- Introduction
- Setup, Installation, and Basic Configuration
- Working With Reports on the Legacy Web Interface
- Using Centralized Email Security Reporting on the Legacy Web Interface
- Working With Reports on the Cloud Email Security Management Console
- Using Centralized Email Security Reporting on the Cloud Email Security Management Console
- Tracking Messages
- Spam Quarantine
- Centralized Policy, Virus, and Outbreak Quarantines
- Monitoring System Status
- Integrating With LDAP
- Configuring SMTP Routing
- Distributing Administrative Tasks
- Common Administrative Tasks
- Logging
- Troubleshooting
- IP Interfaces and Accessing the Appliance
- Assigning Network and IP Addresses
- Firewall Information
- Additional Resources
- End User License Agreement
- Index
- Collecting System Information
- Troubleshooting Hardware Issues
- Troubleshooting Feature Setup Issues
- General Troubleshooting Resources
- Troubleshooting Issues with Specific Functionality
Troubleshooting
This chapter contains the following sections:
- Collecting System Information
- Troubleshooting Hardware Issues
- Troubleshooting Feature Setup Issues
- General Troubleshooting Resources
- Troubleshooting Issues with Specific Functionality
- Working with Technical Support
- Running a Packet Capture
- Remotely Resetting Appliance Power
Collecting System Information
You can get information about your appliance and its status, including your serial number. Refer Monitoring System Status
Troubleshooting Hardware Issues
Lights on the front and/or rear panels of your hardware appliance indicate health and status of your appliance. For descriptions of these indicators, see the hardware guides such as the Cisco x90 Series Content Security Appliances Installation and Maintenance Guide available from the location specified in.
Specifications for your appliance, such as temperature ranges, are also available in these documents.
Note | If you need to cycle power to your x80 or x90 appliance, wait at least 20 minutes for the appliance to come up (all LEDs are green) before pushing the power button. |
Troubleshooting Feature Setup Issues
If you are experiencing difficulty configuring a feature successfully, see the summaries of the tasks you must complete for each feature. These include links to specific information for each.
General Troubleshooting Resources
General troubleshooting resources include:
- Recent alerts. See Viewing Recent Alerts.
- Log files. SeeLogging
- The Release Notes, including the Documentation Updates section. SeeDocumentation.
- The Cisco Bug Search Tool (instructions for access are in the Release Notes)
- Knowledge Base Articles (TechNotes)
- TheCisco Support Community
Troubleshooting Issues with Specific Functionality
See alsoTroubleshooting Feature Setup Issues.
Email Security-Related Issues
- Troubleshooting All Reports
- Troubleshooting Message Tracking
- Troubleshooting Spam Quarantine Features
- Troubleshooting Centralized Policy Quarantines
- Feature-related issues may also result from settings on your Email Security appliances. See the release notes and online help or user guide for your release at the location specified inDocumentation.
General Issues
- If you are unable to load a configuration file, make sure your disk space quotas are larger than the current size of each function in the table on the Management Appliance > System Administration > Disk Management page.
- If you have recently upgraded and the online help appears to be outdated or you cannot find the information about a new feature, clear your browser cache and then reopen the browser window.
- Unexpected behavior can occur when configuring settings using the web interface if you are using multiple browser windows or tabs simultaneously.
- SeeResponding to Alerts.
- SeeTroubleshooting Administrative User Access.
Responding to Alerts
Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware
Problem: You receive an alert with subject “Battery Relearn Timed Out” for 380 or 680 hardware.
Solution: This alert may or may not indicate a problem. The battery relearn timeout, in itself, does not mean there is any problem with the RAID controller. The controller can recover in the subsequent relearn. Please monitor your email for any other RAID alerts for the next 48 hours, to ensure that this is not the side-effect of any other problem. If you do not see any other RAID-related alerts from the system, then you can safely ignore this alert.
