cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2419
Views
0
Helpful
6
Comments
Robert Sherwin
Cisco Employee
Cisco Employee

Cisco is pleased to announce a new major release of AsyncOS 9.1.0 for Email.  This release applies to all our Email Security Appliances (C-Series, X-Series, and virtual appliances) with 8GB of RAM, and the C170 appliance.

 

Please note that the following hardware is NOT supported for this release: C160, C360, C660, and X1060 

 

New Enhancements in AsyncOS 9.1.0 for Email

  • File Analysis quarantine improvements:  Messages can now be automatically released or deleted from the centralized File Analysis quarantine on the Content Security Management Appliance based on the analysis verdict.
  • Updater Enhancement:  Email security appliance can check the validity of the Cisco updater server certificate every time the appliance communicates with the updater server.  
  • Option to disable SSLv3 for enhanced security:  The new sslv3config command in CLI can used to disable SSLv3 for the  the following services - Updater, URL Filtering, End User Quarantine and LDAP

 

Short list of defects fixed  in AsyncOS 9.1.0 for Email

 CSCut42997 - ESA Resource Monitor in 9.0 can make C170s unusable

 CSCus45574 - Messages with Status "unsupported file type" need to be handled in ESA

 CSCur27131 - Evaluation of CVE-2014-3566 on Cisco Email Security Appliance

 CSCus54216 - Auto-release is not happening if file is not uploaded with curl error

 CSCzv93864 - Cisco IronPort ESA Subject header length DoS Vulnerability

 CSCup53161 - Check the status of CASE to prevent it swap exhaustion

 CSCzv54343 - Uuencode emails are generating scanning error.

 CSCuq71053 - OOXML files with non-standard file order are mis-detected as zip files

 CSCut24259 - Changing case of Group query name in LDAP profile does not take effect.

 CSCzv38297 - ESA FreeBSD -- glob(3) related resource exhaustion

 

Note: Security Management Appliance upgrade to AsyncOS 9.1 for Management is required for full interoperability with AsyncOS 9.1 for Email.

 

Complete list of defects fixed:

https://tools.cisco.com/bugsearch/search?kw=*&pf=prdNm&pfVal=282509130&rls=9.1.0-032&sb=fr&srtBy=byRel&bt=custV

 

For further information about this release, please refer to the AsyncOS release notes available on Cisco.com at the following URL:

Cisco Email Security Appliance http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html

Cisco Content Security Management Appliance http://www.cisco.com/c/en/us/support/security/content-security-management-appliance/products-release-notes-list.html

 

AsyncOS 9.1.0 for Email release notes:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-1/ESA_9-1_Release_Notes.pdf

 

Changes in Behavior

While configuring the global settings for listeners, you can now specify whether to accept or reject messages based on the size of the subject. If you specify this parameter, messages having subject size within the specified limit will be accepted and any other messages will be rejected. For more information, see Cisco AsyncOS for Email User Guide

 

How to Upgrade

Prior to upgrading to this release, please read the Release Notes referenced above and save a copy of the configuration file somewhere other than on your appliance.

Once you have read the Release Notes you may log into the command line of your IronPort Appliance as the 'admin' user, and type 'upgrade', or use the WebUI upgrade functionality in the 'System Administration' tab.

You may upgrade directly to the highest version available in the displayed list.

 

**NOTE** It is important that you follow the upgrade instructions available in the Release Notes. If you do attempt to upgrade and do not see the desired release version available, your appliance is likely not on a version allowed to upgrade directly. See 'Upgrade Paths' below.

 

Upgrade Paths

Please refer to the Release Notes for qualified upgrade paths.  If your systems are on any other AsyncOS release, you will need to perform multiple upgrades as specified in the release notes. Only the immediate next step in the upgrade path will be shown to you, with the next revision being shown once you are at the approved level.

 

The qualified upgrade paths to reach AsyncOS 9.1.0-032:

ASYNCOS 8.0.2-066 -> ASYNCOS 9.1.0-032

ASYNCOS 8.5.6-106 -> ASYNCOS 9.1.0-032

ASYNCOS 8.5.6-116 -> ASYNCOS 9.1.0-032

ASYNCOS 9.0.0-500 -> ASYNCOS 9.1.0-032

ASYNCOS 9.1.0-024 -> ASYNCOS 9.1.0-032

 

Supported Hardware for This Release

All virtual appliance models.

The following hardware models:

– C380 or C680

– C170

– C370, C370D, C670 or X1070 appliances (8GB of RAM models)

 

Upgrading Deployments with Centralized Management (Clustered Appliances)

If a cluster includes C160, C360, C660, or X1060 hardware appliances, remove these appliances from the cluster before upgrading.  All machines in a cluster must be running the same version of AsyncOS, and x60 hardware cannot be upgraded to this release. If necessary, create a separate cluster for your x60 appliances.

 

Release Stage

Early Deployment (ED) A Cisco software release that provides new features and new platform support, in addition to bug fixes. This is intended for early adoption by customers.  This was formerly called First Customer Ship (FCS).

 

Need further assistance?  Product Support | Downloads | Open a Support Case

6 Comments
Robert Sherwin
Cisco Employee
Cisco Employee

General Deployment (GD) milestone released as of April 17, 2015.

General Deployment (GD)
A Cisco software release that provides new features and new platform support in addition to bug fixes which is ready for deployment anywhere in customer networks where the features and functionality of the release are required. This was formerly called General Availability (GA).

jbrokofsky
Level 1
Level 1

Hi Robert,

Does this release enable TLS 1.2? We have 4 IronPorts and would like to disable SSLv3 and TLS1.0

 

Thank you,

 

Jake

Robert Sherwin
Cisco Employee
Cisco Employee

9.1 does not contain any TLS/SSL/sslconfig level changes.  TLSv1.2 is road-mapped still for 9.5 release, which is undergoing Beta at this time.  (*I cannot guarantee that it will release w/ this enhancement.)

https://tools.cisco.com/bugsearch/bug/CSCzv85606

 

Removing SSL3 was recommended after the POODLE issues:

Tip: SSL Version 3.0 (RFC-6101) is an obsolete and an insecure protocol. There is a vulnerability in SSLv3 CVE-2014-3566  known as Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, Cisco bug ID CSCur27131 . The recommendation is to to disable SSLv3 while you change the ciphers and use TLS only, and select option 3 (TLS v1). Review the provided Cisco bug ID CSCur27131  for complete details.

Per: http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117864-configure-esa-00.html

Also see: http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118620-technote-esa-00.html

 

-Robert

Anonymous
Level 1
Level 1

When it will be available for trial users?

I've got a trial key but can download only old version 8.5.6.

Robert Sherwin
Cisco Employee
Cisco Employee

Where are you trying to download from?  Is this a virtual ESA download?  I'm not familiar with trial users, or trial key.

 

You can use a demo license and 9.1.0-032.  You will need a CCO log-in, and then you can download 9.1.0-032 from the virtual downloads page:

http://www.cisco.com/c/en/us/support/security/email-security-virtual-appliance/tsd-products-support-series-home.html

Click on the 'Download Software' link.

 

And you can also request demo license from the following:

https://tools.cisco.com/SWIFT/LicensingUI/Quickstart#.

Get Other Licenses > Demo and Evaluation > Security Products > Cisco Virtual Appliance Demo License

Anonymous
Level 1
Level 1

Demo request doesn't work, I'm getting:

Access page to this page is restricted. Thank You.

From the 'Download Software' I can download only version 8.0.0 and 8.5.6. Links to 9.0.0 and 9.1.0 hidden under "Additional Entitlement Required".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: