Upload
robi1947
View
29
Download
3
Embed Size (px)
DESCRIPTION
cisco
Citation preview
Email Security Deployment Guide
Revision: H1CY11
Who Should Read This Guide
Who Should Read This Guide
This guide is intended for the reader with any or all of the following:
• Upto2500connectedemployees
• Upto75brancheswithapproximately25employeeseach
• Emailservicesthatarehostedeitherlocallyorco-located
• CCNA®certificationorequivalentexperience
Thereadermaybelookingforanyorallofthefollowing:
• Tounderstandthebenefitsofdeployingemailsecurity
• TounderstandmoreabouttheCisco® Email Security solution
• TolearnthebenefitsofCiscoEmailSecurity
• Todeployemailfiltering
• Tofilteremailforspam
• Tofilteremailforviruses
• Toreducecostbyoptimizingemailbandwidthandimprovingemployeeproductivity
• Togaintheassuranceofatestedsolution
Related Documents
Before reading this guide
Foundation Design Overview
Foundation Deployment Guide
Foundation Configuration Files Guide
Data Center
Design Guides Deployment Guides
Deployment Guides
Supplemental Guides
Email Security
Web Security ConfigurationFIles
You are HereFoundation
Design Guides Supplemental Guides
TableofContents
ALLDESIGNS,SPECIFICATIONS,STATEMENTS,INFORMATION,ANDRECOMMENDATIONS(COLLECTIVELY,"DESIGNS")INTHISMANUALAREPRESENTED"ASIS,"WITHALLFAULTS.CISCOANDITSSUPPLIERSDISCLAIMALLWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITA-TION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHEDESIGNS,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THEDESIGNSARESUBJECTTOCHANGEWITHOUTNOTICE.USERSARESOLELYRESPONSIBLEFORTHEIRAPPLICATIONOFTHEDESIGNS.THEDESIGNSDONOTCONSTITUTETHETECHNICALOROTHERPROFESSIONALADVICEOFCISCO,ITSSUPPLIERSORPARTNERS.USERSSHOULDCONSULTTHEIROWNTECHNICALADVISORSBEFOREIMPLEMENTINGTHEDESIGNS.RESULTSMAYVARYDEPENDINGONFACTORSNOTTESTEDBYCISCO.
AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.CiscoUnifiedCommunicationsSRND(BasedonCiscoUnifiedCommunicationsManager7.x)
©2010CiscoSystems,Inc.Allrightsreserved.
TableofContents
Architectural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1GuidingPrinciples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
ThePurposeofthisGuide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Business Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Technology Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3Filtering Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Deploying the Cisco Email Security Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Appendix A: Product List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Appendix B: SBA for Midsize Organizations Document System . . . . . . . . . .13
1ArchitecturalOverview
ArchitecturalOverview
The Cisco®SmartBusinessArchitecture(SBA)isacomprehensivedesignfornetworkswithupto1000users.Thisout-of-the-boxdesignissimple,fast,affordable,scalable,andflexible.
TheCiscoSBAforMidsizeOrganizationsincorporatesLAN,WAN,wireless,security,WANoptimization,andunifiedcommunicationtechnologiestestedtogetherasasolution.Thissolution-levelapproachsimplifiesthesystemintegrationnormallyassociatedwithmultipletechnologies,allowingyoutoselectthemodulesthatsolveyourorganization’sproblemsratherthanworryingaboutthetechnicaldetails.
WehavedesignedtheCiscoSmartBusinessArchitecturetobeeasytoconfigure,deploy,andmanage.Thisarchitecture:
• Providesasolidnetworkfoundation
• Makesdeploymentfastandeasy
• Acceleratesabilitytoeasilydeployadditionalservices
• Avoidstheneedforre-engineeringofthecorenetwork
BydeployingtheCiscoSmartBusinessArchitecture,yourorganizationcangain:
• Astandardizeddesign,testedandsupportedbyCisco
• Optimizedarchitectureformidsizeorganizationswithupto1000usersandupto20branches
• Flexiblearchitecturetohelpensureeasymigrationastheorganizationgrows
• Seamlesssupportforquickdeploymentofwiredandwirelessnetworkaccessfordata,voice,teleworker,andwirelessguest
• Securityandhighavailabilityforcorporateinformationresources,serv-ers,andInternet-facingapplications
• ImprovedWANperformanceandcostreductionthroughtheuseofWANoptimization
• SimplifieddeploymentandoperationbyITworkerswithCCNA® certifica-tionorequivalentexperience
• Ciscoenterprise-classreliabilityinproductsdesignedformidsizeorganizations
Guiding Principles
We divided the deployment process into modules according to the following principles:
• Ease of use: AtoprequirementofCiscoSBAwastodevelopadesignthatcouldbedeployedwiththeminimalamountofconfigurationandday-twomanagement.
