Guest

Cisco Email Security Appliance

Content Security Appliance Upgrades or Updates with a Static Server

Document ID: 117854

Updated: Jun 26, 2014

Contributed by Kevin Luu and Robert Sherwin, Cisco TAC Engineers.

   Print

Introduction

This document describes how to upgrade or update your Cisco Content Security appliance with the use of a static server.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Cisco Email Security Appliance (ESA)
  • Cisco Web Security Appliance (WSA)
  • Cisco Security Management Appliance (SMA)
  • AsyncOS

Components Used

The information in this document is based on these software and hardware versions:

  • All versions of AsyncOS

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Upgrade or Update the Appliance

Cisco offers static servers for the sites that have strict firewall requirements. It is important to note that if you configure the update and upgrade settings on your appliance with the use this static method, all the information is needed in the firewalls as well.

Here are the hostnames, IP addresses, and ports that are involved in the upgrade and update process:

  • downloads-static.ironport.com: 208.90.58.105 on port 80

  • update-manifests.ironport.com: 208.90.58.5 on port 443

  • updates-static.ironport.com: 208.90.58.25 on port 80

Complete these steps in order to change the upgrade and update settings on the AsyncOS:

  1. Navigate to the Service Updates tab of the Security Services page.

  2. Click Edit Update Settings....

  3. Select Local Update Servers from the Update Servers (images) field.

  4. Enter http://downloads-static.ironport.com in the Base URL (all services except McAfee Anti-Virus definitions and IronPort AsyncOS upgrades) field and set the Port to 80. Leave the Authentication Settings field blank.

  5. Enter updates-static.ironport.com in the Host (McAfee Anti-Virus definitions, PXE Engine updates, IronPort AsyncOS upgrades) field.

  6. Ensure that the Update Servers (list) field is set to IronPort Update Servers.

  7. Update the Proxy Servers settings if required.

  8. Click Submit.

  9. Click Commit Changes.

  10. Click Commit Changes again in order to confirm.

Verify Upgrades and Updates

In order to verify that the upgrades are complete, navigate to the System Upgrade page and click Available Upgrades. If the list of available versions displays, then your setup is complete.

In order to verify that the updates function correctly, enter the tail command into the CLI and view the updater_logs for errors.

  • For Sophos updates, monitor the updater_logs for sophos, or monitor the antivirus log:

    Wed Jun 25 19:00:24 2014 Info: sophos verifying applied files
    Wed Jun 25 19:00:24 2014 Info: sophos updating the client manifest
    Wed Jun 25 19:00:24 2014 Info: sophos update completed
    Wed Jun 25 19:00:24 2014 Info: sophos waiting for new updates
  • For McAfee updates, monitor the updater_logs for mcafeeor monitor the antivirus log:

    Wed Jun 25 19:00:40 2014 Info: mcafee verifying applied files
    Wed Jun 25 19:00:40 2014 Info: mcafee updating the client manifest
    Wed Jun 25 19:00:40 2014 Info: mcafee update completed
    Wed Jun 25 19:00:40 2014 Info: mcafee waiting for new updates
  • For CASE updates that are used by IPAS and VOF, monitor the updater_logs for case:

    Wed Jun 25 18:59:47 2014 Info: case verifying applied files
    Wed Jun 25 18:59:47 2014 Info: case updating the client manifest
    Wed Jun 25 18:59:47 2014 Info: case update completed
    Wed Jun 25 18:59:47 2014 Info: case waiting for new updates

The appliance will send notification alerts when the updates fail. Here is an example of the most commonly received:

The Warning message is:
The updater has been unable to communicate with the update server for at least 1h.
Updated: Jun 26, 2014
Document ID: 117854