cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
883
Views
0
Helpful
8
Replies
Beginner

Problem with centralized POV quarantine and Clustering

Hello I have this message trying to activate centralized quarantine on my 2nd ESA :

"Unable to proceed with Centralized Policy, Virus and Outbreak (PVO) Quarantines configuration as esa2 in ESA has content filters / DLP actions available at a level different from the Machine esa2 level."

Not sure what I Should do ?

8 REPLIES 8
Cisco Employee

Hi Clement

Hi Clement

Most likely there is an override between the machine/cluster level for the Policy, Virus and Outbreak quarantine(PVO) 

From the CLI run the following command clustercheck

Regards

Raed

Beginner

I got this result

I got this result

"No inconsistencies found on available machines."

Highlighted
Cisco Employee

Check the following article

Check the following article it might be of use 

Beginner

Great !

Great !

Thank you very much.

So what I did :

- Remove ESA from cluster

- Reconfigure POV quarantine

- Join Cluster again

No more error message but it seems that ESA2 settings are overriding cluster settings.

How to set cluster settings for ESA2 ?

Cisco Employee

Just join the cluster from

Just join the cluster from the second machine CLI > clusterconfig > join over ssh/ccs "based on how you configured things" and after the join the settings should be inhered from the cluster

Regards

Raed

Cisco Employee

Hello,

Hello,

In order to successfully enable Centralized PVO, any machine-level settings for DLP, Content Filters and PVO itself will need to be deleted. Both ESA1 and ESA2 need to be setup to be using the cluster level settings. You'll need to change the mode to 'machine-level' for ESA1 or ESA2, then delete those settings (make sure nothing at machine-level needs to be copied over to cluster level), save the changes and then confirm that both appliances are now only using the cluster level settings. Then, you should be able to try and enable Centralized PVO.

Also, prior to the above you'll need to make sure you perform the migration step on the SMA via Centralized Services --> PVO Quarantines --> Launch Migration Wizard. (This is assuming you've already added ESA2 to the SMA)

Thanks!

-Dennis M.

Beginner

Hi Libin,

Hi Libin,

"In order to successfully enable Centralized PVO, any machine-level settings for DLP, Content Filters and PVO itself will need to be deleted."

Did you mean, incoming and outgoing content filters should be delete?

Is there any other settings need to be delete in the clustering mode?

Kindly advise.

Cisco Employee

Only machine level

Only machine level configuration would need to be deleted, nothing needs to be deleted from the cluster.

Please go through the article shared by Raed earlier in the post.

- Libin V