04-03-2013 12:25 AM
I have been getting these warnings for both my C-370's every hour since 16.37 EST April 1st. Before that it has happened now and then but always kicked in again.
Network department claims they haven't done anything. Anyone know if Cisco has problems or what else might be causing this? Everyhitng else works but for the anti-spam and sophos updates it seems.
Solved! Go to Solution.
04-03-2013 06:32 AM
We had the same problem - please check and update your firewall settings to the following information from Cisco:
Cisco is releasing new improvements to our Security Intelligence Operations infrastructure that will enable greater scalability and efficacy to all of your Cisco security products. As part of this effort, there is a scheduled change to the IPv4 addresses for two hosts used in retrieving reputation updates from Cisco.com for Cisco Web, Email, and IPS appliances, as well as for the CX and Botnet Traffic Filter capabilities of the ASA.
By default, Cisco security technologies use DNS to locate the appropriate update servers. However, some environments may have configured static IP addresses in their access control. If you have configured IP-based access control to permit outbound connections for updates from Cisco, you will need to modify your rules to support the new IP addresses.
Changes will be implemented between February 21, 2013 and March 30, 2013.
If the following IP addresses have been added to your access control policy:
update-manifests.ironport.com: 204.15.82.17 on port 443
updates-static.ironport.com: 204.15.82.16 on port 80
Please add the following IP addresses to your access control policy by February 21, 2013:
update-manifests.ironport.com 208.90.58.5 on port 443
updates-static.ironport.com 208.90.58.25 on port 80
Another note confirm this setting also:
downloads-statis.ironport.com: 204.15.82.8
The original IPs addresses will be deprecated by April 30, 2013. If you do not modify necessary access controls, your Cisco security technologies will not be able to receive reputation updates.
Should you have any questions, please contact your local Cisco Support Team.
04-03-2013 06:32 AM
We had the same problem - please check and update your firewall settings to the following information from Cisco:
Cisco is releasing new improvements to our Security Intelligence Operations infrastructure that will enable greater scalability and efficacy to all of your Cisco security products. As part of this effort, there is a scheduled change to the IPv4 addresses for two hosts used in retrieving reputation updates from Cisco.com for Cisco Web, Email, and IPS appliances, as well as for the CX and Botnet Traffic Filter capabilities of the ASA.
By default, Cisco security technologies use DNS to locate the appropriate update servers. However, some environments may have configured static IP addresses in their access control. If you have configured IP-based access control to permit outbound connections for updates from Cisco, you will need to modify your rules to support the new IP addresses.
Changes will be implemented between February 21, 2013 and March 30, 2013.
If the following IP addresses have been added to your access control policy:
update-manifests.ironport.com: 204.15.82.17 on port 443
updates-static.ironport.com: 204.15.82.16 on port 80
Please add the following IP addresses to your access control policy by February 21, 2013:
update-manifests.ironport.com 208.90.58.5 on port 443
updates-static.ironport.com 208.90.58.25 on port 80
Another note confirm this setting also:
downloads-statis.ironport.com: 204.15.82.8
The original IPs addresses will be deprecated by April 30, 2013. If you do not modify necessary access controls, your Cisco security technologies will not be able to receive reputation updates.
Should you have any questions, please contact your local Cisco Support Team.
04-05-2013 05:49 AM
I've been receiving emails with the exact same error several times a week. When I check my firewall syslogs I'm seeing SYN Timeout" errors when attempting to make a connection to the new IP (208.90.58.5). Anyone else seeing these issues?
Note: I'm using the Ironport Update Servers setting in WSA.
Joe
04-05-2013 06:21 AM
Joe,
Just this morning I started getting the same emails. I have never seen them before so I'm thinking you're on to something here.
Greg
04-05-2013 06:35 AM
I checked the update log files on the WSA and also getting the errors below indicating that the WSA can't connect to the update server.
Fri Apr 5 07:29:39 2013 Info: Starting scheduled update
Fri Apr 5 07:30:39 2013 Info: Failed to acquire the server manifest
Fri Apr 5 07:32:39 2013 Info: Failed to acquire the server manifest
Fri Apr 5 07:34:39 2013 Info: Failed to acquire the server manifest
Fri Apr 5 07:34:39 2013 Info: Scheduled next update to occur at Fri Apr 5 08:34:39 2013
03-23-2017 08:53 AM
04-05-2013 06:56 AM
We have the same alerts, starting today. Our firewall do not block per static IPs. BTW, we still receive antispam updates, featurekey updates, so I think the problem is intermittent. Could Cisco have problem with their new update servers?
04-05-2013 06:58 AM
From: andmuell [mailto:supportforums-donotreply@supportforums.cisco.com]
Sent: Friday, April 05, 2013 6:44 AM
Subject: [Email Security] Announcement: DNS resolution issue for the ironport.com domain (Updates, Upgrades, CRES)
|
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: