Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Current situation:
SMA v13.8.1-101, WSA 12.5.4-011, CM is 12.5
We want to upgrade to SMA 14.2.0-241 and WSA 14.5.1-016. The old compatibility matrix is no longer available. The new version at https://www.cisco.com/c/dam/en/us/td/docs/security/securit...
In AsyncOS version 14.x and newer you need a bigger nextroot partition. Our ESA's and SMA virtual machines are quite old and have a small nextroot partition of only 400MB. The Field Notice 72230 applies and in this field notice and in How to Apply th...
When we use the IP Spoofing functionality in explicit mode with an IP address not being the client address, but from some other range.
And of course routing that address back to the WSAv and we don't use a WCCP router.
Do we need to configure that ip...
I have a regular expression which contains end of line characters, eg.
\S+[,.!]\s*[\r\n].+:\s*[\r\n]https.*\s*[\r\n]+Password\s\S{3}\s*[\r\n]
I want to scan the body of email with this pattern. However the body-contains rule doesn't perform multi-li...
With DMARC you can specify an address list for which DMARC verification is excluded (DMARC global settings, bypass address list). I wonder with which field it is compared. Is it the Envelope-From or the Header From or any header which is specified in...
What I'm trying to achieve here is that traffic from a specific set of clients, going through the proxy and to a specified number of destinations (hostnames) is limited in the bandwidth they can consume.
Bandwidth limitations in our setup is done by ...
That is not what I want to achieve. I want to use a different IP address so that a traffic shaper can recognize this traffic and assign a specific shaping profile to this traffic.
That is also my bet...
The order of the lines is important, but I can always try with an AND condition and matching all relevant lines. The initial action would be to duplicate the email to an quarantaine and watch that quarantaine for false positive...
Thanks for the link and the clarification.However, I think that is weird. The point of DMARC is that the visible sender inside the Header From cannot be trusted and should be aligned with either the Envelope From (SPF) or the domain in the DKIM signi...
