01-31-2017 12:02 PM
Hi Team,
I would like assistance with upgrading an Email Security solution version 8.5.7-043? We are trying to upgrade the hardware appliance from a C160 to a new C190 on my network. What steps will be need to accomplish setting up the C190 and installing the Email Security software?
Thanks
01-31-2017 12:25 PM
Hi Michael,
The x60 hardware including C160 cannot be upgraded beyond 8.5.7-043 as they have been announced as end of life.
And the C190 hardware cannot run on releases older that 9.1.
Configuration with passwords unmasked can only be exported and then imported to another appliance if their Async OS releases match.
You would need to manually configure the C190 hardware to match the configuration on the existing C160 appliance, an option that is NOT cisco recommended and it will be copying and pasting some configuration from one configuration file to another using a text editor.
The only alternative I can think of would be:
1. Deploy a virtual ESA on Async OS 8.5.6-106.
2. Upgrade the virtual ESA to match the release with the one on C160 (such as 8.5.7-043).
3. Copy configuration from the C160 to the vESA. (since the releases now match after Step 2.)
4. Upgrade the vESA to match the release on the C190. (such as 9.1 or above)
5. Copy configuration from the vESA to the C190.
In order to be able to download the vESA, you would need to log in with your Cisco.com User ID.
Just in case you would like to check the different AsyncOS versions for their features and hardware requirements, please find below a link to the release notes page:
http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html
Details about the installation of a vESA can be found here:
http://www.cisco.com/c/dam/en/us/td/docs/security/content_security/virtual_appliances/Cisco_Content_Security_Virtual_Appliance_Install_Guide.pdf
Thanks
Libin Varghese
05-02-2017 07:24 AM
I am in the same situation. Are you sure that the configuration from a vESA will be compatible to be used on a physical box? Thanks!
05-02-2017 07:40 AM
The configuration can be migrated from the a virtual appliance to a physical appliance as long as the Async OS are the same and passwords are unmasked, Yes.
You may see errors upon importing the configuration file due to different in interfaces, etc which would require the file to be modified accordingly.
1. Export the configuration file from both the source and destination ESAs. Be sure to uncheck the 'Mask passwords' option
2. Open both configuration files in a text editor
3. Find the following entries in both configuration files, and copy the values from the destination appliance's configuration file to the source configuration file:
<db_environment_actual_size>
<tracking_global_max_db_size>
4. If the appliances have a different number of Ethernet interfaces, you will need to completely remove the following sections from the source configuration file:
<ethernet_settings> ... </ethernet_settings>
<ports> ... </ports>
5. Save a copy of the modified source configuration file
6. Import the modified configuration file on the destination appliance
7. Commit the changes
- Libin V
05-02-2017 07:48 AM
Thanks for the reply. Lastly, does the configuration file bring over network information such as IP address?
05-02-2017 08:20 AM
It does. Unless you edit the file and remove the IP interface information.
- Libin V
05-03-2017 07:09 AM
I am replacing two C160's that are currently clustered. When I go to export the configuration file from one of the Ironport's, it will only let me export at the cluster level. Does this mean that I need to load this configuration into a new cluster, or should I be able to load that configuration onto each Ironport, one at a time? Thanks!
05-03-2017 07:37 AM
If you are moving to a virtual appliance on the same release as the C160, you could just add it to the existing cluster to copy over all the cluster level configuration and then modify the IP address, network information later on.
In order for you to export the machine level configuration you would need to remove the machine from the existing cluster.
- Libin V
05-02-2017 08:34 AM
Also, how can I get a 45 day demo license for the vESA? Thanks!
05-02-2017 08:40 AM
Cisco has approved a change that allows customers with valid CCO credentials to download Email Security Appliance (ESA), Security Management Appliance (SMA) and Web Security Appliance (WSA) virtual images without having to have a contract associated to their credentials. In order to create the demo license needed for the vESA, vSMA and vWSA, please visit the Cisco License Administration Portal.
01-31-2017 12:42 PM
A new C190 is going to ship with some version of code already on it.
After you initially set it up, you update it by going to System Administration/System Upgrade and going though the upgrade wizard...
Looking at the release notes, the C190, the oldest release that was supported on C190 hardware was 9.10.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide