hello Robert,

saitelhadj1 · ‎05-06-2016

Hello,

I have the Feature key AMP on my ironport ESA C370:

the feature key is activated.

in the report in my gui and daily reports, I have always 0 detection of this feature

the tail amp gives me this two message which make me confused.

is this normal??

thank you soo much, I appreciate it

Warning: The File Reputation service  is unreachable.

Info: amp Response received for file reputation query 
from Cloud. File Name = 'amp_watchdog.txt', MID = 0, Disposition = file unknown, 
Malware = None, Reputation Score = 0, sha256 = a5f28f1fed7c2fe88bcdf403710098977
fa12c32d13bfbd78bbe27e95b245f82, upload_action = 1

Robert Sherwin · ‎05-06-2016

I would check to make sure that you have the proper port opened for File Reputation and File Analysis.

Typically – FR happens over port 32137. If the appliance is not able to communicate out to our FR cloud over 32137, which is typically an additional firewall rule/port that needs opened on customer side. We would prefer to have this port in use in order to better facilitate the service communication – but, do also understand customers concerns for higher ports opened on firewalls, and so – we do allow the use of 443 as well in this instance…

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

Also - please review the following:

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796-technote-esa-00.html

The amp_watchdog.txt is a five minute keep alive on the appliance for the service --- this is only a test file, and is not indicatory of proper service. Once you place the FR and FA license keys, this activates the service, and the keep alive is issued only as machine only test.

Hope this helps.

-Robert

Cheers,
Robert Sherwin

saitelhadj1 · ‎05-08-2016

hello Robert, thank you for this response, but Actually I have the port 443 opened for the appliace to communicate with the outside.

AMP ESA probléme