Email Filtering
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2015 09:58 AM
Dear Team,
Am new to ESA , please guide me some issues which i am facing , I have two each ESA and WSA and it is managing with SMA :-
1. Can we configure ESA/WSA directly without SMA or It is neceesary to use SMA,
2. SMA is only using for pushing policies to ESA/WSA or we can also change ESA/WSA management configuration.
3. Can we block spam/junk emails on ESA or SMA
4. Is ESA is only used for internal / external emails only , if we act like ISP can we also filter emails from ESA or not.
please guide me.
- Labels:
-
Email Security

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2015 11:13 AM
Welcome to the forum,
I can answer most of your questions, I don't have a WSA at this time. One of these days I'll have to demo it. I can help with the SMA and ESA.
SMA - This will be your centralized SPAM, and Policy Quarantines, and reporting for your two ESA (Not configuration, I recommend an SMA if you have more then one). From the documentation, You can both report and configure web policies your WSAs centrally from your SMA.
ESA - You will configure all your policies on one of the ESA, I recommend using ClusterConfig (Syncs the configurations between the appliances even at different locations). Once configured you can sign into any one of your ESAs and setup your filtering. ESAs will do the actual work, and each ESA will act on it's own. If you have an SMA all the reporting and quarantines will be stored on the SMA.
If your acting like an ISP you can likely still use the ESA to filter e-mails, you would have to setup your domains, and also look into virtual interfaces to setup different sets of filters based on the type of e-mail traffic your are sending through the system. This is more advanced, but looking through the documentation you can likely test all of this out on your own or ask specific questions on the forum.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2015 12:38 PM
1. yes, you can configured them directly. The SMA allows you to configure policies for WSA and push them out so they are consistent. For ESA's see Paul's note about clustering.
2. There's a level of WSA config you have to do on the WSA, then you can push policies from the SMA.
3. Spam/Junk is blocked by the ESA, the SMA centralizes reporting and quarantines so users won't have to look in multiple places.
4. Are your email clients all on the same email system? (eg. one install of Exchange) If so then mail between the various mailboxes even if different companies is usually handled by the software you're using an may not get forwarded out of the mail system... you may be able to force that in the mail software you're using. Nothing in the ESA would force it into the middle of the mail system to filter that mail.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2015 05:47 PM
Just to build on the already available responses that answers the query;
1. Yes, you can configured each device seperately if required. The SMA allows you to configure policies for WSA and push them out so they are consistent.
Key point to remember with WSA+SMA configuration master feature is the compatibility.
Matrix available: http://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma_all/SMA-ESA-WSA_Compatibility.pdf
For ESA's see Paul's note about clustering.
---
SMA - This will be your centralized SPAM, and Policy Quarantines, and reporting for your two ESA (Not configuration, I recommend an SMA if you have more then one). From the documentation, You can both report and configure web policies your WSAs centrally from your SMA.
ESA - You will configure all your policies on one of the ESA, I recommend using ClusterConfig (Syncs the configurations between the appliances even at different locations). Once configured you can sign into any one of your ESAs and setup your filtering. ESAs will do the actual work, and each ESA will act on it's own. If you have an SMA all the reporting and quarantines will be stored on the SMA.
Note: ESA's clusterconfig command becomes in-built available in version 8.5+ and does not require a feature key, older versions prior to this however requires the purchase of a Centralized Management Key to use the cluster to sync the configurations between ESA's together
---
2. There's a level of WSA config you have to do on the WSA, then you can push policies from the SMA.
ESA and SMA has no configuration push mechanism (please see above answer).
3. Spam/Junk is blocked by the ESA, the SMA centralizes reporting and quarantines so users won't have to look in multiple places.
ESA does the full filtering of spam, virus, and content filter (note: feature keys for spam and virus filtering) content filter is inbuilt to the system and is local policies you configure yourself.
Emails going to the Junk folder in your MUA's is not done by ESA but is done by local MUA settings, so if legitimate emails are going to Junk folder, it is nothing to do with your ESA in most cases.
4. Are your email clients all on the same email system? (eg. one install of Exchange) If so then mail between the various mailboxes even if different companies is usually handled by the software you're using an may not get forwarded out of the mail system... you may be able to force that in the mail software you're using. Nothing in the ESA would force it into the middle of the mail system to filter that mail.
If your acting like an ISP you can likely still use the ESA to filter e-mails, you would have to setup your domains, and also look into virtual interfaces to setup different sets of filters based on the type of e-mail traffic your are sending through the system. This is more advanced, but looking through the documentation you can likely test all of this out on your own or ask specific questions on the forum.
:: Combined all responses and added some extra feedback for you ::
