Updating Security Management Appliance
Hello Support Community!
I would like to upgrade a Cisco Security Management Appliance (SMA) M160, former Ironport M-Series.
Current Version: 7.9.1-039
My Goal: 8.0.0-402
The 8.0.0-402 has released on March 28, 2013. The Problem is, when i am searching for available upgrades,
i get: "Error - No available upgrades"
There is no error with my firewall, because i can successfull check for new feature keys.
Any idea whats went wrong?
greets
Christian
You can install a different cert for different process:
http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118460-technote-sma-00.html
Certificates can be used for four different services:
Inbound TLS
Outbound TLS
HTTPS
LDAPS
When you say No, you'll just need to be prepared to enter in the separate certs as needed for each process. And, SMA is still CLI only for cert management.
-Robert
Similar Messages
-
Security Management Appliance - Multiple SSL Cert support.
Does anyone know if the SMA supports multiple SSL certs? We would like to create a cert for our users that access the Spam Quarantine that uses a different FQDN from what we have now for admin access.
I noticed in instuctions for importing certs into the SMA, that it does ask if you want to use that cert for everything, but I haven't found anything that elaborates on what options you have if you say NO. I'm guessing from that question that it allows for a different cert for a different function, but I'd like confirmation and maybe direction on how to implement.
Thanks in advance.You can install a different cert for different process:
http://www.cisco.com/c/en/us/support/docs/security/content-security-management-appliance/118460-technote-sma-00.html
Certificates can be used for four different services:
Inbound TLS
Outbound TLS
HTTPS
LDAPS
When you say No, you'll just need to be prepared to enter in the separate certs as needed for each process. And, SMA is still CLI only for cert management.
-Robert -
IronPort WSA management through Security Management Appliance
Hi,
I have two identically configured (policies) IronPort WSA S670 appliances running 7.5.0-833 and both added in SMA M670 management appliance running 7.9.1-102. Appliance A has McAfee license expired. Newly installed appliance B has Mcafee running for 28 more days. "Sophos" is enabled on both and working good. Config Master 7.5 was built based on the config from appliance A.
Now, when i want to push the Config Master to both the associated WSA, it fails on appliance B as "McAfee" is disabled in Config Master but enabled on it. The setting "Security Services Display" in M670 was changed to enable "McAfee" but now appliance A fails giving a mis-match error on publishing.
How to workaround this ? Can McAfee license/feature key on appliance B be expired / disabled now without waiting 28 days to let it expire.
Thanks,
Rick.Hello Rick,
You can disable Mcafee globally on the SMA by going to :
GUI -> Web -> Utilities -> Security Services Display -> Edit Display Settings-> Under Configuration Master 7.5 ->
Do your Web Appliances have McAfee Anti-Malware enabled? -> Uncheck the box and submit.
Also, Disable Mcafee on the appliance that thas 28 days of the licenses left, This way Mcafee will be disabled on all your boxes.
I hope this helps.
Regards,
-Puja -
Cisco Security Manager Appliance bundle
I have a customer subscribed to the Security ELA, so all security related licenses and subscriptions are free. It is possible to order this product as an appliance without the bundled licenses?
Yes, if we do get a UCS, it will be sized to accommodate more than just CSM due to the other stuff we could load it with, although now that Cisco VMs run under Hyper-V....? We are also getting FS (their VM is not big enough, shame) in hope that appliance/product will absorb CSM in a future release.
Thanks, -
IronPort Security Management Appliance - Directory Search Results Size
I'm creating an access policy for a web security appliance that is applied to an authorized group within an idenity. My question is in regards to the number of returned results when using the Directory search function to find and add the group. Only the first 500 matching entries are shown and attempting to search for the group fails if it isn't part of that first 500. How do I increase the amount of results returned when searching for groups?
Hello Alex,
By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 groups configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.
http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech
MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.
Default value: 1,000
You can also simply input the group name and then click "Add" to manually add it as a workaround.
Hope it helps. -
Publish to a WSA from Management appliance Fails
I am trying to publish a configuration from my new M170 to a S160 and i get this error: "Failure: The Anti-malware settings must match to successfully publish." I checked and the settings are good any ideas.
Bob.
In the MSA, which security settings are turned on (Is Sophos on? Is McAfee on? etc) has to match what is actually enabled on the WSA you're pushing to.
