SA 540 Security Appliance

Similar Messages

• Cisco Email Security Appliance (ESA) - Reporting

  In previous versions on ESA you could export data and reports in CSV formats using an API. Is that still available?
  >From the following document :
  IRONPORT ASYNCOS 6.4 REPORTING API FOR IRONPORT APPLIANCES
  REPORTING API OVERVIEW
  The Reporting API feature allows you to download the same data collected by the Email Security Monitor component of the IronPort Email Security appliance or Security Management appliance in a comma separated value (CSV) format. This format allows users to integrate the IronPort appliance's data gathering capabilities into other IT and business reporting systems. 
  DOWNLOADING REPORTING DATA
  You can retrieve the data used to build the charts and graphs in the Email Security Monitor feature via HTTP. This is useful if you plan to perform further analysis on the data via other tools. The data is available in standard comma separated value (CSV) format. The easiest way to get the HTTP query you will need is to configure one of the Email Security Monitor pages to display the type of data you want. You can then simply click the Export... link to initiate the download process.

  It went away, there's a new one (RESTful) in 9.0/9.1
  http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-0/ESA_API_1-0_Getting_Started_Guide.pdf

• Ask the Expert: Introduction to Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features)

  With Namit Agarwal and Rahul Govindan 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features) with experts Namit Agarwal and Rahul Govindan.
  This is a continuation of the live webcast.
  Cisco ASA CX (Context-Aware) is a next generation firewall service that serves as an extension to the Cisco Adaptive Security Appliance (ASA) firewall platform. In addition to the proven stateful inspection firewall capabilities, it provides us with next-generation capabilities and a host of additional network-based security controls for end-to-end network intelligence and streamlined security operations.
  Namit Agarwal is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. He has more than four years of experience in the security domain. His areas of expertise include ASA firewalls, IPS, and ASA content-aware security (ASA CX). He has been involved in various escalation requests from around the world. He holds CCIE certification (number 33795) in security.   
  Rahul Govindan has been an engineer with the Security Technical Assistance Center team in Bangalore for more than three years. He works on security technologies such as VPN; Cisco ASA firewalls; and authentication, authorization, and accounting. His particular expertise is in Secure Sockets Layer VPN and IP security VPN technologies. He holds CCIE certification (number 29948) in security.
  Remember to use the rating system to let Namit and Govindan know if you have received an adequate response. 
  Because of the volume expected during this event, Namit and Govindan might not be able to answer every question. Remember that you can continue the conversation in the Security community, subcommunity VPN shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast related links:
  Slides from the live webcast
  Video Recording of the live webcast
  Introduction to Cisco Adaptive Security Appliance (ASA) version 9.x (Context Aware Security and VPN Features): FAQ from live webcast

  Hello Namit and Rahul,
  Here are few questions that came in directly during your live webcast hence posting them here so that users can benifit:
  1)      How is ASA CX different from other UTM solutions ?
  2)      How is dynamic application inspection of CX better than other inspection engines  ?
  3)      What features or functionalities on the CX are available by default ?
  4)      what are the different ways we can run or install CX on the ASA platform ?
  5)      What VPN features are supported with multi context ASA in the 9.x release ?
  6)      What are the IPv6 Enhancements in the ASA version 9.x ?
  Request you to please provide your responses to them individually.
  Thanks.

• Clearing tcp sessions on the cisco acs secure appliance

  Hello,
  is there a possibility to view the number of tcp-session which are active on an acs secure appliance?
  Due to these hangups we have no connection to the appliance through web or console. So we are also interested in clearing the tcp-session instead of rebooting the appliance.
  Could somebody help us.
  thnx
  Torsten Waibel

  What is the acs software ver ?

