It does. Unless you edit the

Michael Cullinane · ‎01-31-2017

Hi Team,

I would like assistance with upgrading an Email Security solution version 8.5.7-043? We are trying to upgrade the hardware appliance from a C160 to a new C190 on my network. What steps will be need to accomplish setting up the C190 and installing the Email Security software?

Thanks

Libin Varghese · ‎01-31-2017

Hi Michael,

The x60 hardware including C160 cannot be upgraded beyond 8.5.7-043 as they have been announced as end of life.

And the C190 hardware cannot run on releases older that 9.1.

Configuration with passwords unmasked can only be exported and then imported to another appliance if their Async OS releases match.

You would need to manually configure the C190 hardware to match the configuration on the existing C160 appliance, an option that is NOT cisco recommended and it will be copying and pasting some configuration from one configuration file to another using a text editor.

The only alternative I can think of would be:

1. Deploy a virtual ESA on Async OS 8.5.6-106.
2. Upgrade the virtual ESA to match the release with the one on C160 (such as 8.5.7-043).
3. Copy configuration from the C160 to the vESA. (since the releases now match after Step 2.)
4. Upgrade the vESA to match the release on the C190. (such as 9.1 or above)
5. Copy configuration from the vESA to the C190.

In order to be able to download the vESA, you would need to log in with your Cisco.com User ID.

Just in case you would like to check the different AsyncOS versions for their features and hardware requirements, please find below a link to the release notes page:

http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html

Details about the installation of a vESA can be found here:

http://www.cisco.com/c/dam/en/us/td/docs/security/content_security/virtual_appliances/Cisco_Content_Security_Virtual_Appliance_Install_Guide.pdf

Thanks
Libin Varghese

cisco · ‎05-02-2017

I am in the same situation. Are you sure that the configuration from a vESA will be compatible to be used on a physical box? Thanks!

Libin Varghese · ‎05-02-2017

The configuration can be migrated from the a virtual appliance to a physical appliance as long as the Async OS are the same and passwords are unmasked, Yes.

You may see errors upon importing the configuration file due to different in interfaces, etc which would require the file to be modified accordingly.

1. Export the configuration file from both the source and destination ESAs. Be sure to uncheck the 'Mask passwords' option
2. Open both configuration files in a text editor
3. Find the following entries in both configuration files, and copy the values from the destination appliance's configuration file to the source configuration file:
<db_environment_actual_size>
<tracking_global_max_db_size>
4. If the appliances have a different number of Ethernet interfaces, you will need to completely remove the following sections from the source configuration file:
<ethernet_settings> ... </ethernet_settings>
<ports> ... </ports>
5. Save a copy of the modified source configuration file
6. Import the modified configuration file on the destination appliance
7. Commit the changes

- Libin V

cisco · ‎05-02-2017

Thanks for the reply. Lastly, does the configuration file bring over network information such as IP address?

Libin Varghese · ‎05-02-2017

It does. Unless you edit the file and remove the IP interface information.

- Libin V

cisco · ‎05-03-2017

I am replacing two C160's that are currently clustered. When I go to export the configuration file from one of the Ironport's, it will only let me export at the cluster level. Does this mean that I need to load this configuration into a new cluster, or should I be able to load that configuration onto each Ironport, one at a time? Thanks!

Libin Varghese · ‎05-03-2017

If you are moving to a virtual appliance on the same release as the C160, you could just add it to the existing cluster to copy over all the cluster level configuration and then modify the IP address, network information later on.

In order for you to export the machine level configuration you would need to remove the machine from the existing cluster.

- Libin V

cisco · ‎05-02-2017

Also, how can I get a 45 day demo license for the vESA? Thanks!

Libin Varghese · ‎05-02-2017

Cisco has approved a change that allows customers with valid CCO credentials to download Email Security Appliance (ESA), Security Management Appliance (SMA) and Web Security Appliance (WSA) virtual images without having to have a contract associated to their credentials. In order to create the demo license needed for the vESA, vSMA and vWSA, please visit the Cisco License Administration Portal.

Go to www.cisco.com/go/license
Login
Click "Get Demo" at top of page
Click "Security Products"
Click "Cisco Virtual Appliance Demo License"
Choose WSA/ESA/SMA.

Ken Stieers · ‎01-31-2017

A new C190 is going to ship with some version of code already on it.

After you initially set it up, you update it by going to System Administration/System Upgrade and going though the upgrade wizard...

Looking at the release notes, the C190, the oldest release that was supported on C190 hardware was 9.10.

Email Security migration from a C160 to C190 appliance?