• Cost-effective: Anothercriticalrequirementasweselectedproductswastomeetthebudgetguidelinesformidsizeorganizations.
• Flexibility and scalability: Astheorganizationgrows,sotoomustitsinfrastructure.Productsselectedmusthavetheabilitytogroworberepurposedwithinthearchitecture.
• Reuse: Westrived,whenpossible,toreusethesameproductsthroughoutthevariousmodulestominimizethenumberofproductsrequiredforspares.
UserServices
NetworkServices
NetworkFoundation
Voice,Video,
Web Meetings
Security, WAN Optimization,
Guest Access
Routing, Switching,Wireless, and Internet
TheCiscoSmartBusinessArchitecturecanbebrokendownintothefollow-ingthreeprimary,modularyetinterdependentcomponentsforthemidsizeorganization.
• Network Foundation: Anetworkthatsupportsthearchitecture
• Network Services: Featuresthatoperateinthebackgroundtoimproveandenabletheuserexperiencewithoutdirectuserawareness
• User Services: Applicationswithwhichauserinteractsdirectly
The Purpose of this Guide
ThisdeploymentguideintroducestheEmailSecuritysolution.
ItexplainstherequirementsthatwereconsideredwhenbuildingtheCiscoSmartBusinessArchitecturedesignandintroduceseachoftheproductsthatwereselected.
2BusinessOverview
BusinessOverview
Duetoabusinessneedforafunctionalandreliableemailsolution,anemailsecuritysolutionbecomesarequirement.Thissolutionmusthandlethecom-monthreatswithoutintroducingnewissueslikeblockinglegitimateemails.
The two major threats to the email system are:
• Floodsofunsolicitedandunwantedemails,calledspam,thatwasteemployeetimethroughtheirsheervolume,andusevaluableresourceslikebandwidthandstorage.
• Maliciousemailthatcomesintwobasicforms:embeddedattacks,whichinclude viruses and malware that perform actions on the end device whenclicked,andphishingattacks,whichtrytotrickemployeesintoreleasingsensitiveinformationlikecreditcardnumbers,socialsecuritynumbers,orintellectualproperty.Phishingattacksmightalsotrytotrickemployeesintobrowsingtomaliciouswebsites.
3Technology Overview
Technology Overview
Anemailsolutionwillbecomeunusableifspam—unsolicitedandunwantedemails—isnotfilteredproperly.Thesheervolumeofspammessagescancrowdoutlegitimatemail.Asideeffectofsomeanti-spamsolutionsisfalsepositivesoremailthatisincorrectlyidentifiedasspam.Whenthisoccurs,theorganizationmustexpendresourcestosiftthroughthejunkemaillookingforlegitimatemessagesorreducetheleveloffiltering,whichallowsmoremessagestogotousers,makingtheuserresponsiblefordeterminingwhetheremailsarespam.
Spamisalsolikelytoincludeembeddedattacks.Criminalorganizationshavefoundthatusingattacksinemailisaneffectiveandcheapwaytoattackauser’smachine.Theseattacksmaytaketheformofvirusesthatattempttoinfecttheuser’shost,orcounterfeitURLsthattrickusersintogoingtoawebsitewherecriminalscanstealbanklogincredentialsorinfecttheuser’shost.Thesetypesofattacks,knownasphishing,areusedtogathersocialsecuritynumbers,creditcardnumbers,orcompromisethehosttouseitasalaunchpointtosendspamandotherattacks.
Filtering Spam
Therearetwowaystofilterspam:reputation-basedfilteringandcontext-basedfiltering.
Onetechniqueusedtocombatspamandphishingattacksisreputation-basedfilteringchecks.Ifaserverisaknownspamsender,thenitismorelikelythatemailcomingfromthatserverisspamcomparedtoahostthatdoesnothaveareputationfordistributingspam.Similarprocessescanbeappliedtoemailscarryingvirusesandotherthreats.
The goal of the solution is to filter out positively identified spam and quar-antineordiscardemailssentfromuntrustedorpotentiallyhostilelocations.Anti-virus(AV)scanningisappliedtoemailsandattachmentsfromallserverstoremoveknownmalware.
