126110-22103-15-109-16-121-119-3121-4-106119-119-9369122-5779121
719-98-24-67-32918-98-236-19-10715326827-76102-61100108-12718-438331-37109-102-57-9942-11389-10374
-77-5-4-107109-11847342222-63-48-7468-17-1067033-56111-33-54-16-105-62-76-1282011-1664-12158-4915-
88-53-9-29-2994-49-54-5211-1364-212121-12396-127-353-396185117-681229-434246070-109818119-4858-128
-106-1279248-49110-44-81-121494199-118-17-106-71106828294-93-110-110-106-415084-127126-45-12331421
-61-2757-24-128-28-25111-52113121-56-98-5821527282-47255245104-111-55-1099747-115-11172-287-12526-
79-12430-119421360-107-6430-5410282-52-51-128533354-116672757-77-75-111-72-118-10114-84484825-40-1
8-70-24-9111-61-5391-8034125-12632-16-19-128112030-8-427523101-93-127-5348-127-5648146385291511-14
4325-9648-127-110638529174-127-11848-127-121-12623119101989799991011151154611211999111109109115469
911146117107-1262211211945115994548494611211999111109109115461081119997108-12626651171161116810511
59911111810111446808767111109109115461081119997108-12626651171161116810511599111118101114468087671
11109109115469911146117107-12613808767111109109115461081119997108-12613808767111109109115469911146
11710748196385293741248106843615573148126385291911-14248048136942-12272-122-913115503-12611081-930
6613-74953718-12745-14-25-94107-80-5-45-2231536-1728-12897-8587577-1252765-892896-83-10267-7926-20
-9841-1079-12-29-4315671111357-684036-40-5129-91-24-461066-12306-65-9118-89115191071-30-20-1067161
-83-91-74105-931649-48-96126-13-71-118-8967567-40-64-104-113-31-51-102357125100-50113-103-113123-9
873-627067-25-908-10131118125122-71-115-37-1850-1055851-31410-77-7312-36848124-26104-10711043-2048
-48-12666611759121127-2960-1571-9-95-98-1036911610-74221-32-25114-108749933-7147562114-3635-101-81
-1058-73108-61-78-128-116-715155112714-37-18-84-8331-2716-1174257-76-5-1598-15-12875-98-7329632178
-10714-123-6312212-1028359-56-76-683-873987-2120-845954-7617-71-57999828110], size=926
at Microsoft.Exchange.Rpc.ClientAsy
FailureContext :
ExtensionXml :
ResultType : Failed
RetryCount : 0
ResultName : 75641e34aa494fceaad7181b56dd7b29-OutlookRpcDeepTestProbe/NEW2013
IsNotified : False
ResultId : 1748063
ServiceName : InvokeNow
StateAttribute1 : Momt
StateAttribute2 : UnknownIssue
StateAttribute3 : PW-SC-01.companyname.local
StateAttribute4 : Unknown
StateAttribute5 : {C54AD38D-1E00-4F53-ABAE-26518C3FF82F}
StateAttribute6 : 0
StateAttribute7 : 0
StateAttribute8 : 0
StateAttribute9 : 0
StateAttribute10 : 0
StateAttribute11 : Momt
StateAttribute12 :
StateAttribute13 : VgEAVAdXaW5kb3dzQwBBCEtlcmJlcm9zTA9QV0NPTU1TXG5hdGhhbmhVLlMtMS01LTIxLTIwNTc0OTEwMzItMzE4NDA2NDk3OC
0xNTQ2MTE0ODM1LTI2MzJHHQAAAAcAAAAtUy0xLTUtMjEtMjA1NzQ5MTAzMi0zMTg0MDY0OTc4LTE1NDYxMTQ4MzUtNTEzBwAA
AAdTLTEtMS0wBwAAAAdTLTEtNS0yBwAAAAhTLTEtNS0xMQcAAAAIUy0xLTUtMTUHAADAE1MtMS01LTUtMC0zNDc3ODcxMTMHAA
AALlMtMS01LTIxLTIwNTc0OTEwMzItMzE4NDA2NDk3OC0xNTQ2MTE0ODM1LTQxODcHAAAALVMtMS01LTIxLTIwNTc0OTEwMzIt
MzE4NDA2NDk3OC0xNTQ2MTE0ODM1LTUxMgcAAAAuUy0xLTUtMjEtMjA1NzQ5MTAzMi0zMTg0MDY0OTc4LTE1NDYxMTQ4MzUtND
E3NAcAAAAuUy0xLTUtMjEtMjA1NzQ5MTAzMi0zMTg0MDY0OTc4LTE1NDYxMTQ4MzUtMzU3MAcAAAAuUy0xLTUtMjEtMjA1NzQ5
MTAzMi0zMTg0MDY0OTc4LTE1NDYxMTQ4MzUtNDEyMgcAAAAuUy0xLTUtMjEtMjA1NzQ5MTAzMi0zMTg0MDY0OTc4LTE1NDYxMT
Q4MzUtMTE2NAcAAAAuUy0xLTUtMjEtMjA1NzQ5MTAzMi0zMTg0MDY0OTc4LTE1NDYxMTQ4MzUtMTE0MQcAAAAuUy0xLTUtMjEt
MjA1NzQ5MTAzMi0zMTg0MDY0OTc4LTE1NDYxMTQ4MzUtNDE1MwcAAAAuUy0xLTUtMjEtMjA1NzQ5MTAzMi0zMTg0MDY0OTc4LT
E1NDYxMTQ4MzUtNDE0NQcAAAAtUy0xLTUtMjEtMjA1NzQ5MTAzMi0zMTg0MDY0OTc4LTE1NDYxMTQ4MzUtNTE4BwAAAC5TLTEt
NS0yMS0yMDU3NDkxMDMyLTMxODQwNjQ5NzgtMTU0NjEx
StateAttribute14 :
StateAttribute15 :
StateAttribute16 : 0
StateAttribute17 : 0
StateAttribute18 : 0
StateAttribute19 : 0
StateAttribute20 : 0
StateAttribute21 : /o=companyname/ou=first administrative group/cn=Recipients/cn=NathanH
StateAttribute22 : EMSMDB.Connect()
StateAttribute23 : https://pw-sc-01.companyname.local:444/rpc/rpcproxy.dll?PW-SC-01.companyname.local:6001
StateAttribute24 : Negotiate
StateAttribute25 : [33]10/11/2014 13:50:03 [FAILED!] EMSMDB.Connect();
Identity : fcd6159dd8fe42aebf10100cc4934356
IsValid : True
ObjectState : New

IronPort best practices and configuration guide

Hi there,
I manage a Cisco IronPort ESA appliance for my organisation and made a quick blog post last night about things I thought should be a best practice for a new ESA appliance.
The reason I wrote this is because some of these things are not configured from the start or are configured poorly by default.
Take a look and let me know what you think - I plan to make a part 2 because there are some things I did not have time to go through and it was quite long already!
Remember that your environment will be different from mine so you should understand the things I say before blindly implementing them!
http://emtunc.org/blog/06/2014/cisco-ironport-e-mail-security-appliance-best-practices-part-1/

First of all, I think your question is related to the WebCenter (Framework) as such, not just OUCSS.
As for JDev. vs. run-time, this question is well discussed in Yannick Ongena's tutorial: http://www.yonaweb.be/webcenter_tutorial/part1_configure_webcenter_portal_application
"Let me first talk a bit about the architecture of WebCenter and the runtime customizations. ADF (and WebCenter) has an additional component since 11g called the MDS (MetaDataServices). The MDS is a repository that stores all the customizations. The page we just created at runtime is not stored in the project folder of JDeveloper but is instead stored in the MDS."
I guess the answer when to use which methods depends on the situation what page you want to create.
I am surprised, however, that you state that
Pages created in JDeveloper are not searchable online. It is possible to link it to a Navigation Model but the path needs to be manually entered.Could you elaborate on your use case?
As for navigation models, you can check another tutorial: http://docs.oracle.com/cd/E21764_01/webcenter.1111/e10148/jpsdg_navigation.htm#BABJHFCE
Maybe, what your are looking for is the way how to create a navigation model according to your needs?

