How do I roll back from my current version of AsyncOS on a Cisco Email Security Appliance?
Updated:August 22, 2014
Environment: Cisco Email Security Appliance (ESA), all versions of AsyncOS
In AsyncOS, the "revert" feature allows for rolling back the appliance to a previous version.
Not all previous versions will be available:
Upgrades cause one-way transformation of key subsystems complicating the reversion process. Cisco certifies specific versions of CASE, Sophos, VOF and McAfee to AsyncOS versions, to ensure a seamless reversion , target version builds have to be qualified by Cisco. Not all prior builds will be available; only limited, pre-determined reversion possibilities will exist.
Reversion will take as long as the upgrade:
To save file system resources, installation media are not kept on appliances. The reversion process requires streaming, do-it-while-downloading, installation.
Reversion is destructive:
Any messages in the work queue or the delivery queue are deleted. All reporting data and log files are deleted. Only, feature key data are preserved, all other configurations are lost. All databases and message tracking data will be lost. All Spam Quarantine message and end-user safelist/blocklist data. Only the network settings will be preserved. You must have console access to the box post revert as the IP will revert to the default of 192.168.42.42. Reverting the device causes an immediate reboot to take place. After rebooting, the appliance reinitializes itself and reboots again to the desired version.
Prepare for a possible reversion before upgrading:
As a best practice, Cisco recommends preparing for an upgrade by taking the following steps:
1. Save the XML config file off box (with passwords unmasked) 2. If you are using the Safelist/Blocklist feature, export the list off box 3. Suspend the listeners 4. Drain the mail queue and the delivery queue 5. Export the Spam Quarantine safelist/blocklist database to another machine (if applicable)
Don't forget re-enable the listeners post upgrade.
1. Log in to the CLI 2. Type "revert" 3. ESA will present a menu of previously installed, qualified versions 4. Pick revert version 5. Reboot 6. First reboot - system comes up, clears disks, unpacks install media 7. Second reboot (automatic) - system comes using selected version, initializes fresh data, appliance starts 8. Load the XML config file you saved while upgrading 9. If required, import the Safelist/Blocklist file