Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1145
Views
5
Helpful
3
Replies

Ironport C160 spam slipping through

Go to solution
bluerockny
Level 1
Level 1

‎05-19-2016 03:38 PM

We have an Ironport C160 on Async OS 8.5.6-106. I know it's outdated- we're investing in VMWare infrastructure later this year but for now we're still on the C160.

In recent months we're feeling like the C160 is letting a lot more spam through than normal. I noticed that its CASE core files and utilites date back to August 2015. I believe this is because our unit is no longer supported as far as those updates are concerned. Is that correct? Could the outdated CASE files be responsible for the spam getting through? All my other rules / updates are up to date.

If I were to purchase a used C170, can I transfer my existing subscription to that unit? Is there a fee? How do I go about doing that?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee

‎05-20-2016 01:40 PM

You should be seeing recent updates similar to the following:

[]> ironport

Component Last Update Version
CASE Core Files 22 Apr 2016 17:56 (GMT +00:00) 3.5.0-008
CASE Utilities 22 Apr 2016 17:56 (GMT +00:00) 3.5.0-008
Structural Rules 20 May 2016 16:52 (GMT +00:00) 3.5.0-20160520_124901
Web Reputation DB 19 May 2016 22:51 (GMT +00:00) 20160519_224534
Web Reputation DB Update 20 May 2016 20:08 (GMT +00:00) 20160519_224534-20160520_200331
Content Rules 20 May 2016 20:33 (GMT +00:00) 20160520_203140
Content Rules Update 20 May 2016 20:33 (GMT +00:00) 20160520_203201
Bayes DB 19 May 2016 21:05 (GMT +00:00) 20160519_200312-20160519_210351

If not, I would check your updater_logs to assure that your appliance is reaching out properly to the updater.  You can run the following to assure:

> updatenow force

> tail updater_logs

Let that run to see what the output is.  8.5.6-106 is still within the supported releases, and will still pull up-to-date engine and rules associated to Antispam.  Anything less that 8.x will stop receiving updates, as older builds are not supported for service updates.  

W/ the C160 - correct, as it is the oldest and EoL appliance (all x60s are) - it is only upgradable through 8.5.7.  Which, if you are on 8.5.6, you may want to take advantage of an upgrade just to snag the most up-to-date fixes and release to help the appliance.

Let me know what you see in terms on the updater_logs.

-Robert

Cheers,
Robert Sherwin

View solution in original post

3 Replies 3

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee

‎05-20-2016 01:40 PM

You should be seeing recent updates similar to the following:

[]> ironport

Component Last Update Version
CASE Core Files 22 Apr 2016 17:56 (GMT +00:00) 3.5.0-008
CASE Utilities 22 Apr 2016 17:56 (GMT +00:00) 3.5.0-008
Structural Rules 20 May 2016 16:52 (GMT +00:00) 3.5.0-20160520_124901
Web Reputation DB 19 May 2016 22:51 (GMT +00:00) 20160519_224534
Web Reputation DB Update 20 May 2016 20:08 (GMT +00:00) 20160519_224534-20160520_200331
Content Rules 20 May 2016 20:33 (GMT +00:00) 20160520_203140
Content Rules Update 20 May 2016 20:33 (GMT +00:00) 20160520_203201
Bayes DB 19 May 2016 21:05 (GMT +00:00) 20160519_200312-20160519_210351

If not, I would check your updater_logs to assure that your appliance is reaching out properly to the updater.  You can run the following to assure:

> updatenow force

> tail updater_logs

Let that run to see what the output is.  8.5.6-106 is still within the supported releases, and will still pull up-to-date engine and rules associated to Antispam.  Anything less that 8.x will stop receiving updates, as older builds are not supported for service updates.  

W/ the C160 - correct, as it is the oldest and EoL appliance (all x60s are) - it is only upgradable through 8.5.7.  Which, if you are on 8.5.6, you may want to take advantage of an upgrade just to snag the most up-to-date fixes and release to help the appliance.

Let me know what you see in terms on the updater_logs.

-Robert

Cheers,
Robert Sherwin

Go to solution
bluerockny
Level 1
Level 1
In response to Robert Sherwin

‎05-20-2016 02:02 PM

Thanks for your quick and thorough response Robert. I was trying to force updates in the GUI on the Security Services->IronPort Anti-Spam page and it never updated the CASE stuff for some reason. When I SSHed into the unit and forced the update per your recommendation it now seems to have updated everything! I will do the 8.5.7 update off hours as well.

Do you have any thoughts on my purchasing a used C170 (I see some on ebay for ~$200) and transferring our service to it so we can get the latest software builds in the short term? [Hardware reliability aside]

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to bluerockny

‎05-27-2016 11:38 AM

As for purchasing used C170 - I don't see an issue with doing so --- getting it properly added to a support contract though would be where you want to assure you do properly --- so, that would either need to come from your Cisco account team, or a third-party reseller.  That way you are assuring that you'll get proper support and coverage if/as needed.  If you tried to open a support case for any reason, you'd be denied if not properly vetted against a valid contract --- even it it was only for software supportability, in terms of the AsyncOS for ESA itself.

Hardware reliability wise --- it's a toss up, as both C160 and C170 are old.  The C170's benefit is that it allows 9.x and future builds.  It too will face it's day when the AsyncOS revision upgradability comes, but for now - it's able to go to 9.7 (current release).

Cheers,
Robert Sherwin
0 Helpful
Customers Also Viewed These Support Documents