|Email Plug-in (Reporting):||1.1.0-114|
|Email Plug-in (Encryption):||1.2.1-118|
Dear all. yesterday I configured External Threat Feed in cisco esa. In order test it I send malicious url from my personal email to corporate email. that email directly send to Outbreak quarantine and approximately 1 hour later that email released from quarantine and forwarded to corporate email along with SUSPICIOUS warning message. Now I have a question. How can I test whether external threat feed works or not? Shouldn't it catch malicious urls sent inside email?
Hi. I did exact same think shown youtube video you sent. It connected to puplic servers successfuly. And i created content filter appropriately. But was not be able to proof that this etf really works. Bad urls got blocked by url filters none of the url got blocked by etf
We would need to check the config and logs to see what exactly happened or why the ETF feature did not work. I would suggest opening a case with Cisco TAC, we would be happy to check the config and share reason as to why ETF did not work.
@Ccns90 This is my first recommendation as well.
Content filters works off an ordering - ensure you set the URL filtering below ETF and re-do your test to verify results.
If the URL filtering is already taking action then it leaves nothing for the ETF feature.
In the event the ordering is done and it's still not matching, then we'll need to look a bit more deeper into it.
Thanks @Ken Stieers for bringing up this point.
Thanks for all of your reply. I reordered content filter(first ETF and then URL filter). I sent malicious url inside email then only url filter catches it not ETF.