42
15-19
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter15 System Administration
Configuring the Update Server
To set an update server for your Cisco IronPort appliance:
Update Servers (lists)
Choose whether to download the list of available updates (the manifest
XML file) from the IronPort update servers or a local web server. The
manifest XML file includes updates for different security components, such
as McAfee Anti-Virus and the PXE Engine, as well as AsyncOS upgrades.
The default is the IronPort update servers. You might want to choose a local
web server when you want to temporarily download an upgrade image
stored on a local web server. After you download the image, Cisco
recommends changing this setting back to the IronPort update servers so
that security components continue to update automatically.
When you choose a local update server, enter the full path to the manifest
XML file for the list including the file name and port number for the server.
If you leave the port field blank, AsyncOS uses port 80. If the server
requires authentication, you can also enter a valid user name and password.
For more information, see Remote Upgrade Overview, page15-7.
Automatic Updates
Enable automatic updates and the update interval (how often the appliance
checks for updates) for Sophos and McAfee Anti-Virus definitions, IronPort
Anti-Spam rules, IronPort Intelligent Multi-Scan rules, PXE Engine
updates, Outbreak Filter rules, and time zone rules.
Interface
Choose which network interface to use when contacting the update servers
for the listed security component updates and Cisco IronPort AsyncOS
upgrades. The available proxy data interfaces are shown. By default, the
appliance selects an interface to use.
HTTP Proxy Server
An optional proxy server used for the services listed in the GUI.
Note that if you specify a proxy server, it will be used for ALL of these
services.
HTTPS Proxy Server
An optional proxy server using HTTPS. If you define the HTTPS proxy
server, it will be used to update the services listed in the GUI.
Table 15-1
Update Settings (Continued)
Setting
Description
43
Chapter15 System Administration
15-20
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Step 1
Select either the IronPort update servers or local update servers for obtaining
update images for services
Note
If you select a local server as an upgrade source, automatic updates for
several security component updates, such as Sophos and McAfee
Anti-Virus definitions, cease. To continue updating these security
component updates, host the update images or a list of the updates on the
local server.
Step 2
If you select local update servers for update images, first enter the base URL, port
number, and the optional authentication information for the local server hosting
all service updates except AsyncOS upgrades and McAfee Anti-Virus definitions.
Then enter the base URL for the local server hosting the AsyncOS upgrades and
McAfee Anti-Virus definitions.
Step 3
Select either the IronPort update servers or a local update server for obtaining a
list of available for Cisco IronPort AsyncOS upgrades and McAfee Anti-Virus
definitions.
Step 4
If you select a local update server for the list of available upgrades, enter the full
path to the XML file for the list, including the file name, and the HTTP port
number as well as the optional authentication information.
Configuring Automatic Updates
To enable automatic updates and configure the update interval:
Step 1
Select the check box to enable automatic updates.
Step 2
Enter an update interval (time to wait between checks for updates). Add a trailing
m
for minutes and
h
for hours. The maximum update interval is 1 hour.
Specify an HTTP Proxy Server (Optional)
To specify an HTTP proxy server:
Step 1
Enter a server URL and port number.
Step 2
Enter a username and password for an account on that server, if necessary.
40
15-21
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter15 System Administration
Step 3
Submit and commit your changes.
Specify an HTTPS Proxy Server (Optional)
To specify an HTTPS proxy server:
Step 1
Enter a server URL and port number.
Step 2
Enter a username and password for an account on that server, if necessary.
Step 3
Submit and commit your changes.
Configuring the Return Address for Various
Generated Messages
It is recommended that you avoid changing return addresses on Cloud
Email Security appliances.
You can configure the envelope sender for mail generated by AsyncOS for the
following circumstances:
•
Anti-Virus notifications
•
Bounces
•
Notifications (
notify()
and
notify-copy()
filter actions)
•
Quarantine notifications (and “Send Copy” in quarantine management)
•
Reports
You can specify the display, user, and domain names of the return address. You
can also choose to use the Virtual Gateway domain for the domain name.
Use the Return Addresses page available on the System Administration menu in
the GUI, or use the
addressconfig
command via the CLI.
30
Chapter15 System Administration
15-22
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Figure 15-8
The Return Addresses Page
To modify the return address for system-generated email messages via the GUI,
click Edit Settings on the Return Addresses page. Make changes to the address
or addresses you want to modify, click Submit, and, finally, commit your
changes.
Alerts
Alerts are email notifications containing information about events occurring on
the Cisco IronPort appliance. These events can be of varying levels of importance
(or severity) from minor to major and pertain generally to a specific component
or feature on your appliance. Alerts are generated by the Cisco IronPort appliance.
You can specify, at a much more granular level, which alert messages are sent to
which users and for which severity of event they are sent. Manage alerts via the
System Administration > Alerts page in the GUI (or via the
alertconfig
command in the CLI).
Alerting Overview
The alerting feature consists of two main parts:
•
Alerts - consist of an Alert Recipient (email addresses for receiving alerts),
and the alert notification (severity and alert type) sent to the recipient.