Updating Security Management Appliance

Hello Support Community!
I would like to upgrade a Cisco Security Management Appliance (SMA) M160, former Ironport M-Series.
Current Version: 7.9.1-039
My Goal: 8.0.0-402
The 8.0.0-402 has released on March 28, 2013. The Problem is, when i am searching for available upgrades,
i get: "Error - No available upgrades"
There is no error with my firewall, because i can successfull check for new feature keys.
Any idea whats went wrong?
greets
Christian

You can install a different cert for different process:
http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118460-technote-sma-00.html
Certificates can be used for four different services:
Inbound TLS
Outbound TLS
HTTPS
LDAPS
When you say No, you'll just need to be prepared to enter in the separate certs as needed for each process. And, SMA is still CLI only for cert management.
-Robert

Ironport M Series and WSA

I can not manage an Ironport S370 from SMA M670 !!!
The manager show me the next message in the Identity tab: * Realm or sequence not found
I can import the configuration but I can´t publish it because the manager show the next message "Incompatible AsyncOS Version"
Manager system:7.9.1-030
WSA system:7.5.0-833 for Web

Can you take a screenshot of the following items in the M series?
Management Appliance -> Centralized Services -> Security Appliances, click on the appliance name.
Web -> Utilities -> Web Appliance Status
Web -> Utilities -> Web Appliance Status, Click on the appliance name and scroll to the bottom for Authentication Service.
Christian Rahl
Customer Support Engineer
Cisco Web Content Security Appliance
Cisco Technical Assistance Center RTP

Alt-Mailhost / SMTP Routes Question...

Hi All,
I have a query on SMTP routing when using the Alt-Mailhost command in a Message Filter...
Our configuration in overview is two Ironport devices (C650's at AsyncOS 6.4) at separate sites, configured as a cluster (all config is common across sites). At each site, there also exists a 3rd party mail host.
So, I have a message filter which selects messages based on some criteria and I also know which Ironport received it. When I have a match, I want to route this message to the 3rd party mail host on the _local_ site......but if that mail host is down, I want to route it to the 3rd party mail host on the other site. Simple as that!
At the moment, my Alt-Mailhost command looks like this;
<message has been selected> {
<if "Site A" Ironport used> {
alt-mailhost('bogusdomain1.net');
<else>{
alt-mailhost('bogusdomain2.net');
...in my SMTP Routes I'd _like_ to have this;
bogusdomain1.net     <3rd-Party-Box-at-Site-A>, <3rd-Party-Box-at-Site-B>
bogusdomain2.net     <3rd-Party-Box-at-Site-B>, <3rd-Party-Box-at-Site-A>
...but this doesn't work because multiple hosts in an SMTP route are tried in numerical / alphabetical order...no matter what order you put them into the SMTP Route definition (is this a bug?)....so in reality, they both have to look like this;
bogusdomain1.net     <3rd-Party-Box-at-Site-A>, <3rd-Party-Box-at-Site-B>
bogusdomain2.net     <3rd-Party-Box-at-Site-A>, <3rd-Party-Box-at-Site-B>
..which is no use.
My only other idea is that I could just have this in the SMTP Routes for those domains;
bogusdomain1.net     USEDNS
bogusdomain2.net     USEDNS
...and configure my DNS with the above domains, such that there really _is_ a difference in the order of the MX for those domains.
So my question is, how can I do this without using 'USEDNS' and the associated DNS config...i.e. just via the Ironport devices?
Hope the collective can help!
Cheers, Chris.

Check out the latest release notes...
Enhanced: Prioritized SMTP Routes
AsyncOS 7.0 allows you to prioritize the destination hosts for your SMTP routes. AsyncOS will attempt to deliver the message to a destination host in order based on priority. Destinations with identical priority will be used in a “round-robin” fashion.

Cisco Ironport management interface IP configuration?

Hi,
For configuring the management interface IP for Cisco Ironport device, should it be on the public IP address or private IP address? Could you please confirm the IP address desing for the ironport management interface? thanks
arman

Greetings Aman,
The answer to this question depends on several factors, what you intend to do with the appliance, how you intend on allowing access to the appliance and where it sits in your network. Typically customers will utilize the management interface on their internal network thus giving it a private IP. This way the web interface, ssh and ftp access are allowed internally but not to the public. Those services can be enabled on other interfaces as well, but the most common practice is to set up the management interface for internal access only on your private network.
Christopher C Smith
CSE
Cisco IronPort Customer Support

Exactly what can you manage centrally with the Management Appliance?

