Introduction

This chapter contains the following sections:

What's New in this Release

This section describes the new features and enhancements in this release of AsyncOS for Secure Email and Web Manager.

Table 1. What's New in AsyncOS 15.5.1

Feature

Description

TLS 1.3 Support for Web Interface and API Server

You can use TLS 1.3 for TLS communication across the legacy or new web interfaces of your Secure Email and Web Manager and the API services.

For more information, see Secure Communication Protocol.

Monitoring Vault Service and Sending Alerts

Your Secure Email and Web Manager now monitors the Vault service and keeps track of its status, whether it is initialized or not. It also sends appropriate alert messages and logs status information into mail_logs.

You can access the alert logs using one of the following ways:

  • Navigate to System Administration > Alerts page on the web interface, and click the View Top Alerts button.

  • Use the displayalerts command in the CLI.

If the Vault service fails to initialize due to any issues, you receive alert messages (in the mail, on the web interface, and in the CLI) to indicate that the Vault service is down, and you have to execute the Vault Recovery process to restore the Vault service.

Note

 

If the upgrade fails while upgrading to AsyncOS 15.5.1, then you should check for the Vault service error in upgrade_logs. If a Vault service error is identified, then you must restore the Vault service or proceed with the upgrade process without saving the configuration.

You will receive alert messages in the following scenarios:

  • If the Vault service fails to initialize after you upgrade to AsyncOS 15.5.1, you receive alert messages through the mail, on the web interface, and in the CLI.

  • If any of the services of your Secure Email and Web Manager use the Vault service that fails to initialize, you receive alert messages through the mail, on the web interface, and in the CLI. If encryption is enabled, you always receive an alert mail. If encryption is disabled, you receive an alert mail only if the services using the Vault service are configured. You can check the encryption status using the adminaccessconfig > encryptconfig subcommand.

    The Vault monitoring mechanism checks the Vault service every 75 minutes. If it is down, then it sends alert messages until the Vault service is restored.

For information on an example of a successful vault health check and initialization log entry, see Successful Vault Health Check and Initialization.

To restore the Vault service, you have to execute the Vault Recovery process.

Note

 

If the encryption (CLI > adminaccessconfig > encryptconfig) is enabled, ensure that you always save and keep a copy of Secure Email and Web Manager’s configuration to avoid data loss.

For more information on how to save the Secure Email and Web Manager’s configuration, see Saving Secure Email and Web Manager's Configuration section in the Release Notes.

For information on how to execute the Vault Recovery process, see Executing Vault Recovery Process to Resolve Vault Issues section in the Release Notes.

Mandatory Usage of Cisco Smart Software Licensing for On-Premises Users

The Cisco Smart Software Licensing usage is mandatory from this release (all releases post AsyncOS 15.0 release) for Cisco Secure Email and Web Manager.

Note

 

From this release onwards, there will be no support for classic licensing for On-Premises users. You will no longer be able to order new feature licenses or renew existing feature licenses in the Classic Licensing mode.

Prerequisite: Make sure you create a smart account in the Cisco Smart Software Manager portal and enable Cisco Smart Software Licensing on your Secure Email and Web Manager. For more information, see Smart Software Licensing.

After you enable Cisco Smart Software Licensing, you can upgrade your Secure Email and Web Manager to this release and continue to use the existing feature licenses in the Smart Licensing mode.

Search Filter Enhancement

To enhance your search, two new filters, Contains and Does Not Contain, are added to the drop-down list on the Search ribbon at the bottom of the reporting pages on the new web interface.

For more information, see Searching and the Interactive Email Report Pages

Cisco Secure Email and Web Manager Overview

AsyncOS for Cisco Secure Email and Web Manager incorporates the following features:

  • External Spam Quarantine:Hold spam and suspected spam messages for end users, and allow end users and administrators to review messages that are flagged as spam before making a final determination.

  • Centralized Policy, Virus, and Outbreak Quarantines: Provide a single interface for managing these quarantines and the messages quarantined in them from multiple Email gateways. Allows you to store quarantined messages behind the firewall.

  • Centralized reporting: Run reports on aggregated data from multiple Email and Web Security appliances. The same reporting features available on individual appliances are available on Secure Email and Web Manager appliances.

  • Centralized tracking: Use a single interface to track email messages and web transactions that were processed by multiple Email and Web Security appliances.

  • Centralized Configuration Management for Web Security appliances: For simplicity and consistency, manage policy definition and policy deployment for multiple Web Security appliances.


    Note
    The Secure Email and Web Manager appliance is not involved in centralized email management, or ‘clustering’ of Email Gateway.

  • Centralized Upgrade Management: You can simultaneously upgrade multiple Web Security appliances (WSAs) using a single Secure Email and Web Manager Appliance (SMA).

  • Backup of data: Back up the data on your Secure Email and Web Manager appliance, including reporting and tracking data, quarantined messages, and lists of safe and blocked senders.

  • Support for Internationalized Domain Name (IDN): AsyncOS 14.0 can now receive and deliver messages with email addresses that contain IDN domains. Currently, your content security gateway provides support of IDN domains for the following languages only:

    • Indian Regional Languages: Hindi, Tamil, Telugu, Kannada, Marati, Punjabi, Malayalam, Bengali, Gujarati, Urdu, Assamese, Nepali, Bangla, Bodo, Dogri, Kashmiri, Konkani, Maithili, Manipuri, Oriya, Sanskrit, Santali, Sindhi, and Tulu.

    • European and Asian Languages: French, Russian, Japanese, German, Ukrainian, Korean, Spanish, Italian, Chinese, Dutch, Thai, Arabic, and Kazakh.

For this release, you can only configure few features using IDN domains in your content security gateway.

  • SMTP Routes Configuration Settings- Add or edit IDN domains, Export or import SMTP routes using IDN domains.

  • Reporting Configuration Settings: View IDN data - usernames, email addresses, and domains) in the reports.

  • Message Tracking Configuration Settings: View IDN data- usernames, email addresses, and domains) in message tracking.

  • Policy, Virus, and Outbreak Quarantine Configuration Settings: View messages with IDN domains that may be transmitting malware, as determined by the anti-virus engine, View messages with IDN domains caught by Outbreak Filters as potentially being spam or malware, View messages with IDN domains caught by message filters, content filters, and DLP message actions.

  • Spam Quarantine Configuration Settings- View messages with IDN domains detected as spam or suspected spam, Add email addresses with IDN domains to the safelist and blocklist categories.

You can coordinate your security operations from a single Secure Email and Web Manager appliance or spread the load across multiple appliances.