Cisco Ironport User Guide
Posted By admin On 31.12.19. © 2009 Cisco Systems, Inc.
All rights reserved. Cisco, the Cisco logo, Cisco Systems, Cisco IronPort, IronPort, SenderBase and AsyncOS are registered trademarks or trademarks of Cisco Systems, Inc. And/or its affiliates in the United States and certain other countries. All other trademarks mentioned in the document or website are the property of their respective owners.
The use of the word partner does not imply a partnership between Cisco and any other company. (0903R). Plan the installation within your network panel of the the appliance.
You must wait five minutes for the system to The Cisco IronPort Appliance requires at least one IP address to send Your Cisco IronPort Appliance is designed to serve as your SMTP initialize the very first time you power up before moving on to Step 5.
Getting Started with the Cisco Email Security Appliance This chapter contains the following sections:. What's New in Async OS 11.1 Table 1. Whats New in Async OS 11.1 Feature Description AMP for Endpoints Console Integration You can now integrate your appliance with AMP for Endpoints console, and add your own blacklisted or whitelisted file SHAs. After the integration, when a file SHA is sent to the File Reputation server, the verdict obtained for the file SHA from the File Reputation Server is overridden by the verdict already available for the same file SHA in the AMP for Endpoints console. To integrate your appliance with AMP for Endpoints console, see.
The Advanced Malware Report page now includes a new section - Incoming Malware Files by Category to view the percentage of blacklisted file SHAs received from the AMP for Endpoints console. The threat name of a blacklisted file SHA is displayed as Simple Custom Detection in the Incoming Malware Threat Files section of the report. URL Filtering Support for Shortened URLs You can now configure your appliance to perform URL filtering on shortened URLs, and retrieve the actual URL from the shortened URL. Based on the URL reputation score of the original URL, a configured action is taken on the shortened URL.
To enable URL filtering for shortened URLs in your appliance, see or CLI Reference Guide for AsyncOS for Cisco Email Security Appliance. Support for URL Scanning in Attachments You can now configure your appliance to scan for URLs in message attachments, and perform configured actions on such messages.
Cisco Ironport User Guide
You can use the URL Reputation and URL Category content and message filters to scan for URLs in message attachments. For more details, see,. Handling Unscannable Messages You can now configure your appliance to handle messages that are not scanned by the following engines:. Content Scanner.
Restaurant employee training manual. The six commercial cleaning training documents you can’t do without 1. The basics: Employee handbook and SOP Before we think about commercial cleaning training documents, let’s start with setting the ground work.
File Reputation and File Analysis services. URL Filtering To configure appropriate actions on such messages, see, and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. Improved Pre-classification Efficacy (Reducing File Uploads to Cisco AMP Threat Grid) The File Analysis service in your appliance now supports all the file types supported by Cisco AMP Threat Grid.
You can use this feature to:. Upload files that only contain dynamic content for file analysis. This helps administrators to track the daily file upload limit.
Reduce file uploads for file analysis. To configure this feature, see and the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances.
Note If you are using the private cloud file analysis server version 2.4 or an earlier version, it is recommended that you do not enable the new file types for file analysis. A new verdict – Low Risk is introduced when no dynamic content is found in a file after file analysis. You can view the verdict details in the Incoming Files Handed by AMP section of the Advanced Malware Protection report and in Message Tracking. For more details, see. Improving File Retrospective Verdict Alerts You can now configure your appliance to suppress the retrospective verdict alerts for messages that are not delivered to the message recipient, dropped or quarantined.
To enable this feature, see or the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. Restarting and Viewing the Status of Service Engines enabled on the appliance.
You can use the diagnostic services sub command in the CLI to:. Restart the service engines enabled on your appliance without having to reboot your appliance. View the status of the service engines enabled on your appliance.
To use this feature, see or CLI Reference Guide for AsyncOS for Cisco Email Security Appliance. Setting the Priority for Message Headers You can set the priority for a message header to match the incoming and outgoing messages in your appliance. To enable this feature, see or CLI Reference Guide for AsyncOS for Cisco Email Security Appliance.
What’s New in Async OS 11.0 Table 2. What's New in this Release Feature Description New Data Loss Prevention (DLP) solution RSA has announced End of Life (EOL) for RSA Data Loss Prevention Suite. For more information, see. Cisco now provides an alternative DLP solution that allows seamless migration of all the existing DLP policies created in RSA DLP to the new DLP engine. After the upgrade, you can view or modify the migrated DLP policies in Mail Policies DLP Policy Manager page in the web interface. For more information, see the “Data Loss Prevention” chapter in the user guide.
