cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2670
Views
5
Helpful
15
Replies

C170 stopped updating Sophos Anti-Virus

jcapron
Level 1
Level 1

Our C170 went EOL and end of Cisco support while we are waiting for a replacement. Our feature keys are all active for another 700+ days, including Sophos Anti-Virus. However, we are getting email warning messages stating "Warning <Anti-Virus> [DN of appliance]: sophos antivirus - The Anti-Virus database on this system is...[out of date]"

When I go to the GUI and click on Security Services, Sophos, Update Now, the Sophos Anti-Virus Engine shows Never Updated and a new update is 'Not Available'.

 

I realize that the appliance needs replacing, but why would the updates stop working at the end of Cisco support? Does End of Cisco Support mean something more than the end of Cisco technical support? 

1 Accepted Solution

Accepted Solutions

Bounce verification is either under Network/Bounce Profiles, or Mail Policies/Bounce Verification.
Inbound may be building a listener?
Based on what I see in that error, you've got an older version, and you're loading it on a new build.
Newer builds they renamed "whitelist" to "allowed_list" and "blacklist" to "block_list"
Mine looks like this.







View solution in original post

15 Replies 15

José L. Dávila
Cisco Employee
Cisco Employee

Hello there,

You are correct, C170 device is now an End of support device, which means it will no longer be able to receive engine updates.

However, if you have active feature keys, you can deploy a virtual ESA to transfer your active keys and continue to receive engine updates. Here is a good document on how to migrate to a virtual environment: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/214616-migrating-a-configuration-from-an-older.html

 

You may also reach out to TAC for assistance in deploying the new vESA using your active keys.

Hope this helps.

 

José L. Dávila

Jose,

Is there a document or web page that describes running an ESA on a VM? I have read the 214616 several times, including the links in the document, but I cannot find anything about the VM. Also, how do I "reach out" to TAC? I found TAC but it looks like a video repository.

Thanks,

Jim

Hi Ken,

 

I have a new server running VMWare ESXi and loaded Cisco AsyncOS C100. Cisco TAC provided the license which I have installed on the new virtual ESA. I am now stuck on getting the Feature Keys changed from DORMANT to ACTIVE but I am unable to create a support ticket. TAC wants a support contract number and when I go to Cisco Sales, the Cisco Presales Specialist does not know what a Support Contract is. 

TAC does not recognize the serial number from the C170. Any suggestions on how I can get Cisco support? I need to (a) get the Feature Keys ACTIVE, (b) install the configuration file from the old C170 onto the new C100 virtual ESA and (c) sort out my serial number(s) or support contract number.

Thanks,

Jim

When keys are dormant, you just have to go enable the feature, you'll get shown an end user license to accept and then you'll be able to use it, and the key will active.
TAC wants the VLN, so on the VM go to the cli, and enter "showlicense".
Make sure you've kept your license file, you can use it on as many VMs as your mailflow needs.

Hi Ken,

I don't want to overstay my welcome on this ticket, but it is the only place where someone is responding. I just need to get a ticket open on this new VM C100.  I downloaded the VLN license number via "showlicense" with the CLI but TAC does not recognize it even though TAC license support gave me the license file. 

I tried to install the C170 configuration file in the C100 GUI - System Configuration, Configuration File, Load Configuration - but I get this failure message: "Error — Configuration file was not loaded. ERROR: Element 'whitelist' not allowed here at Unknown:236:18 Text: access_control_config> <whitelist></whitelist> <blacklist></blacklis" I searched the Cisco bug database for awhile with no luck. 

I tried to activate the feature keys under System Administration, Feature Keys, Feature Key Activation, and I get "Error — Errors have occurred. Please see below for details. Feature key is malformed."  I tried several ways to write the feature key in the input box with no luck. Is there an instruction document for any of this?

Thanks,

Jim Capron

you don't need to do that...  what you're trying to do, is add keys, which would be the old school version.  

 

To add the licenses to the VM, you'd either ftp the file you got to the vm, and then run loadlicense in the cli to import it. 

or run loadlicense, and then paste the contents of the file in.

 

I suspect you already did that..

 

NOW, in the gui, go to the feature in question, enable it.  I'll use DLP because this one isn't enabled 

before.PNG

 

 

Go to Security Services/DLP, click Enable

 

doetheenable.PNG

 

 

 

 

Accept the license

license.PNG

 

 

All set!!!  Do that until all of them flip.  Then load the config. 

after.PNG

 

I was able to Activate 6 of the 8 feature keys by finding the associated Security Service. The two that have no associated Security Service that I can determine, are:

Incoming Mail Handling Dormant 675 days 08 Apr 2024 21:01 (GMT +00:00)
Bounce Verification Dormant 675 days 07 Apr 2024 23:59 (GMT +00:00)

Also, I tried installing the C170 configuration file again and got the same failure message:

Error — Configuration file was not loaded. ERROR: Element 'whitelist' not allowed here at Unknown:236:18 Text: access_control_config> <whitelist></whitelist> <blacklist></blacklis

Any suggestions would be appreciated.

Jim Capron

Bounce verification is either under Network/Bounce Profiles, or Mail Policies/Bounce Verification.
Inbound may be building a listener?
Based on what I see in that error, you've got an older version, and you're loading it on a new build.
Newer builds they renamed "whitelist" to "allowed_list" and "blacklist" to "block_list"
Mine looks like this.







Ken,

Thanks for all your assistance. After about 6 hours with an XML editor and a lot of guessing, I was finally able to upload the modified C170 configuration file. The new C100 is up and humming along. Our mailboxes are a lot thinner under Async 14 and the now updated Sophos Anti-Virus database.

Thanks again,

Jim

PS: for anyone in this same predicament, I have a detailed file showing the errors and fixes to the ESA configuration file that I made to get it to work.

 

Glad I was able to help!

Hi Jim, I am having a lot of issues with the license XML file too, you mentione you have a file on how to get it to work? Can you share that information?

Thanks
Todd

SSH to the WSAv.
Enter "loadlicense" at the command line.
Paste in the whole contents of the xml file. That's all that it should require.


Thank you Ken, that worked. I had been trying to enter the feature keys in the gui and they said they were malformed.