ReputationfiltersprovidethefirstlayerofdefensebylookingatthesourceIPaddressoftheemailserverandcomparingthistothereputationdatadownloadedfromCiscoSenderBase®.SenderBaseistheworld’slargestrepositoryforsecuritydataincludingspamsources,botnets,andothermalicioushosts.WhenhostsontheInternetengageinmaliciousactivity,SenderBaselowersthereputationofthathost.Devicesthatusereputation
filtering,liketheCiscoIronPort®EmailSecurityAppliance(ESA),receiveupdatesfromSenderBaseseveraltimesaday.WhentheESAreceivesanemail,itcomparesthesourceIPtotheSenderBasedatabase(seeFigure1).Ifthereputationofthesenderis:
• positive,theemailgetsforwardedontothenextlayerofdefense.
• negative,theemailisdiscarded.
• inbetween,theemailisconsideredsuspicious,isquarantined,andmustwaitforinspectionbeforebeingdelivered.
Context-basedanti-spamfiltersintheESAinspecttheentiremailmessage,includingattachments,lookingfordetailslikesenderidentity,messagecontents,embeddedURLs,andemailformatting.Usingthesealgorithms,theESAcanidentifyspammessageswithoutblockinglegitimateemail.
Figure1.Email Filtering Overview
Anti-SpamEngine
Incoming MailGood, Bad, and
“Gray” or Unknown Email
• Known good is delivered
•Known bad is deleted/tagged
•Suspicious is throttled & spam filtered
Cisco Email Security
Fighting Viruses and Malware
TheCiscoESAusesamultilayerapproachtofightvirusesandmalware.
ThefirstlayeristheVirusOutbreakFilterswhicharedownloadedfromSenderBasebytheappliance.Theycontainalistofknownbadmailserv-ers.Thesefiltersaregeneratedbywatchingglobalemailtrafficpatternsandlookingforanomaliesassociatedwithanoutbreak.Whenanemailisreceivedfromaserveronthislist,itiskeptinquarantineuntiltheanti-virussignaturesareupdatedtocounterthecurrentthreat.
TheESA’ssecondlayerofdefenseinvolvesusingAVsignaturestoscanquarantinedemailstoensurethattheydonotcarryvirusesintothenetwork.
4Technology Overview
Cisco IronPort Email Security Appliance
TheCiscoIronPortESAprotectstheemailinfrastructureandtheemployeeswhouseemailatwork.ESAintegratesintoexistingemailinfrastructureseasilywithahighdegreeofflexibility.Itdoesthisbyactingasamailtransferagent(MTA),ormailrelay,alongtheemaildeliverychain.
Anormalemailexchange,whenanorganizationisusinganMTA,mightlookliketheemailmessageflowdepictedinFigure2.
AnESAcanbedeployed:
• Withasinglephysicalinterfacetofilteremailtoandfromtheorganiza-tion’smailservers.
• Usingatwo-interfaceconfiguration,oneforemailtransferstoandfromtheInternetandtheotherforemailtransferstoandfromtheinternalservers.
AnESAusesavarietyofmechanismsforspamandantivirusfiltering.
Figure2.EmailMessageFlow
5DeployingtheCiscoIronPortESA
DeployingtheCiscoIronPortEmailSecurityAppliance
FordeploymentintheSBA,theCiscoESAisconfiguredforbasicnetworkaccessandananti-spamandanti-viruspolicyisbuiltandapplied.TheDomainNameSystem(DNS)wasmodifiedtosupporttheESA,theappli-ancesoftwarewasupdated,andthefeaturekeysfortheappliancewereinstalled.
Someslightpolicychangeshavebeenmade,butadetailedpolicyconfigura-tiondiscussion,troubleshooting,andongoingmonitoringarebeyondthescopeofthisdocument.Policymigrationandadvancedpolicycreationfor theCiscoESAdeviceshouldbedirectedtoyourCiscoIronPortpartner orCiscoaccountteam.
TheCiscoESAdeploymentisdesignedtobeaseasyaspossible.ItisdeployedintoyourexistingmaildeliverychainasanMTA.TheESAisthedestinationoftheorganization’semail;assuch,thepublicmailtransfer(MX)records(theDNSrecordthatdefineswheretosendmail)musteventuallypointtotheESA’spublicIPaddress.