•
Alert Settings - specify global behavior for the alerting feature, including
alert sender (FROM:) address, seconds to wait between sending duplicate
alerts, and whether to enable AutoSupport (and optionally send weekly
AutoSupport reports).
43
15-23
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter15 System Administration
Alerts: Alert Recipients, Alert Classifications, and Severities
Alerts are email messages or notifications containing information about a specific
function (or alert classification) or functions such as a hardware or anti-virus
problem, sent to an alert recipient. An alert recipient is simply an email address
to which the alert notifications are sent. The information contained in the
notification is determined by an alert classification and a severity. You can specify
which alert classifications, at which severity, are sent to any alert recipient. The
alerting engine allows for granular control over which alerts are sent to which
alert recipients. For example, you can configure the system to send only specific
alerts to an alert recipient, configuring an alert recipient to receive notifications
only when Critical (severity) information about the System (alert type) is sent.
You can also configure general settings (see Configuring Alert Settings,
page 15-30).
See Alert Listing, page15-31 for a complete list of alerts.
Alert Classifications
AsyncOS sends the following alert classifications:
•
System
•
Hardware
•
Updater
•
Outbreak Filters
•
Anti-Virus
•
Anti-Spam
•
Directory Harvest Attack Prevention
Severities
Alerts can be sent for the following severities:
•
Critical: Requires immediate attention.
•
Warning: Problem or error requiring further monitoring and potentially
immediate attention.
•
Information: Information generated in the routine functioning of this device.
37
Chapter15 System Administration
15-24
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Alert Settings
Alert settings control the general behavior and configuration of alerts, including:
•
The RFC 2822 Header From: when sending alerts (enter an address or use the
default “alert@<hostname>”). You can also set this via the CLI, using the
alertconfig -> from
command.
•
The initial number of seconds to wait before sending a duplicate alert.
•
The maximum number of seconds to wait before sending a duplicate alert.
•
The status of AutoSupport (enabled or disabled).
•
The sending of AutoSupport’s weekly status reports to alert recipients set to
receive System alerts at the Information level.
Sending Duplicate Alerts
You can specify the initial number of seconds to wait before AsyncOS will send
a duplicate alert. If you set this value to 0, duplicate alert summaries are not sent
and instead, all duplicate alerts are sent without any delay (this can lead to a large
amount of email over a short amount of time). The number of seconds to wait
between sending duplicate alerts (alert interval) is increased after each alert is
sent. The increase is the number of seconds to wait plus twice the last interval. So
a 5 second wait would have alerts sent at 5 seconds, 15, seconds, 35 seconds, 75
seconds, 155 seconds, 315 seconds, etc.
Eventually, the interval could become quite large. You can set a cap on the number
of seconds to wait between intervals via the maximum number of seconds to wait
before sending a duplicate alert field. For example, if you set the initial value to
5 seconds, and the maximum value to 60 seconds, alerts would be sent at 5
seconds, 15 seconds, 35 seconds, 60 seconds, 120 seconds, etc.
SMTP Routes and Alerts
Alerts sent from the appliance to addresses specified in the Alert Recipient follow
SMTP routes defined for those destinations.
30
15-25
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter15 System Administration
IronPort AutoSupport
To allow Cisco to better support and design future system changes, the Cisco
IronPort appliance can be configured to send Cisco Systems a copy of all alert
messages generated by the system. This feature, called AutoSupport, is a useful
way to allow our team to be proactive in supporting your needs. AutoSupport also
sends weekly reports noting the uptime of the system, the output of the
status
command, and the AsyncOS version used.
By default, alert recipients set to receive Information severity level alerts for
System alert types will receive a copy of every message sent to Cisco. This can be
disabled if you do not want to send the weekly alert messages internally. To enable
or disable this feature, see Configuring Alert Settings, page15-30.
Alert Messages
Alert messages are standard email messages. You can configure the Header From:
address, but the rest of the message is generated automatically.
Alert From Address
You can configure the Header From: address via the Edit Settings button or via
the CLI (see the Cisco IronPort AsyncOS CLI Reference Guide).
Alert Subject
An alert email message's subject follows this format:
Subject: [severity]-[hostname]: ([class]) short message
Alert Delivery
Because alert messages can be used to inform you of problems within your Cisco
IronPort appliance, they are not sent using AsyncOS’s normal mail delivery
system. Instead, alert messages pass through a separate and parallel email system
designed to operate even in the face of significant system failure in AsyncOS.
21
Chapter15 System Administration
15-26
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
The alert mail system does not share the same configuration as AsyncOS, which
means that alert messages may behave slightly differently from other mail
delivery:
•
Alert messages are delivered using standard DNS MX and A record lookups.
– They do not use
smtproutes
in AsyncOS versions older then 5.X.
– They do cache the DNS entries for 30 minutes and the cache is refreshed
every 30 minutes, so in case of DNS failure the alerts still go out.
•
Alert messages do not pass through the work queue, so they are not scanned
for viruses or spam. They are also not subjected to message filters or content
filters.
•
Alert messages do not pass through the delivery queue, so they are not
affected by bounce profiles or destination control limits.
Documents you may be interested
Documents you may be interested