This document describes the procedure to register Cisco Email Security Appliances (ESA) / Cloud Email Security (CES) Appliances in a clustered configuration environment to Advanced Malware Protection (AMP) for Endpoints.
Note: This document was written as of ESA/CES AsyncOS 11.1. For more information on ESA/CES documentation, please refer to the User Guides and Documentation.
Attempting to register an ESA/CES cluster with AMP for Endpoints from the GUI within the Security Services > File Reputation and Analysis page, the button Register Appliance with AMP for Endpoints is greyed out and unable to complete the registration.
Shown in the image:
To register an ESA/CES appliance in a clustered configuration to AMP for Endpoints, this must be done with machine level overrides. This means that for each machine in the cluster, it will have an individual override setting that will take precedence.
The steps to complete are as follows:
Step 1 - Log in and Navigate to the AMP Page on the ESA/CES.
Navigate to Security Services > File Reputation and Analysis and verify the current mode of configuration. This is indicated by the Mode - Cluster in the provided output.
Step 2 - Change the mode of configuration.
Click Centralized Management Options > Manage Settings.
Under Manage Settings, copy the configuration from cluster to the respective machine logged in. Once selected, Submit and Commit the changes.
Step 3 - Switch to the Machine Override Mode.
Click on the Change Mode... drop down and select the respective machine with the override to configure.
Step 4 - Register AMP for Endpoints for the Machine setting.
After the configuration mode is switched to Machine: <Machine Name>.
Click Edit Global Settings... then expand the Advanced settings for File Analysis component.
Click the button for Register Appliance with AMP for Endpoints" to complete registration.
Repeat Steps 1 - 4 on the remaining machines in the cluster to register for AMP for Endpoints.
Warning: ESA/CES software versions affected by defect id:CSCvp23281 should skip Step 5 as provided on the defect workaround.
Step 5 - Switch to Cluster Mode.
After each machine has registered with AMP for Endpoints, change the mode back to cluster by removing the machine level overrides for File Reputation and Analysis under Centralized Management Options > Manage Settings. All of the device settings must match for the clustering to work successfully. The Register Appliance with AMP for Endpoints button will still be greyed out and unavailable in cluster mode.