Inthisdeploymentguide,theESAisphysicallydeployedontheDMZoftheInternetEdgefirewallusingasingleinterfaceforsimplicity(seeFigure3).This interface handles all incoming and outgoing email and carries manage-menttraffic.TheportontheESAistheM1managementinterface.
Figure3.Deployment Overview
ItisimportantthattheESAbeaccessibleviathepublicInternetandthattheESAisthe“firsthop”inyouremailinfrastructure.Thesender’sIPaddressisusedbyseveraloftheESA’sprocessesandisoneoftheprimaryidentifiersSenderBaseusestodeterminethesender’sreputation.IfanotherdevicereceivesmailbeforeforwardingittotheESA,theESAwillnotbeabletodeterminethesender’sIPaddressandfilteringcannotbeappliedproperly.
ThissectionexplainshowtodeploytheESA,includingthefollowingprocesses:
• PreparingforESADeployment
• CompletingtheBasicDeployment
• EnablingMailPolicies
• ConfiguringtheFirewall
• MaintainingtheESA
Process
Preparing for ESA Deployment
1. ConfiguretheDNS
BeforeyoubegintheESAdeployment,youneedtoconfiguretheDNS.
Procedure 1 Configure the DNS
TheESA’shostnameisthenamecarriedintheDNS’sMXrecord,anditindicatesthattheESAistheprimaryMTA;theDNSArecordcorrespondstotheIPaddressthattheCiscoASA5500AdaptiveSecurityAppliancehasstaticallytranslatedfortheESA’saddressintheDMZ.
6DeployingtheCiscoIronPortESA
Process
Completing the Basic Deployment
1. CompleteBasicESASetup
2. Complete the System Setup
3. ConfigureSystemUpdatesandFeatureKeys
AfterphysicallyinstallingandconnectingtheESAtothenetwork,thenextstepisbasicsetup.
Procedure 1 Complete Basic ESA Setup
TheESAsupportstwoconfigurationinterfaces:WebbrowserorCLI.
CompletethefollowingstepstoconnecttoanunconfiguredESAusingaWebbrowser:
Step 1: ConfigureaPCwithanIPaddressinthe192.168.42.xnetwork.
Step 2: ConnectbothdevicestothesameVLANonaswitch(ordirectlyconnectacrossoverEthernetcablebetweenthedevices).
Step 3: BrowsetothedefaultIPaddressof192.168.42.42.
Toconnectusingtheconsoleport,completethefollowingstepstosetupbasicnetworkingtoconfigureconnectivity.YouwillthenfinishconfiguringtheESAwiththebuilt-inWebGUIdevicemanagementtool.
Step4:IssuethefollowingtwocommandsinthedeviceCLI: interfaceconfig setgateway
Step5:Commityourchangesaftermakingthemasfollows:ironport.example.com> interfaceconfig
Currently configured interfaces: 1. Management (192.168.42.42/24 on Data 1: ironport.example.com) Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []> edit
Enter the number of the interface you wish to edit. []> 1
IP interface name (Ex: “InternalNet”): [Management]> DMZ_Interface
IP Address (Ex: 192.168.1.2): [192.168.42.42]> 10.10.24.50
Ethernet interface: 1. Data 1 2. Data 2 [1]> 1
Netmask (Ex: “255.255.255.0” or “0xffffff00”): [255.255.255.0]> 255.255.255.0
Hostname: [ironport.example.com]> email1.cisco.local
Do you want to enable FTP on this interface? [N]> n
Do you want to enable Telnet on this interface? [Y]> n
Do you want to enable SSH on this interface? [Y]> y
Reader Tip
Userdocumentationcanbefoundhere: http://www.ironport.com/support/login.html
WorkwithyourCiscoIronPortChannelPartnertoobtainalogin.
Tech Ti
Thedefaultusernameandpasswordisadmin/ironport.
