Unable to disable smartlicensing on Ironport ESA - rollbackconfig
I was playing around with a new installation of ESA, and I enabled smart licensing. However, there was no way of turning it off after enabling it. We haven't converted our licenses yet, so I needed to switch back to classic licensing after playing around w the config. One of the newer genious-features of ESA is the command 'rollbackconfig'. I entered it and did a rollback to config prior to changing the licensing, and Voila - everything was back to normal.
The best part about rollbackconfig is that u don't have to manually save the config first. Ironport automatically saves the last committed 10 configurations.
mail.example.com> rollbackconfig Previous Commits: Committed On User Description --------------------------------------------------------------------------------- 1. Fri May 23 06:53:43 2014 admin new user 2. Fri May 23 06:50:57 2014 admin rollback 3. Fri May 23 05:47:26 2014 admin 4. Fri May 23 05:45:51 2014 admin edit user Enter the number of the config to revert to. > 2 Are you sure you want to roll back the configuration? [N]> y Reverted to Fri May 23 06:50:57 2014 admin rollback Do you want to commit this configuration now? [N]> y Committed the changes successfully
Re: Unable to disable smartlicensing on Ironport ESA - rollbackconfig
I apologise for the inconvenience faced with the feature; we're aware of the requirement and we have filed an enhancement request to bring an option to allow a roll back to the classic licensing method.
At this stage, you are correct - the only way to go back is to rollback the config or resetconfig/reload (which is a bit too destructive).
For virtual ESAs we're recommending to not use smart licenses yet as there has been some concerns due to the lack of option to change it back gracefully to classic VLN license method.
Thank you for sharing your experience and workaround to our wider community though - it's greatly appreciated.
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...