We are currently "test driving" a set of Ironport encryption appliances and there is (for this moment) one thing that we can't figure out.
A little background:
We are planning to use the machines as S/MIME (and maybe PGP) encryption/decryption systems only. We are (currently) not interested in all the other nice features offered (but force us to connect the systems directly to the internet). This means we can place the machines into our Fully Trusted network Area(FTA) and use all the nice network facilities available in this area. One of the important ones is network connection redundancy (Interface Bonding).
I'm sure the C series can be configured to combine DATA1 and DATA2 as a high availability (bonded) network interface and I'm also sure the operating system that is used by the encryption systems (CentOS) supports bonding.
I have searched the HTML interface but can not find the option to enable bonding.
I know I can hack the Linux configuration but am a little afraid to do this. For the moment it's not possible for us to oversee the impact on the total system (that's really a good thing about AsyncOS interfaces, we all know it's a FreeBDS system but also know exactly what actions we can do safely, if it's not available on the CLI or GUI, you can not use it (example: IPv6 is supported by FreeBSD but the GUI and CLI do not offer the possibility to configure it so it's not available, that's totally clear!)
Re: Network interface bonding on Encryption Appliance
As you mentioned in your POST, the operating system of CentOS does indeed support Bonding and I have configured the IronPort Encryption Appliances to support bonding but it is not "officially" supported and therefore is not recommended at this time. So to answer your last question: I would not configure nic bonding on the IronPort Encryption Appliance.
Hi Everyonem Just wondering if anyone knows why I am getting an error that says "Cryptographic algorithms required by the secure gateway do not match those supported by AnyConnect. Please contact your network administrator.". See attached...
The Cisco 2020 CISO Benchmark Report provides valuable takeaways and data on the most pressing topics: the impact of vendor consolidation, cybersecurity fatigue, outsourcing, top causes of downtime, the most impactful threats, and more. The repo...
Hi, Has anyone run into the "Channel down" issue when updating the identity certificate on the Stealthwatch SMCv and SFCv. I'm doing a POC for a client and every time I go an update the identity cert the SMC says "it could save the configuration" and...
On July 16 2020, the U.K. National Cyber Security Centre and Canada’s Communication Security Establishment, in cooperation with the U.S. National Security Agency and Cybersecurity and Infrastructure Security agency, issued an advisory [...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment across all Cisco security products.
Cognitive Alert Fusion Early A...