Can You Snapshot a Virtual Cisco IronPort?

The Cisco IronPort virtual edition has been out for about a year now. It’s still not quite as mature as we would like for it to be; for example, it lacks support for Hyper-V, modifying the CPU core allocation to meet peak performance demands, etc.

One of the unsupported ‘configurations’ is virtual machine snapshots.

This is what I was advised by a TAC engineer:

“The software was written for physical hardware, and operations such as snapping an image and reloading it at a later point in time, is not supported.

Our appliances often have files open, and taking a snapshot while a file is being written, can leave you with a worthless snapshot, that can’t be executed.  And thats only one of the problems you may encounter

I can confirm it is not supported, but nevertheless it will probably work when the machine is completely shut down. It will probably fail when the machine was ‘powered on’. There are no power states like pause or standby which would take the filesystem into a state that would be safe for a snapshot.

I can confirm, no problem if version mismatch due to a revert. A “revert” of the machine (CLI> revert)  also results in such a mismatch, but this is automatically resolved.”

So as you can see, snapshotting your ESA isn’t technically supported HOWEVER if you follow the basic steps below you shouldn’t have any issues.

Continue reading Can You Snapshot a Virtual Cisco IronPort?

Cisco IronPort ESA Finally Supports TLS 1.2

ASyncOS 9.5 is in Limited Deployment at the moment but you don’t have to wait long before it hits an ESA near you as Cisco seem to be pushing out ASyncOS releases pretty quickly these days.

9.5 comes with a bunch of new features including one many people have been waiting for – support for TLS 1.2.

See the release notes @ http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-5/ESA_9-5_Release_Notes.pdf

If you don’t want to wait for it to hit the General Deployment phase then you can raise a TAC support request with the serial number of your appliance and a request to be put on the LD list for release 9.5.

I’ll probably be doing this my self in the next few days. I also have a virtual appliance so can always snapshot the VM before the upgrade and roll back in case anything goes awry.

Cisco IronPort E-mail Security Appliance Best Practices : Part 3

In this article I will talk about some recommended security configurations, new features I have come across in the new AsyncOS 9.0/9.1 series and more about the Advanced Malware Protection (AMP) features introduced in AsyncOS 8.5.

If you haven’t already, have a look at part 1 and part 2 of this series 🙂

Continue reading Cisco IronPort E-mail Security Appliance Best Practices : Part 3

Migrating from a Physical IronPort ESA to a Virtual IronPort Appliance

This post will be a collection of thoughts and my own experiences when migrating from a physical C160 to a virtual C100V appliance. Other IronPort ESA P2V appliances may be similar so it’s worth reading on!

Continue reading Migrating from a Physical IronPort ESA to a Virtual IronPort Appliance

Cisco IronPort ESA – Useful Content Filters

In this article I will briefly discuss some content filters that I think could come in handy for IronPort ESA users.
Some of these can also be useful for outbound mail – for example, you should detect and notify when executables are sent outbound as it could be indicative of an internal outbreak which you obviously want to know about.

Continue reading Cisco IronPort ESA – Useful Content Filters