Additional Alert Descriptions
For descriptions of additional alerts, see
Working with Technical Support
- Opening or Updating a Support Case from the Appliance
- Getting Support for Virtual Appliances
- Enabling Remote Access for Cisco Technical Support Personnel
Opening or Updating a Support Case from the Appliance
You can use this method to contact Cisco TAC or your own support services.
If you wish to contact Cisco TAC:
- If your issue is urgent, do not use this method. Instead, contact support using one of the other methods listed in Customer Support.
- Consider other options for getting help:
- When you open a support case using this procedure, the appliance configuration file is sent to Cisco Customer Support. If you do not want to send the appliance configuration, you can contact Customer Support using a different method.
- The appliance must be connected to the internet and able to send email.
- If you are sending information about an existing case, make sure you have the case number.
Step 1 | Log in to the appliance. | ||||||
Step 2 | Choose Help and Support > Contact Technical Support. | ||||||
Step 3 | Determine the
recipients of the support request:
| ||||||
Step 4 | Complete the form. | ||||||
Step 5 | Click Send. |
Getting Support for Virtual Appliances
If you file a support case for a Cisco content security virtual appliance, you must provide your Virtual License Number (VLN), your contract number, and your Product Identifier code (PID).
You can identify your PID based on the software licenses running on your virtual appliance, by referencing your purchase order, or from the following table:
Functionality |
PID |
Description |
---|---|---|
All centralized email security functionality |
SMA-EMGT-LIC= |
|
Enabling Remote Access for Cisco Technical Support Personnel
Only Cisco Customer Assistance can access your appliance using these methods.
- Enabling Remote Access to Appliances With an Internet Connection
- Enabling Remote Access to Appliances Without a Direct Internet Connection
- Disabling a Tech Support Tunnel
- Disabling Remote Access
- Checking the Status of the Support Connection
Enabling Remote Access to Appliances With an Internet Connection
Support accesses the appliance through an SSH tunnel that this procedure creates between the appliance and the upgrades.ironport.com server.
Identify a port that can be reached from the internet. The default is port25 which will work in most environment . Connections over this port are allowed in most firewall configurations.
What to Do Next
When remote access for support personnel is no longer required, seeDisabling a Tech Support Tunnel.
Enabling Remote Access to Appliances Without a Direct Internet Connection
For appliances without a direct internet connection, access is made through a second appliance that is connected to the internet.
- The appliance must be able to connect on port 22 to a second appliance that is connected to the internet.
- On the appliance with the internet connection, follow the procedure inEnabling Remote Access to Appliances With an Internet Connection to create a support tunnel to that appliance.
What to Do Next
When remote access for support personnel is no longer required, see the following:
Disabling a Tech Support Tunnel
An enabled techsupport tunnel remains connected to upgrades.ironport.com for 7 days. After that time, established connections will not be disconnected but will be unable to re-attach to the tunnel once disconnected.
Disabling Remote Access
A remote access account that you create using the techsupport command remains active until you deactivate it.
Checking the Status of the Support Connection
Running a Packet Capture
Packet Capture allows support personnel to see the TCP/IP data and other packets going into and out of the appliance. This allows Support to debug the network setup and to discover what network traffic is reaching the appliance or leaving the appliance.
What to Do Next
Make the file available to Support:
- If you allow remote access to your appliance, technicians can access the packet capture files using FTP or SCP. SeeEnabling Remote Access for Cisco Technical Support Personnel.
- Email the file to Support.
Remotely Resetting Appliance Power
If the appliance requires a hard reset, you can reboot the appliance chassis remotely using a third-party Intelligent Platform Management Interface (IPMI) tool.
Restrictions
-
Remote power cycling is available only on certain hardware.
For specifics, seeEnabling Remote Power Cycling.
-
If you want be able to use this feature, you must enable it in advance.
For details, seeEnabling Remote Power Cycling.
-
Only the following IPMI commands are supported:
status, on, off, cycle, reset, diag, soft
Issuing unsupported commands will produce an “insufficient privileges” error.