• About CPU utilization value of ironport C370 email-security-appliance

  Hello all,
  What is the normal / abnormal value for the following parameters of ironport C370 email-security-appliance ?
  total active recipients
  active messages in work queue
  CPU utilization

  Each appliance would be a little different based on the expected mail processing, throughput for your environment/domains... and then throw in which processes you have turned up (IPAS, AV, VOF, etc.)...
  Typical C370 (running 8.0.1) should be able to handle:
  1. ~18 +/- recipients/sec
  2. average workqueue ~ 462 
  3. average CPU utilization of ~ 91%
  The #s vary, again, based on what you have enabled and licensed.  You would be well suited to open a dialog with your Sales Ops/Account team, as they have means to determine the proper numbers and outcomes for your environment.
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• SunBlade 100 to Cisco PIX Security Appliance

  I have a problem connecting a SunBlade 100 workstation with Cisco Routers, and the PIX Security Appliance at the Console ports of both a Cisco router and the Cisco PIX Security Appliance. This should be out of the serial port of the SunBlade 100 workstation..
  I have tried to use the UNIX command tip hardwire. No luck connecting to the console port. I also tried to use the UNIX cu command again no response from the console port. I tried connecting a modem temporarily to the SunBlade 100 workstation and was successful in echoing a phone number to a modem. However, I need to use a direct connection from the SunBlade 100 workstation.
  Currently, Windows 2000 workstations are used with
  Hyperterminal to connect to routers and the PIX Security Appliance. I have 24 SunBlade workstations in my classroom and need to use them to connect to the console port on Cisco routers, and the PIX Security Appliance. I would appreciate any help anyone might be able to give on this subject.

  Hello Namit and Rahul,
  Here are few questions that came in directly during your live webcast hence posting them here so that users can benifit:
  1)      How is ASA CX different from other UTM solutions ?
  2)      How is dynamic application inspection of CX better than other inspection engines  ?
  3)      What features or functionalities on the CX are available by default ?
  4)      what are the different ways we can run or install CX on the ASA platform ?
  5)      What VPN features are supported with multi context ASA in the 9.x release ?
  6)      What are the IPv6 Enhancements in the ASA version 9.x ?
  Request you to please provide your responses to them individually.
  Thanks.

• Ironport web security appliance

  Hi,
  Just want to check if the IRONPORT
  S series web security appliances support
  failover/clustering of 2 boxes.
  thanks,

  Each Cisco IronPort web security appliance can be configured as a standalone proxy or to co-exist with other proxies (such as in a proxy hierarchy for conditional routing, failover and load balancing

• Security Appliance disk alignment

  We have several S100V appliances (v8.0.5 build 075) deployed on VMWare 5.1.  We notice that the disk alignment is not optimised for a shared-disk virtual environment, the partition offset is at sector 63 (32256 bytes) so disk activity does not align to the underlying 4k byte boundary.  We have used a NetApp tool (mbralign) to test aligning the partitions correctly but the appliance detects the change and gives an error, despite successfully booting.  These virtual appliances were deployed from OVA as per standard practice and Cisco documentation.
  Can anyone provide an alternate way to deploy the S-series appliances, that results in a correctly aligned partition structure?  Or alternatively, a way to correct the alignment of the existing appliances?
  We know that Cisco is aware of both the need for correct alignment, and the effects of poor alignment, as they make mention of it in documents related to other virtual appliances such as CUCM and UCS. Ref: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/9_1_2/CUCM_BK_C9FFFCD0_00_cucm-release-notes-912/CUCM_BK_C9FFFCD0_00_cucm-release-notes-912_chapter_011.html#CUCM_RF_CFB78EC7_00 and http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/UCS_CVDs/ucs_vspex_esxi5_vm250.html#wp598003
  These appliances are very heavy devices in terms of disk I/O, and as a result of the incorrect partition offset the I/O load is magnified considerably.
  Any help appreciated, even if it is just confirmation of the issue at other sites.

  Hi.
  Something is fishy alright. If we divide the StartingOffset with the Blocksize we should get the starting sector. Which should be 63 for Windows 2003 or 2048 for Windows 2008.. You have 32. I would suggest that you read Alignment
  changes in Windows 2008 and 2008 R2 from Ask the Core Team Blog.
  Just of curiosity is this deployed with vmware, Xen or any 3rd party tool/platform?
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Even if you are not the author of a thread you can always help others by voting as Helpful. This can
  be beneficial to other community members reading the thread.
  Oscar Virot