p
7DeployingtheCiscoIronPortESA
Which port do you want to use for SSH? [22]> 22
Do you want to enable Cluster Communication Service on this interface? [N]> n
Do you want to enable HTTP on this interface? [Y]> y
Which port do you want to use for HTTP? [80]> 80
Do you want to enable HTTPS on this interface? [Y]> y
Which port do you want to use for HTTPS? [443]> 443
Do you want to enable IronPort Spam Quarantine HTTP on this interface? [N]> y
Which port do you want to use for IronPort Spam Quarantine HTTP? [82]> 82
Do you want to enable IronPort Spam Quarantine HTTPS on this interface? [N]> y
Which port do you want to use for IronPort Spam Quarantine HTTPS? [83]> 83
You have not entered an HTTPS certificate. To assure privacy, run “certconfig” first. You may use the demo, but this will not be secure. Do you really wish to use a demo certificate? [Y]> y
Both HTTP and HTTPS are enabled for this interface, should HTTP requests redirect to the secure service? [Y]> y
Both IronPort Spam Quarantine HTTP and IronPort Spam Quarantine HTTPS are enabled for this interface, should IronPort Spam Quarantine HTTP requests redirect to the secure service? [Y]> y
Do you want DMZ_Interface as the default interface for IronPort Spam Quarantine? [N]> y
Do you want to use a custom base URL in your IronPort Spam Quarantine email notifications? [N]> n
The interface you edited might be the one you are currently logged into. Are you sure you want to change it? [Y]> y
Currently configured interfaces: 1. DMZ_Interface (10.10.24.50/24 on Data 1: email1.cisco.local)
Choose the operation you want to perform: - NEW - Create a new interface. - EDIT - Modify an interface. - GROUPS - Define interface groups. - DELETE - Remove an interface. []>
Note: You must press Enter to return to the main prompt .
Please run “systemsetup” or “sethostname” then “commit” before sending mail. ironport.example.com> setgateway
Warning: setting an incorrect default gateway may cause the current connection to be interrupted when the changes are committed. Enter new default gateway: []> 10.10.24.1
ironport.example.com> commit
Please enter some comments describing your changes: []> initial setup
Changes committed: Mon Dec 14 17:04:49 2009 UTC
Step 6:Assumingthecorrectfirewallruleshavebeenapplied,pingtheappliancefromthenetworktoverifytheconfigurationiscomplete.
Step 7: ToconnecttotheGUIdevicemanagement,openabrowserandbrowseviahttps(https://10.10.24.50/)totheaddressoftheemailappliance.
8DeployingtheCiscoIronPortESA
Procedure 2 Complete the System Setup
Step 1: Afterinitialconfigurationiscomplete,connecttotheapplianceusingabrowsertoaccessthedevicemanagementapplicationGUI(graphicaluserinterface).
RuntheSystemSetupWizardfromtheGUI(seeFigure4).
Figure4.SystemSetupWizard
Step 2: Readthelicenseandaccept,thenselecttheBegin Setupbutton.
Step 3: AnswertheSystemConfigurationquestionstodefinethebasicsettingssuchastimesettings,defaulthostname,andthedefaultpassword.
The last two questions ascertain your interest in participating in the SenderBasenetworkbyallowingyourESAtosendanonymizedreputationdetailsaboutemailtrafficbacktoCiscotoimproveSenderBaseandtheproductingeneral(seeFigure5).
Figure5.System Configuration
Step 4: NetworkintegrationallowsyoutodefineyourDNSserver(ortelltheappliancetousetheInternet’srootDNSservers).Thispanelisalsowheretheusersetsupthenetworkinterface(s)usedformailprocessing(seeFigure6).
Figure6.NetworkIntegration
9DeployingtheCiscoIronPortESA
Step 5:MessageSecurityselectswhetheranti-spamandanti-virusfilteringareenabledandwhichengineisusedforeachfunction(seeFigure7).
Figure7.MessageSecurity
Step 6:Reviewallowsyoutoreviewtheconfigurationthatyouhavedefined,andtoacceptormodifytheconfiguration.Ifyouaccept,theESAwillinstalltheconfigurationontoyourESA(seeFigure8).
Figure8.Review
Tech Ti p
IfyourenvironmentrequiresproxiesforHTTPorHTTPScommunications,definethemontheSecurityscreenofthewizard.SelecttheEdit Update SettingsbuttonandthenentertheproxysettingsforHTTPandHTTPSatthebottomofthispageandclicktheSubmitbuttonandthentheCommit button.
10DeployingtheCiscoIronPortESA
Procedure 3 Configure System Updates & Feature Keys
Itisimportanttolookattwootherareasontheboxbeforeyoubegintouseit:featurekeysandsystemupgrades.
Step 1:IntheWebconfigurationtool,browsetoSystem Administration > Feature Keys.
Thisiswherethelicensekeysforthedifferentfeaturesontheboxaredisplayed.
