Here is steps you need to follow to upgrade and put back in to production.
You can do an initial configuration using the setup wizard to get your IP address and hostname configured so you have network access, or you can simply connect to 192.168.42.42 and log in as admin to start the upgrade on the replacement appliance.
Notes:
- The old appliance and the new appliance MUST have the same exact AsyncOS version and build.
- This only applies to a stand-alone appliance, not one that is in a cluster.
- This document assumes the use of the Web Interface (GUI) for all steps.
Instructions:
1) Save the configuration from the old appliance to your local machine. From the GUI -> System Administration -> Configuration File -> Download file to local computer to view or save. Be sure to un-check the box “Mask passwords in the Configuration Files”.
2) Get the new appliance up and running on your network. For access by Ethernet, connect to the Management Network Port. Use a browser to access the web-based interface on the default IP address 192.168.42.42 (username: admin, password: ironport). You can also access the command line interface by SSH or terminal emulation software on the same IP address. (The netmask is /24). For Serial access, connect to the Serial Port. Access the command line interface by a terminal emulator using 9600 bits, 8 bits, no parity, 1 stop bit (9600, 8, N, 1), flowcontrol = Hardware.
Run the system set up wizard (SSW). If your old appliance is dead or already off the network, then you can use the same IP information. If your old appliance is still on the network, then give the new appliance a temporary IP address (which has internet access to get updates).
3) Check to make sure the new appliance is on the same version and build of AsyncOS. From the GUI -> Monitor -> System Status. If they are the same, move on to step 5. If they are not the same, continue to step 4.
4) If the appliances are not on the same build, upgrade the new appliance to match the version of the old one. From the GUI -> System Administration -> System Upgrade -> Available Upgrades. If you see it in the list, please select it. If it is not listed, the specific version may need to be provisioned by Cisco IronPort Customer Support - please call before proceeding.
Note: If the old appliance is at a version that is older than the replacement appliance, you will need to upgrade it (if possible) to match the new appliance.
Some case you will not able to get updates due to some issue, make sure cisco register this device in their inventory to get updates. - if keep failing you need to contact cisco TAC for this.
5) Once the appliances are verified to be at the same version, load the configuration file to the new appliance. From the GUI -> System Administration -> Configuration File -> Load a configuration file from local computer.
6) If the configuration file loads without any errors, then you can proceed to decommission the old appliance and edit the IP settings of the new appliance as desired. From the GUI -> Network -> IP Interfaces. You may also need to edit the routing information as well (Network -> Routing).
7) If you get any errors when loading the new configuration file, you can try and edit the configuration file with an XML editor and look for the section that the error refers to. However, if you are not comfortable with this, please call in for support.
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118547-technote-esa-00.html
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117854-technote-esa-00.html
compare the config and you happy with the configuration, put the ESA in to production under change/maintenance windows and do some test, keep monitor until it stable and working as expected in the working environment.