• Ironport C170 Email Security Appliance - No Upgrades Available Error

  Hi All,
  I have a pair of IronPort ESA C170  with Async OS version 7.6.2-014. one of them displayed two versions that are available for upgrade:
  7.6.3 & 8.0.1; however , the other appliance displays "Error - no available upgrades". 
  So we tried to open the link : http://updates.ironport.com/fetch_manifest.html 
  updated the serial number information for the first one and it displayed the two versions ( 7.6.3 & 8.0.6 ) successfully and it didn't display anything when i put the serial number of the second appliance.
  The Problem clearly that we cant upgrade the second appliance.
  So Appreciate to share your experience on this.
  Thanks,

  You will need to open a support case so that we can get your serial number of the appliance, review to make sure it is in the correct upgrade provisioning group, and then also work with you direct to assure that you have the correct network settings to reach the updater servers.  
  You should be able to open a telnet session from the CLI on the appliance(s) to downloads.ironport.com on port 80, update-manifests.ironport.com on port 443...
  8.0.1 is the latest GA release - and will be the last available hop in upgrade paths.  So, if the appliance is on 8.0.1, then there will be no further upgrade availability currently for the appliance.  If you are needing to get to 8.5, which is FCS, you'll need to request provisioning through a support request.
  -Robert

• Cisco Web Security Appliance Slowness issue

  Hello,
  I have a slowness issue on an Existing WSA-S170-K9 appliance , when issuing the command Rate/proxystat it displays unresponsive sometimes screenshot attached.
  software version is 8.5, i was suspecting that this issue is related to access policies applied on end users ; so i created a test policy to bypass all checks and disable all malware/antivirus checks on users flows however, the same issue is still there.
  Appreciate any assisstance,
  Thanks,
  Muayad Jallad,

  Does this happen every time you run the rate command and at the beginning of the command's output rows?
  You may want to look at your proxylogs to see what activity is occurring while the proxy is unresponsive.

• Cisco Adaptive Security Appliance Software Version 8.2(4)

  Dear All
  I was configure IPSEC vpn on ASA5540 and i have problem with port blocked.  I am unable to block server ports to remote users.  See below configuration.   I need to configure vpn filter list can any one help me to configure vpn filter list. 
  access-list portal extended permit ip host 10.1.xx.33 192.168.20.0 255.255.255.0
  access-list portal extended permit ip host 10.1.xx.34 192.168.20.0 255.255.255.0
  access-list portal extended permit ip host 10.1.yy.33 192.168.20.0 255.255.255.0
  access-list portal extended permit ip host 10.1.yy.34 192.168.20.0 255.255.255.0
  group-policy portal internal
  group-policy portal attributes
  dns-server value 10.1.10.33 10.1.10.34
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value portal
  default-domain value abc.com
  split-dns value abc.com
  address-pools value vpnpool
  tunnel-group portal type remote-access
  tunnel-group portal general-attributes
  address-pool vpnpool
  authentication-server-group ACS
  default-group-policy portal
  tunnel-group portal ipsec-attributes
  pre-shared-key *&******
  I need to block this access-list and open only port 53 dns
  access-list portal extended permit ip host 10.1.yy.33 192.168.20.0 255.255.255.0
  access-list portal extended permit ip host 10.1.yy.34 192.168.20.0 255.255.255.0
  I write this access-list but it will not work and its open all ports.
  access-list portal extended permit udp 10.1.yyy.33 eq 53 192.168.20.0 255.255.255.0, but this access-list will not work and its open all ports like remote desktop, ftp, icmp, etc.
  any body can help me plz.
  anybody can help me how to used vpn filter list to block port or protocol based.

  Hi,
  You can have the split tunnel ACL named as portal and configured as below:
  access-list portal extended permit ip host 10.1.xx.33 192.168.20.0 255.255.255.0
  access-list portal extended permit ip host 10.1.xx.34 192.168.20.0 255.255.255.0
  access-list portal extended permit ip host 10.1.yy.33 192.168.20.0 255.255.255.0
  access-list portal extended permit ip host 10.1.yy.34 192.168.20.0 255.255.255.0
  You can configure a vpn-filter ACL like below:
  access-list VPNF extended permit udp 10.1.yyy.33 eq 53 192.168.20.0 255.255.255.0
  and then apply this VPNF access-list under the group-policy "portal" using the command vpn-filter value VPNF. Let me know if this helps.
  Regards,
  Prapanch

