cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1600
Views
0
Helpful
3
Replies

Exactly what can you manage centrally with the Management Appliance?

steveshipway
Level 1
Level 1

So, we're thinking of getting a pair of M1070 Management Appliances to work with our cluster of C360 mail appliances (AsyncOS 7.6).

It is not completely clear (a) which things can be centrally handled, and (b) which things can be handled in a redundant manner.  It is also not clear how the redundancy works - are things copied to both all the time?  If the primary management appliance goes down for a while, are the missed logs copied over from the secondary when it comes back?  When the primary is down, does the secondary take over a virtual IP so that users will still go to the same URL for quarantines?

Logging, reporting, and message tracking all seem to be easily done centrally, and are duplicated to the redundant.

As far as I can tell, the spam quarantine can be centralised, and it seems that it is replicated to the secondary if you have AsyncOS>7.2.  I can't tell if the safelist/blocklist is replicted between the two, though, and what happens in a failover situation, although it seems it is held centrally.  I've seen conflicting information about this, one saying that secondaryconfig can duplicate spam quarantines, the other saying you need to do some sleight-of-hand with content filters to duplicate messages to both management quarantines.

Is there a way to make other quarantines on the management servers?  We'd like to have our policy quarantine held centrally, and redundant, so that if we lose a datacentre we can still release policy-quarantined messages.  I can't tell how you can set thisup.

Finally, we currently route our emails via the cluster of C360 mail appliances.  Would we continue to do this (and they send logs, quarantines etc to the management appliances), or would we have to instead route our emails via the new managment appliances, which then forward them on to the C360s?

If anyone there has successfully set up a redundant management appliance setup I'd be keen to hear the details.

3 Replies 3

I haven't set up redundant SMA's so I can't help much there... I'm reasonably sure that one acts as a backup destination for the other, but I may have that all wrong.

As far as what can be centralized, as of ESA 8.0.0 and SMA 8.1 (might still be FCS, you can request it from TAC), you can centralize Policy, Virus and Outbreak quarentines, along with the already available spam quarentine and message tracking... Set up the policies and quarentines on the ESAs, point the SMA at the two ESAs, and tell it to import the quarentines, and will bring over the data that's there and reconfig the ESA's to send the policy quarentined mail over, just like it does for the spam quarentine.

You would continue to route mail through the C360s.  The M boxes don't do mail flow, other than centralizing the quarentines, and dealing with quarentine releases...

Our Email appliances don't seem to have the option of upgrading to anything later thna  AsyncOS 7.6; seems we'll have to wait until 8.0 becomes stable before we can get the full policy quarantine centralisation.

With two Mgmt appliances, they seem to do failover for logging and reports, but the central spam quarantine requires us to specify the IP address of the quarantine on the Mail appliance.  I don't see how this can fail over if the primary mgmt appliance dies... and there doesnt seem to be a virtual IP for the mgmt appliances, so spam quarantine notifications and quarnatine management will need different URLs...

None of it is made clear in any documentation I can find

Hello Steve,

there is a knowledge base article you should check out if you want to send detected spam to multiple quarantines:

http://tools.cisco.com/squish/73bbF

Configuring an Email Security Appliance to send postive detected spam messages to multiple external spam quarantines (SMA)

Hope that helps,

Andreas