There are free trials for CPQ software

introduction

The following quarantines can now be collectively centralized on a Cisco Security Management Appliance (SMA):

  • Antivirus
  • outbreak
  • Policy quarantine used for messages sent by:
    • Message filter
    • Content filter
    • Data Loss Prevention Policies

Centralizing these quarantines has the following advantages:

  • Administrators can manage quarantined messages from multiple Email Security Appliances (ESAs) in one location.
  • Quarantine messages are stored behind the firewall instead of in the DMZ, which reduces the security risk.
  • Centralized quarantines can be backed up as part of the standard backup functions on the SMA.

requirements

Configure


Starting with the ESA in an existing policy quarantine, there are active messages in the policy quarantine:


Use the following steps to migrate these messages and then rely on SMA to be the active appliance that owns the quarantine policy.

In the SMA, navigate to Management Appliance> Centralized Services> Policy, Virus and Outbreak Quarantines. If this option isn't already checked, click Activate:

If necessary, select the interface that is to process the data traffic from the ESA to the SMA.

grade: The quarantine port can be changed. However, if there is a firewall / network ACL it will need to be opened.

click on Send. The screen is updated to show the? Service enabled? to display. Message, see below:

Navigate to Management Appliance> Centralized Services> Security Appliances, and add the ESA communications to the SMA:

click on Add an email appliance.  

grade: You just need to add the IP address that the SMA will use to communicate with the ESA. The device name is only used as an administrative reference.

Make sure you do Establish connection other Test connection. When establishing a connection between SMA and ESA, the username and password of the administrator are requested. This is the administrative user and password of the ESA that is being added. Depending on what's already active and what's being added, test results may vary, but should be similar to:

At this point, make sure you have the SMA the Submit changes other to confirm.

At this point, if you go back to ESA and try to configure the Central Services section of the Policy Quarantine, it would be similar to the following:

The migration steps must still be completed in the SMA. Return to the SMA and continue with the following section.

If the Confirm changes Are completed, start the migration assistant. level 2 is activated:

Choose the Start the migration assistant, and do the following:

If you only want to migrate a specific quarantine, select Custom. In this example we are driving with Automatic continued to migrate ALL / ALL Policy Quarantines from ESA to SMA. Please note that you will see the given name that was chosen during the above mentioned ESA addition, followed by the IP address used in the communication:

click on Further, and continue:

Then click on Send, and a "Success Notification" is displayed:

To confirm Your changes to the SMA.

When you return to ESA, navigate to Security Services> Policy, Virus and Outbreak Quarantines. The steps required for the SMA are now recognized:

click on Activate?, and continue:

Make sure that the correct port for communication is specified here again. thesis have to match, and if firewall / network ACL is used, it must be opened to allow proper migration between the ESA and SMA.

grade: If policies, viruses, and outbreak quarantines are configured on an ESA, the migration of quarantines and their messages will begin as soon as you confirm this change.

grade: Only one migration process can be carried out at a time. Activate central policy, virus and outbreak quarantines on another email security appliance only after the previous migration has been completed.

click on Send, and finally click Take. The info notification should be similar. If a large number of messages are already in the local quarantine, the processing from the ESA to the SMA can take some time:

Go to the SMA again and navigate to Management Appliance> Centralized Services> Policy, Virus and Outbreak Quarantines. The migration steps are now completed:

Verification

The policy quarantine migration from ESA to SMA is currently complete. As a final check, check the policy quarantine on the SMA:

You should see the same messages that were originally listed on the ESA. Select the hyperlink # in the message column and check:

If you look at the mail_logs on the ESA, you can see the migration of the actual messages:

grade: Note the use of communication between the ESA (XX.X.XX.XXX) and SMA (YY.Y.YY.YYY) via port 7025.

Wed Mar 5 02:48:40 2014 Info: New SMTP DCID 2 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:48:40 2014 Info: DCID 2 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:49:52 2014 Info: New SMTP DCID 3 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:49:52 2014 Info: DCID 3 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:50:22 2014 Info: New SMTP DCID 4 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:50:22 2014 Info: DCID 4 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:50:23 2014 Info: New SMTP DCID 5 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:50:23 2014 Info: DCID 5 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:50:40 2014 Info: New SMTP DCID 6 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:50:40 2014 Info: DCID 6 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:50:41 2014 Info: New SMTP DCID 7 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:50:41 2014 Info: DCID 7 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:50:42 2014 Info: New SMTP DCID 8 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:50:42 2014 Info: DCID 8 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:01 2014 Info: New SMTP DCID 9 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:51:01 2014 Info: DCID 9 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:01 2014 Info: CPQ listener cpq_listener starting
Wed Mar 5 02:51:01 2014 Info: New SMTP DCID 10 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:51:01 2014 Info: DCID 10 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:02 2014 Info: New SMTP DCID 11 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:51:02 2014 Info: DCID 11 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:02 2014 Info: MID 1 enqueued for transfer to centralized quarantine
"Policy" (content filter _policy_q_in_)
Wed Mar 5 02:51:02 2014 Info: MID 1 queued for delivery
Wed Mar 5 02:51:02 2014 Info: New SMTP DCID 12 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:51:02 2014 Info: DCID 12 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:02 2014 Info: Delivery start DCID 12 MID 1 to RID [0] to Centralized
Policy quarantine
Wed Mar 5 02:51:02 2014 Info: MID 2 enqueued for transfer to centralized quarantine
"Policy" (content filter _policy_q_in_)
Wed Mar 5 02:51:02 2014 Info: MID 2 queued for delivery
Wed Mar 5 02:51:02 2014 Info: MID 3 enqueued for transfer to centralized quarantine
"Policy" (content filter _policy_q_in_)
Wed Mar 5 02:51:02 2014 Info: MID 3 queued for delivery
Wed Mar 5 02:51:02 2014 Info: Message done DCID 12 MID 1 to RID [0] (centralized
policy quarantine)
Wed Mar 5 02:51:02 2014 Info: MID 1 RID [0] Response 'ok: Message 1 accepted'
Wed Mar 5 02:51:02 2014 Info: Message finished MID 1 done
Wed Mar 5 02:51:02 2014 Info: MID 1 migrated from all quarantines
Wed Mar 5 02:51:02 2014 Info: Delivery start DCID 12 MID 2 to RID [0] to Centralized
Policy quarantine
Wed Mar 5 02:51:02 2014 Info: New SMTP DCID 13 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:51:02 2014 Info: DCID 13 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:02 2014 Info: New SMTP DCID 14 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:51:02 2014 Info: DCID 14 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:02 2014 Info: Message done DCID 12 MID 2 to RID [0] (centralized
policy quarantine)
Wed Mar 5 02:51:02 2014 Info: MID 2 RID [0] Response 'ok: Message 2 accepted'
Wed Mar 5 02:51:02 2014 Info: Message finished MID 2 done
Wed Mar 5 02:51:02 2014 Info: MID 2 migrated from all quarantines
Wed Mar 5 02:51:02 2014 Info: Delivery start DCID 12 MID 3 to RID [0] to Centralized
Policy quarantine
Wed Mar 5 02:51:02 2014 Info: Message done DCID 12 MID 3 to RID [0] (centralized
policy quarantine)
Wed Mar 5 02:51:02 2014 Info: MID 3 RID [0] Response 'ok: Message 3 accepted'
Wed Mar 5 02:51:02 2014 Info: Message finished MID 3 done
Wed Mar 5 02:51:02 2014 Info: MID 3 migrated from all quarantines
Wed Mar 5 02:51:02 2014 Info: New SMTP DCID 15 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:51:02 2014 Info: DCID 15 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:51:07 2014 Info: DCID 12 close

Check the ESA and now you will see the following when viewing the Policies, Viruses, and Outbreak Quarantines:

The next step in the verification is to send a new test message through the ESA, which is intercepted for policy quarantine. When looking at mail_logs on the ESA, look for the highlighted line that indicates the transfer from the ESA to the SMA via 7025, which indicates the policy quarantine:

Wed Mar 5 02:57:47 2014 Info: Start MID 4 ICID 6
Wed Mar 5 02:57:47 2014 Info: MID 4 ICID 6 From:
Wed Mar 5 02:57:47 2014 Info: MID 4 ICID 6 RID 0 To:
Wed Mar 5 02:57:47 2014 Info: MID 4 Message-ID
'<[email protected]>'
Wed Mar 5 02:57:47 2014 Info: MID 4 Subject 'NEW FUNNY'
Wed Mar 5 02:57:47 2014 Info: MID 4 ready 525 bytes from
<[email protected]>
Wed Mar 5 02:57:47 2014 Info: MID 4 matched all recipients for per-recipient
policy DEFAULT in the inbound table
Wed Mar 5 02:57:47 2014 Info: MID 4 enqueued for transfer to centralized
quarantine "Policy" (content filter _policy_q_in_)
Wed Mar 5 02:57:47 2014 Info: MID 4 queued for delivery
Wed Mar 5 02:57:47 2014 Info: New SMTP DCID 16 interface XX.X.XX.XXX address
YY.Y.YY.YYY port 7025
Wed Mar 5 02:57:47 2014 Info: DCID 16 TLS success protocol TLSv1 cipher RC4-SHA
the.cpq.host
Wed Mar 5 02:57:47 2014 Info: Delivery start DCID 16 MID 4 to RID [0] to Centralized
Policy quarantine
Wed Mar 5 02:57:47 2014 Info: Message done DCID 16 MID 4 to RID [0] (centralized
policy quarantine)
Wed Mar 5 02:57:47 2014 Info: MID 4 RID [0] Response 'ok: Message 4 accepted'
Wed Mar 5 02:57:47 2014 Info: Message finished MID 4 done
Wed Mar 5 02:57:52 2014 Info: DCID 16 close

Check the aforementioned policy quarantine again on the SMA. The new test message is now also in quarantine:

Related information