• 2 ironports email security appliance redundancy

  Hi,
  I have two IronPort ESA C160 devices and would like to cluster them for redundancy. My question is:
  When the devices are clustered, is there a cluster IP address (not an interface on either device) which is created which emails from Exchange can be routed to? Since only 1 of the 2 devices will be active at any given time, how can Exchange distingiush which Ironport device to route to?
  Any assistance would be greatly appriciated.
  Omar Badawi

  I see your IP is listed as 200.40.148.74
  Checking Senderbase, not seeing any issues relating back to your side:
  http://www.senderbase.org/lookup/?search_string=200.40.148.74
  Changes recently to DNS?  Hostnames resolve, reverse DNS?  Domains correct and resolvable?  SPF in use... any changes, is it correct?  DKIM, same - any changes, is it correct?
  Originating MX?  Any changes of late to local mail or ISP?
  Normally the 421 error is a temporary block due to issues seen coming from your address/originating IP.  Issue still persist?
  -Robert

• BUG #CSCur27131 - Evaluation of CVE-2014-3566 on Cisco Email Security Appliance

  I have raised a support case with TAC to try and get more information on the preferred config as well as what Ciphers then become available. Points raised in the support case are as follows:
  Current config based from existing artilce pre-POODLE > MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
  Should the new config be > MEDIUM:HIGH:-SSLv2:-SSLv3:-aNULL:@STRENGTH
  Use of strength meaning that the Ciphers are ordered and presented strongest to weakest as negotiation should occur at the first mutually accepted cipher.
  What are the TLSv1 Ciphers used by Ironport (verify under sslconfig CLI appears only to list SSL ciphers)
  Finally, does the Ironport support or plan to support in the future TLSv1.1 and TLSv1.2 ciphers?
  Response from TAC so far is the same as the referenced article - https://tools.cisco.com/bugsearch/bug/CSCur27131 which doesn't address all my points
  Paul

  Negating SSLv2 and SSLv3 in the cipher suite has no effect as long as only enabled TLSv1 is enabled.
  And reordering ciphers by strength won't bring anything since the client's ciphers order will always be preferred.
  Also, MD5 should be disabled as it's widely considered too weak for the job.
  My recommendation would be to use the following suite > HIGH:MEDIUM:!aNULL:!MD5

• ICMP error packets are dropped by the security appliance

  Hi All,
  I am getting the following log error message in ASA , but there is an ACL for icmp alllow for all inside hosts ; how can it be possible, is there any other setting needed apart.
  access-list inside extended permit icmp any any
  Dec 06 2011 22:48:49: %ASA-4-313005: No matching connection for ICMP error message: icmp src inside:172.29.131.3 dst identity:172.29.131.15 (type
  5, code 1) on inside interface.  Original IP payload: tcp src 172.29.131.15/443 dst 172.29.135.31/1580.
  Thanks

  ICMP type 5 is a redirect message. Is there a different path that exist from 172.29.135.31 to 172.29.131.15 ?
  Is 172.29.131.15 the firewall? 172.29.131.3 is a L-3 device on the inside?
  -Kureli

• Issues with Failover in SA540?

  One of my partners is having an issue that remains unresolved - the case id is SR 613266147 - SA 540 Security Appliance / Configuration issues.  The client bought 4SA 540s, 3 for production use and 1 spare.  Partner configured and installed and the redundancy is not working.   I’ve had a case going for weeks and can’t get an answer.  Partner is frustrated that an escalation was promised yet he is still waiting on resolution and in the meantime, have no solution for the client.
  Here is the need per the partner :
  Client has dual internet connections at each location.  Wants to use load balanced WAN connections and have failover on the site to site VPN between the 3 sites.  If the SA 540’s can’t do this, what will?  We will need to arrange to return the 540’s for credit against the new gear.  One way or another, I need to have an answer for this client tomorrow as I am out of town the rest of the week.  I hope you can help.  Thank you.
  Assistance resolving quickly is appreciated.  Thank you.  Mark

  Do the folding in a separate comp and use the Alpha add blending mode on teh layers. Also check Mask feather and expansion.
  Mylenium