Taken from 8-10 of the user guide:
To verify enabled features for a Web Security appliance:
Step 1 On the Security Management appliance, choose Web > Utilities > Web Appliance Status.
Step 2 Click the name of a Web Security appliance to which you will publish a Configuration Master.
Step 3 Scroll to the Security Services table.
Step 4 Verify that the Feature Keys for all enabled features are active and not expired.
Step 5 Compare the settings in the Services columns:
The Web Appliance Service column and the Is Service Displayed on Management Appliance? column should be consistent.
Enabled = Yes
Disabled and Not Configured = No or Disabled.
N/A means Not Applicable. For example, the option may not be configurable using a Configuration Master, but is listed so that you can see the Feature Key status.
Configuration mismatches will appear in red text.
Step 6 If the enabled/disabled settings for a feature do not match, do one of the following:
•Change the relevant setting for the Configuration Master. See Enabling Features to Publish, page 8-10.
•Enable or disable the feature on the Web Security Appliance. Some changes may impact multiple features. See the information about the relevant feature in the Cisco IronPort AsyncOS for Web Security User Guide.
I have put in an enhancement request for this to be manageable by the MSA, because I think its pretty dumb that you can't push this config from the MSA.
Hope that helps,
Ken -
Security Manager for decryption is not set
Hey,
I am using the Livecycle virtual appliance in a test version to evaluate its features. When I decrypt an encrypted document with the java API I get an error message that says that the security manager is not set.
Is the security Manager part of the appliance?
How can I solve that problem?
My Code:
//Set connection properties required to invoke LiveCycle ES
Properties connectionProps = new Properties();
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, getConfig("lc.ejb-endpoint.url", "jnp://192.168.56.50:1099"));
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,Service ClientFactoryProperties.DSC_EJB_PROTOCOL);
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, getConfig("lc.ejb-endpoint.username", "jjacobs"));
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, getConfig("lc.ejb-endpoint.password", "password"));
//Create a ServiceClientFactory object
ServiceClientFactory myFactory = ServiceClientFactory.createInstance(connectionProps);
//Create an EncryptionServiceClient object
EncryptionServiceClient encryptClient = new EncryptionServiceClient(myFactory);
//Unlock the password-encrypted PDF document
Document unlockedDoc = encryptClient.unlockPDFUsingPassword(pdf, pdfPassword);
return unlockedDoc;
Exceptions details:
Caused by: com.adobe.internal.pdftoolkit.core.exceptions.PDFSecurityAuthorizationException: Security Manager for decryption is not set
at com.adobe.internal.pdftoolkit.core.encryption.EncryptionImpl.getStreamEncryption(Encrypti onImpl.java:196)
at com.adobe.internal.pdftoolkit.core.encryption.EncryptionImpl.getStreamDecryptionHandler(E ncryptionImpl.java:263)
at com.adobe.internal.pdftoolkit.core.cos.CosEncryption.getStreamDecryptionStateHandler(CosE ncryption.java:675)
at com.adobe.internal.pdftoolkit.core.cos.CosStream.getStreamForCopying(CosStream.java:377)
at com.adobe.internal.pdftoolkit.core.cos.CosStream.copyStream(CosStream.java:310)
at com.adobe.internal.pdftoolkit.core.cos.CosStream.getStream(CosStream.java:422)
at com.adobe.internal.pdftoolkit.core.cos.CosObjectStream.getDataStream(CosObjectStream.java :130)
at com.adobe.internal.pdftoolkit.core.cos.CosObjectStream.<init>(CosObjectStream.java:80)
at com.adobe.internal.pdftoolkit.core.cos.CosToken.readObject(CosToken.java:576)
at com.adobe.internal.pdftoolkit.core.cos.CosToken.readIndirectObject(CosToken.java:108)
at com.adobe.internal.pdftoolkit.core.cos.XRefTable.getIndirectObject(XRefTable.java:607)
at com.adobe.internal.pdftoolkit.core.cos.CosDocument.getIndirectObject(CosDocument.java:287 5)
at com.adobe.internal.pdftoolkit.core.cos.XRefTable.getIndirectObject(XRefTable.java:599)
at com.adobe.internal.pdftoolkit.core.cos.CosDocument.getIndirectObject(CosDocument.java:287 5)
at com.adobe.internal.pdftoolkit.core.cos.CosDocument.resolveReference(CosDocument.java:1067 )
at com.adobe.internal.pdftoolkit.core.cos.CosDictionary.get(CosDictionary.java:278)
at com.adobe.internal.pdftoolkit.pdf.document.PDFCosDictionary.getDictionaryCosObjectValue(P DFCosDictionary.java:423)
at com.adobe.internal.pdftoolkit.pdf.document.PDFCatalog.getInteractiveForm(PDFCatalog.java: 156)
at com.adobe.internal.pdftoolkit.pdf.document.PDFDocument.getInteractiveForm(PDFDocument.jav a:521)
at com.adobe.formServer.utils.CommonGibsonUtils.isForm(CommonGibsonUtils.java:153)
at com.adobe.livecycle.formdataintegration.server.FormData.exportDataInternal(FormData.java: 338)
at com.adobe.livecycle.formdataintegration.server.FormData.exportData2(FormData.java:217)
... 81 moreI think you answered your own question - the PDF is password protected therefore LC can't open it to extract the data.
