Hello I have this message trying to activate centralized quarantine on my 2nd ESA :
"Unable to proceed with Centralized Policy, Virus and Outbreak (PVO) Quarantines configuration as esa2 in ESA has content filters / DLP actions available at a level different from the Machine esa2 level."
Not sure what I Should do ?
Most likely there is an override between the machine/cluster level for the Policy, Virus and Outbreak quarantine(PVO)
From the CLI run the following command clustercheck
Thank you very much.
So what I did :
- Remove ESA from cluster
- Reconfigure POV quarantine
- Join Cluster again
No more error message but it seems that ESA2 settings are overriding cluster settings.
How to set cluster settings for ESA2 ?
Just join the cluster from the second machine CLI > clusterconfig > join over ssh/ccs "based on how you configured things" and after the join the settings should be inhered from the cluster
In order to successfully enable Centralized PVO, any machine-level settings for DLP, Content Filters and PVO itself will need to be deleted. Both ESA1 and ESA2 need to be setup to be using the cluster level settings. You'll need to change the mode to 'machine-level' for ESA1 or ESA2, then delete those settings (make sure nothing at machine-level needs to be copied over to cluster level), save the changes and then confirm that both appliances are now only using the cluster level settings. Then, you should be able to try and enable Centralized PVO.
Also, prior to the above you'll need to make sure you perform the migration step on the SMA via Centralized Services --> PVO Quarantines --> Launch Migration Wizard. (This is assuming you've already added ESA2 to the SMA)
"In order to successfully enable Centralized PVO, any machine-level settings for DLP, Content Filters and PVO itself will need to be deleted."
Did you mean, incoming and outgoing content filters should be delete?
Is there any other settings need to be delete in the clustering mode?
Only machine level configuration would need to be deleted, nothing needs to be deleted from the cluster.
Please go through the article shared by Raed earlier in the post.
- Libin V