Step 2:TocheckwhetheryourESAhasanylicensesthatarenotcurrentlyenabled,selecttheCheck for New Keysbutton.ThiswillenabletheESAtoconnecttoCisco.comanddetermineifallpurchasedlicensesareinstalledandenabled.
Step 3:Toupgradethecodeontheappliance,selecttheSystem Administration->System Upgradebutton.Thiswilldisplaythecurrentsoft-wareversion.Selectthe Available Updatesbuttontodetermineifupdatesareavailable.
Ifnewerversionsareavailable,theycanbeselectedandinstalled.Whileitisnotnecessarytoloadallupdatesinorder,itispossiblethatthelat-estupdatewillrequireinterimupdatesbeforeitcanbeloaded.Ifinterimupdatesarerequired,themanagerwillnotifyyou.
Process
Enabling Mail Policies
1. SetupBounceVerification
2. ReviewIncomingMailPolicies
Nowthatthesystemsetupiscomplete,youarereadytoenablesecurityservices.
Procedure 1 Set Up Bounce Verification
BounceverificationisaprocessthatallowstheESAtoapplyaspecifictagtooutgoingmessagessothatwhenbouncedemailscomebacktotheESA,itcanverifythattheemailswereactuallyoriginallysentoutbytheESA.Spammersandhackersusefakebouncedmessagesformanymaliciouspurposes.
Step 1: AccessMail Policies > Bounce Verifications and select the New Keybutton.
Step 2:EnteranarbitrarytextstringthattheESAwillapplyintheBounceverificationprocess.Committhechanges.
Step 3:AccessMail Policies > Destination ControlsandclickontheDefaultinthefirsttable.
Step 4: ChangeBounceVerificationtoOn.
Step 5:Submitandcommitchanges.
Tech Ti p
Itisnotpossibletodowngradesoftwareversionsatthistime,sobecertainthatyouwanttoupgradebeforeproceeding.
11DeployingtheCiscoIronPortESA
Procedure 2 Review Incoming Mail Policies
TocompletetheESAsetup,reviewtheincoming-mailpolicies.
Step 1: AccessMail Policies > Incoming Mail Policies.Currentlythereisonedefaultmailpolicy.ItchangesapositiveantispamresultfromaQuarantineactiontoaDropaction.
Step 2: SelectthepolicydefinitionundertheAntispamcolumnheader.
Step 3: ChangethePositivelyIdentifiedSpamSettingsfromQuarantine to Drop.
Step 4: Submitandcommit.
Process
Maintaining the ESA
1. MonitortheESA
2. TroubleshoottheESA
Withyoursystemfullydeployed,youarereadytomonitorandmaintaintheESA.
Procedure 1 Monitor the ESA
ThereareavarietyofreportsavailableundertheMonitormenutohelpyoumonitortheESA’sbehavior.Thesereportsmakeitpossibletotrackactiv-ityandstatisticsforspam,virustypes,incomingmaildomains,outbounddestinations,systemcapacity,andsystemstatus.
Procedure 2 Troubleshoot the ESA
Step 1: TodeterminewhytheESAappliedspecificactionstoagivenemail,you can run the Trace tool under System Administration.
Bydefiningasearchusingdetailsofagivenemailinquestion,youcantestaspecificemailtodeterminehowandwhytheESAhandledthemessageandwhy.ThisisespeciallyusefulifsomeofthemoreadvancedfeaturesoftheESAareused(likedata-lossprevention).
Reader Tip
Userdocumentationcanbefoundhere: http://www.ironport.com/support/login.html
WorkwithyourCiscoIronPortChannelPartnertoobtainalogin.
12Appendix
AppendixA:ProductList
ThefollowingproductsandsoftwareversionhavebeenvalidatedfortheCiscoSBA:
Functional Area Product Part Numbers Software Version
InternetEdge CiscoIronportC160EmailSecurityAppliance C160-BUN-R-NA 7.1.2-020
13
AppendixB:SBAforMidsizeOrganizationsDocumentSystem
Panduit
Wireless CleanAir
Web Security
Email Security
Ipswitch
ScienceLogic
SolarWinds
Network Management
Configuration Files
Foundation
Business Continuance
IPv6 Addressing
IPv4 Addressing
FoundationDesign Overview
3G Wireless Remote Site
Design Guides Deployment Guides
You are Here
Supplemental Guides
C07-575280-0101/11
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Americas HeadquartersCisco Systems, Inc.San Jose, CA
Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore
Europe HeadquartersCisco Systems International BVAmsterdam, The Netherlands