You'll have to remove the security first. You can do that in a process by using the Common.EncryptionService.Remove PDF Password Encryption operation.
Note that you will need the document's password to remove the security. -
No security manager: RMI class loader disabled Error at RMI client programm
Got following error on invoking remote method from RMI client,
java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
java.lang.ClassNotFoundException: com.rmi.RmiImpl_Stub (no security manager: RMI class loader disabled)
Please let me know solution.Hello JAAZ,
I got the same error yesterday. I was a little frustrated, because the day before everything was fine...
java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
java.lang.ClassNotFoundException: uk.co.it.ete.server.ETE_Server (no security manager: RMI class loader disabled)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)The solution was, that I did some refactoring and some of the classes were now in different packages. I updated the system on the client-side and now everything works again.
I think debugging RMI-applications is not as easy as "normal" applications ..
maybe this helps..
Regards
tk -
Advanced Security manager- Error Initializing the Essbase API.
Hi,
I have installed OLAPUnderground> Advanced Security manager for exporting all the User security. when i try to click connect it throws a connection error "error Initializing the Essbase API, cannot connect." Has any one seen this error before? please let me know if i am missing anything.
We are currently using 11.1.2.3.500.
Thanks,
SankeerthSounds like you have not created the windows environment variable:
ESSBASEPATH
D:\Oracle\Middleware\EPMSystem11R1\common\EssbaseRTC\11.1.2.0
That is just an example path update to match your environment
Cheers
John
http://john-goodwin.blogspot.com/ -
Cisco security Manager Backup error
i am getting the below error after the backup in Cisco Security Manager 3.2
[Sun Dec 20 00:00:05 2009] ERROR(313): D:/backup.LOCK file exists
Most probably another backup process is running
[Sun Dec 20 00:00:05 2009] Backup failed: 2009/12/20 00:00:05
i have deleted the backup.LOCK file and tried it is giving the same error.
any one help me in this.
thanks in advance.Update:
WHen performing the same action through the client interface, rather than from the server interface the backup has appeared to work.
Is this a feature?
Needless to say I was able to run a backup.
Steve -
Cisco Security Manager (CSM) License Problem
Hi All,
We have CSM V3.2 with Professional license edition and support 50 devices. It's installed properly in the Cisco Security Manager client as appeared in the attachement but the problem is in the server administration- license management which doesn't include any records for license (see attachment).
I tried to upload the .lic file by clicking the Update button in server administration but an error message appeared stated that the license file is corrupted although it's installed properly in CSM client!!!
Could you please advise what's the problem and what should I do?
Thanks in Advance!Sorry but Cisco seems to have removed that product bulletin from cisco.com.
Your reseller can use Cisco Commerce Workspace (CCW) to order the correct part number for your CSM installation. There is a unique number for each licensing level and/or upgrade.
For instance, for a 10-device standard license, the support would be part number CON-SAS-CSMST10K.
For the 100-device Pro license, the support would be CON-SAS-CSMPR4K9.
The reseller needs to adjust the support term (12-60 months) to suit when ordering. -
I use HP ProtectTools Security Manager to control my passwords. When i updated to Firefox 30. I received the following error message ; Firefox doesn't know how to open this address, because the protocol (dpql) isn't associated with any program. How can I solve this problem ?
Hi le.hamzou,
Previous suggestions were to update the Security Manager if there was one. There were also these add ons:
[https://addons.mozilla.org/en-US/firefox/addon/fingerfox-se/ Fingerfox], but I am not sure if it will work on win8, it does on win7.
Another work around I saw was [https://addons.mozilla.org/en-US/firefox/search/?q=ietab&appver=29.0&platform=all IE Tab].
This reference may also help [http://kb.mozillazine.org/Register_protocol]
Please post back with the results! -
Hi,
I'm looking into Cisco Security Manager. From what I understand you can monitor and manage Cisco security appliances. I'm interested in the monitoring of our Cisco ASAs - specifically, monitoring VPN sessions and their trending over months at a time and I would like to monitor other Cisco devices on the network for link problems/performance and such - I don't want to use Cisco Security Manager as a management point. Would Cisco Security Manager not be the right tool for this?
We have SolarWinds and I've heard that you can assign UnDPs(Device Pollers) to devices you want to monitor, including ASAs and these pollers can give you trending for VPN sessions with graphing. I just want to make the most of our budget dollars.
Any advice?
Thanks, Pat.CSM 4.3 and above can be used to monitor VPN sessions on Cisco ASAs. You can definitely use CSM as a monitoring only solution for ASAs (without using it for management). You can also explicitly disable policy change privileges for all admins so they do not modify stuff by mistake. Note however that CSM is primarily focused on end-to-end management scenarios (including policy change, troubleshooting, reporting, etc). So you may not find all the bells and whistles in CSM for monitoring scenarios that you may find with some of the pure monitoring only solutions.
-
Deleting multiple devices in Cisco Security Manager
I imported 200 devices from configuration files in cisco security manager which I need to remove again due to updates in the predeployed configurations...
Does anyone know how to remove devices without selecting every single one and clicking "delete" or restoring the database? :)
Thanks!Maybe from the common services webpage you could select multiple devices at a time ?
-
HP Client Security Manager Incompatible With Windows 10
"Get Windows 10" download has informed me that I will need to uninstall HP Client Security Manager in order to get the Windows 10 download.The encryption and other safety features on my laptop are of primary importance to me and my firm.Is HP going to provide a new updated version of the software to be compatible with Windows 10?If so how and when will it be made available?
Hi: This is a peer to peer forum. No one here can answer questions such as yours (any questions directed to HP). I would see if the latest Client Security Manager software will work with W10. Install this and see if it passes muster with the Windows 10 advisor. This version is still valid for W7, so you can try it now. http://h20566.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_148454_1 This is an even newer version, but it is only good for W8.1. http://h20566.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_149745_1 It is highly doubtful that HP will be releasing any drivers or software for W10 until after it is officially introduced to the public. That has been their usual method of releasing drivers and software when new operating systems come out.
Maybe you are looking for
-
I used to use Movie Maker and it would be able to handle lots of file uploads and big projects. I figure iMovie can do the same since it's newer and it's on my iMac. I was working on a project for a few months, it was working fine up until about a fe
-
How to add customer fields in UI Marketing.
Dear SAP Colleague, We are migrating our SAP CRM landscape from version 4.0 to 7.0. We have already performed a technical migration of our development environment. But now we are facing the following issue: In 4.0 we have a Custom Aditional Fields Ta
-
Very Strange Issues - Can't boot
I've tried everything. iMac G5 (no iSight) won't boot. Reset PMU Reset SMU Removed and tested all RAM in similar iMac (all chips fine) Left just one 512 MB RAM in broken iMac Zapped PRAM Booted Open-Firmware reset-nvram reset-all I have an external f
-
Hi, I've seen questions about this error posted elsewhere but I'm not sure if the same issues applied. I'm trying to connect to SQL Server from a VBA macro in excel. I've managed to do this with the code below where my query is return to cells in my
-
Apache plug-in won't load balance requests evenly on cluster
I can't seem to get the Apache plug-in to actually do round-robin load balancing of HTTP requests. It does random-robin, as I like to call it, since the plug-in will usually hit all the servers in the cluster but in a random fashion. I've got three m