Guest

Cisco Email Security Appliance

How do you load the configuration on a replacement ESA / Can you migrate a configuration from one ESA to another?

Document ID: 117803

Updated: Jun 11, 2014

Contributed by Fraidoon Sarwary and Robert Sherwin, Cisco TAC Engineers.

   Print

Introduction

This document describes how to load the configuration onto a replacement Email Security Appliance (ESA) and how to migrate the configuration.

How do you load the configuration on a replacement ESA?

If you do not change the IP address or the name of your ESA and it will be used to replace your current unit, complete these steps in order to restore your configuration.

Save the Configuration

  1. Choose System Administration > Configuration File.
  2. In the Current Configuration section, click the radio button next to Download file to local computer to view or save.
  3. Uncheck Mask passwords in the Configuration Files - files with masked passwords cannot be loaded with Load Configuration.
  4. Click Submit. This automatically downloads the appliance configuration in XML format to your local computer. Based on your local computer and browser, be sure that you save the file to a known location or your desktop.
  5. Edit the XML file. In the Network Configuration section, remove the Ethernet and Port entries from the configuration file. The Ethernet entry starts with <ethernet_settings> and ends with </ethernet_settings>, and the Port entry starts with <ports> and ends with </ports>. 
  6. Save the XML file.

Load the Configuration

Note: Make sure the AsyncOS version (for example, AsyncOS Version 7.6.3-019) is the same revision loaded on each of the appliances.

  1. Choose System Administration > Configuration File.
  2. In the Load Configuration section, click the radio button next to Load a configuration file from local computer: and then click Browse.
  3. Locate the file you saved from the previous instructions and click Open.
  4. Click Load.

Your configurations are now loaded on your new unit.

Can you migrate a configuration from one ESA to another?

It is possible to migrate a configuration from one ESA to another, but it not supported. Both ESAs must have the same AsyncOS version. You must perform a saveconfig with passwords on both appliances, and download both configurations. The configuration is generally the same. If during a loadconfig there is an alert about the quarantine size, edit the XML file. Search for the quarantine area and adjust the size of the quarantine part.

Since the differences in configurations are vast and many scenarios can occur, it is not possible to cover all of the possibilities within a single document. It is also not possible to expand upon the issues that might occur due to this complexity. However, here are some examples:

  • When you downgrade from a C6xx to a C360, the quarantine sizes must be adjusted.
  • When you migrate from C1xx to any other platform, the number of interfaces change.
  • When you migrate from a C360/C660 to a C370/C670, the number of interfaces increases, and must be manually corrected in the configuration.
Updated: Jun 11, 2014
Document ID: 117803