Requirements for SMA to ESA

vivian.lee · ‎11-27-2014

Hi,

We have recently migrated our ESA spam quarantine to be centrally managed. The local spam quarantine has been disabled on the ESA and centralised spam quarantine has been enabled with the appropriate configurations on both the ESA and SMA. However, we are receiving regular alerts stating: ISQ: Could not connect to off-box quarantine at <ip>:<port>

From the ESA, a telnet to <ip> <port> is successful.

The SMA states that the centralised spam quarantine has been enabled.

What would the alert be referring to?

Thanks in advance.

stsiarno · ‎12-05-2014

Hi Vivian,

You can "grep" for ESA ip address in SMA mail_logs in order to check an error message or a reason why connection fails.

What AsyncOS version your appliances are running?

Make sure please that "Establish Connection" has been done for the ESA. In SMA GUI go to "Centralized Servises-->Security Appliances-->Email Security Appliances-->{Applaince name}-->Establish Connection..."

By the way ISQ port(6025 by default) should be open in both directions: ESA-->SMA and SMA-->ESA.

Mathew Huynh · ‎01-18-2015

Requirements for SMA to ESA integration of Centralized EUQ.

1) Feature key on SMA needs to be active/available

2) SMA to ESA connection on port 22 should be successful (GUI > Management Appliance > Security Appliances > Establish + test connection to ESA on required IP.

3) SMA to ESA communication on EUQ port (6025) should be operational.

Requirements on ESA to SMA.

1) Check ESA's deliveryconfig (CLI > deliveryconfig) and see what is the delivery IP interface that is used.

(If -auto- this means it'll chose the interface closest to default gateway, if this interface is NOT the same as the one given in the GUI of the SMA for security appliance communication, it will likely always be denied connection thus no connection is available).

2) Test a telnet from ESA's delivery interface to SMA for the reply and status of connection

ISQ: Could Not Connect to off-box quarantine