Note There is no support for RSA Enterprise Manager Integration in Async0S 11.0 and later. If you have DLP policies created in RSA Enterprise Manager, you must recreate those policies in your appliance after the upgrade. Support for Two-Factor Authentication Cisco Email Security appliance now supports two-factor authentication that ensures secure access when you log into your appliance.
You can configure two-factor authentication for your appliance through any standard RADIUS server that complies with a standard RFC. You can enable two-factor authentication in one of the following ways:.
System Administration Users page in the web interface. userconfig twofactorauth command in the CLI. See the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. If you have enabled two-factor authentication on your appliance, you can join it to a cluster machine using pre-shared keys. Use the clusterconfig prepjoin command in the CLI to configure this setting. Handling incoming mail connections and incoming messages from different geographic locations Cisco Email Security appliance can now handle incoming mail connections and incoming messages from specific geolocations and perform appropriate actions on them, for example:. Prevent email threats coming from specific geographic regions.
Allow or disallow emails coming from specific geographic regions. You can use this feature in the following ways:. SMTP Connection Level. You can now configure sender groups to handle incoming mail connections from specific geolocations using one of the following ways:. Mail Policies HAT Overview Add Sender Group Submit and Add Senders Geolocation option in the web interface.
listenerconfig hostaccess country command in the CLI. For more information, see ' or the CLI Reference Guide for AsyncOS for Cisco Email Security Appliances. You can use the Geo Distribution report to view the details of incoming mail connections from specific geolocations based on the sender's country of origin. For more information, see '.
Content or Message Filter Level: You can now create a content or a message filter to handle incoming messages from specific geolocations and perform appropriate actions on such messages. Content and message filters include the following new options:. A new content filter condition - Geolocation.
A new message filter rule - geolocation-rule. For more information, see. You can use the Content Filters and Message Filters reports to view the details of incoming messages from specific geolocations that are detected by the content or message filter. You can use Message Tracking to search for incoming messages from specific geolocations detected by the content or message filter. Use the Geolocation filter for the Message Event option in the Advanced section of Message Tracking. The geolocation list of countries is cloud updateable. Scanning Outgoing Messages using the AMP engine You can now configure the appliance to scan outgoing messages using the AMP engine.
You can use this feature to:. Prevent users from sending malicious messages from the organization’s network, which can lead to low IP or domain reputation. Track users who are sending outbound messages with malicious attachments and perform appropriate actions on them. You can configure the outgoing mail policy of your appliance to allow scanning of messages by the AMP engine in one of the following ways:. Mail Policies Outgoing Mail Policies page in the web interface.
policyconfig command in the CLI. The following reports have been enhanced to show details of outgoing messages scanned by the AMP engine:. Advanced Malware Protection. AMP File Analysis. AMP Verdict Updates. Overview Page. Outgoing Destinations.
Outgoing Senders. Internal Users See You can use the Mail Flow Direction filter in the Message Tracking Message Event Advanced Malware Protection option to search for incoming and outgoing messages that are scanned by the AMP engine. Manually Rollback to a Previous Version of the Service Engine You can now manually roll back to a previous version of the current engine when:. The engine update is defective. The engine is not functioning properly. Currently, you can perform an engine rollback for the following engines:.
McAfee. Sophos. Graymail You can perform an engine rollback only at the machine level and not at the cluster level.
You can use the Security Services Services Overview page in the web interface to perform:. Rollback to a previous version of the service engine. Manually update the service engines to the required version. For more information, see Enable or Disable Automatic Updates You can now enable or disable automatic updates in the Global Settings page of the following service engines:. McAfee. Sophos.
Cisco Phones User Guide
Graymail You can now receive periodic alerts when automatic updates are disabled for a specific service engine. You can change the existing alert interval in one of the following ways:. Security Services Service Updates Alert Interval for Disabled Automatic Engine Updates option in the web interface. updateconfig command in the CLI. Performing additional actions on attachments detected by Advanced Malware Protection in Mail Policy You can perform the following additional actions, if an attachment is considered ‘malicious’, ‘unscannable’, or ‘sent for file analysis’ in the Advanced Malware Protection section for Incoming or Outgoing Mail Policies:. Modifying the message recipient.
Cisco Ironport Esa Admin Guide
Sending the message to an alternate destination host. For more information see,. Improved AMP Engine Logs Information about the following scenarios are now logged in the AMP engine logs:. File that is not uploaded to the File Analysis server.
File that is skipped for file analysis because the appliance exceeded the daily file upload limit to the File Analysis server. File that is marked as unscannable.