So, we're thinking of getting a pair of M1070 Management Appliances to work with our cluster of C360 mail appliances (AsyncOS 7.6).
It is not completely clear (a) which things can be centrally handled, and (b) which things can be handled in a redundant manner. It is also not clear how the redundancy works - are things copied to both all the time? If the primary management appliance goes down for a while, are the missed logs copied over from the secondary when it comes back? When the primary is down, does the secondary take over a virtual IP so that users will still go to the same URL for quarantines?
Logging, reporting, and message tracking all seem to be easily done centrally, and are duplicated to the redundant.
As far as I can tell, the spam quarantine can be centralised, and it seems that it is replicated to the secondary if you have AsyncOS>7.2. I can't tell if the safelist/blocklist is replicted between the two, though, and what happens in a failover situation, although it seems it is held centrally. I've seen conflicting information about this, one saying that secondaryconfig can duplicate spam quarantines, the other saying you need to do some sleight-of-hand with content filters to duplicate messages to both management quarantines.
Is there a way to make other quarantines on the management servers? We'd like to have our policy quarantine held centrally, and redundant, so that if we lose a datacentre we can still release policy-quarantined messages. I can't tell how you can set thisup.
Finally, we currently route our emails via the cluster of C360 mail appliances. Would we continue to do this (and they send logs, quarantines etc to the management appliances), or would we have to instead route our emails via the new managment appliances, which then forward them on to the C360s?
If anyone there has successfully set up a redundant management appliance setup I'd be keen to hear the details.

I haven't set up redundant SMA's so I can't help much there... I'm reasonably sure that one acts as a backup destination for the other, but I may have that all wrong.
As far as what can be centralized, as of ESA 8.0.0 and SMA 8.1 (might still be FCS, you can request it from TAC), you can centralize Policy, Virus and Outbreak quarentines, along with the already available spam quarentine and message tracking... Set up the policies and quarentines on the ESAs, point the SMA at the two ESAs, and tell it to import the quarentines, and will bring over the data that's there and reconfig the ESA's to send the policy quarentined mail over, just like it does for the spam quarentine.
You would continue to route mail through the C360s. The M boxes don't do mail flow, other than centralizing the quarentines, and dealing with quarentine releases...

Publish to a WSA from Management appliance Fails

I am trying to publish a configuration from my new M170 to a S160 and i get this error: "Failure: The Anti-malware settings must match to successfully publish." I checked and the settings are good any ideas.

Bob.
In the MSA, which security settings are turned on (Is Sophos on? Is McAfee on? etc) has to match what is actually enabled on the WSA you're pushing to.
Taken from 8-10 of the user guide:
To verify enabled features for a Web Security appliance:
Step 1 On the Security Management appliance, choose Web > Utilities > Web Appliance Status.
Step 2 Click the name of a Web Security appliance to which you will publish a Configuration Master.
Step 3 Scroll to the Security Services table.
Step 4 Verify that the Feature Keys for all enabled features are active and not expired.
Step 5 Compare the settings in the Services columns:
The Web Appliance Service column and the Is Service Displayed on Management Appliance? column should be consistent.
Enabled = Yes
Disabled and Not Configured = No or Disabled.
N/A means Not Applicable. For example, the option may not be configurable using a Configuration Master, but is listed so that you can see the Feature Key status.
Configuration mismatches will appear in red text.
Step 6 If the enabled/disabled settings for a feature do not match, do one of the following:
•Change the relevant setting for the Configuration Master. See Enabling Features to Publish, page 8-10.
•Enable or disable the feature on the Web Security Appliance. Some changes may impact multiple features. See the information about the relevant feature in the Cisco IronPort AsyncOS for Web Security User Guide.
I have put in an enhancement request for this to be manageable by the MSA, because I think its pretty dumb that you can't push this config from the MSA.
Hope that helps,
Ken

Ironport Management appliance and smtp routes

Similar Messages

Maybe you are looking for