Guía Del UsuarioTabla de contenidosAsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide1Contents3Introduction23What’s New in This Release23New in Release 9.5.123New in Release 9.524Cisco Content Security Management Overview24Setup, Installation, and Basic Configuration27Solution Deployment Overview27SMA Compatibility Matrix28Installation Planning28Network Planning28About Integrating a Security Management Appliance with Email Security Appliances29Deployments with Clustered Email Security Appliances29Preparing for Setup30Physically Setting Up and Connecting the Appliance30Determining Network and IP Address Assignments30Gathering the Setup Information31Accessing the Security Management Appliance32Browser Requirements32About Accessing the Web Interfaces32Accessing the Web Interface33Accessing the Command Line Interface33Supported Languages33Running the System Setup Wizard34Before You Begin34Overview of the System Setup Wizard35Launch the System Setup Wizard35Review the End User License Agreement36Configure the System Settings36Entering an Email Address for System Alerts36Setting the Time36Setting the Password36Enabling AutoSupport36Configure the Network Settings37Network Settings37Review Your Configuration37Proceeding to the Next Steps37About Adding Managed Appliances38Editing Managed Appliance Configurations38Removing an Appliance from the List of Managed Appliances39Configuring Services on the Security Management Appliance39Committing and Abandoning Configuration Changes39Working With Reports41Ways to View Reporting Data41How the Security Appliance Gathers Data for Reports42How Reporting Data is Stored42About Reporting and Upgrades43Customizing Your View of Report Data43Viewing Reporting Data for an Appliance or Reporting Group44Choosing a Time Range for Reports44(Web Reports Only) Choosing Which Data to Chart45Customizing Tables on Report Pages46Custom Reports46Modules That Cannot Be Added to Custom Reports47Creating Your Custom Report Page47Viewing Details of Messages or Transactions Included in Reports48Improving Performance of Email Reports49Printing and Exporting Reporting and Tracking Data50Exporting Report Data as a Comma-Separated Values (CSV) File51Subdomains vs. Second-Level Domains in Reporting and Tracking52Troubleshooting All Reports52Unable to View Report Data on Backup Security Management Appliance53Reporting Is Disabled53Email and Web Reports53Using Centralized Email Security Reporting55Centralized Email Reporting Overview55Setting Up Centralized Email Reporting56Enabling Centralized Email Reporting on the Security Management Appliance56Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance57Creating Email Reporting Groups58Enabling Centralized Email Reporting on Email Security Appliances58Working with Email Report Data58Searching and the Interactive Email Report Pages59Understanding the Email Reporting Pages60Table Column Descriptions for Email Reporting Pages63Email Reporting Overview Page65How Incoming Mail Messages are Counted66How Email Messages Are Categorized by the Appliances66Categorizing Email Messages on the Overview Page67Incoming Mail Page69Views Within the Incoming Mail Page69“No Domain Information” Link70Time Ranges in the Mail Trend Graphs71Incoming Mail Details Table71Sender Profile Pages71Sender Groups Report Page72Outgoing Destinations Page73Outgoing Senders Page74Internal Users Page75Internal User Details Page76Searching for a Specific Internal User76DLP Incidents76DLP Incidents Details Table77DLP Policy Detail Page77Message Filters78High Volume Mail78Content Filters Page78Content Filter Details Page79DMARC Verification79Virus Types Page79URL Filtering Page80Web Interaction Tracking Page81Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages81Requirements for File Analysis Report Details82(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server82(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results82(On-Premises File Analysis) Activate the File Analysis Account83Additional Requirements83Identifying Files by SHA-256 Hash83File Reputation and File Analysis Report Pages84Viewing File Reputation Filtering Data in Other Reports84For Which Files Are Detailed File Analysis Results Visible in the Cloud?85TLS Connections Page85Inbound SMTP Authentication Page86Rate Limits Page87Outbreak Filters Page88Reporting of Graymail89Reporting of Marketing Messages after Upgrade to AsyncOS 9.590System Capacity Page90How to Interpret the Data You See on System Capacity Page91System Capacity – Workqueue91System Capacity – Incoming Mail92System Capacity – Outgoing Mail92System Capacity – System Load92Overall CPU Usage93Memory Page Swapping93Resource Conservation Activity93System Capacity – All93Threshold Indicator in System Capacity Graphs94Reporting Data Availability Page94About Scheduled and On-Demand Email Reports94Additional Report Types95Domain-Based Executive Summary Report95Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering96Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports96Creating Domain-Based Executive Summary Reports97Executive Summary Report98Scheduling Email Reports98Adding Scheduled Reports98Editing Scheduled Reports99Discontinuing Scheduled Reports100Generating Email Reports On Demand100Viewing and Managing Archived Email Reports101Accessing Archived Reports102Deleting Archived Reports102Troubleshooting Email Reports102Outbreak Filters Reports Do Not Show Information Correctly103Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report103Advanced Malware Protection Verdict Updates Report Results Differ103Issues Viewing File Analysis Report Details103File Analysis Report Details Are Not Available103Error When Viewing File Analysis Report Details104Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance104Logging of File Analysis-Related Errors104Total Graymail or Marketing Messages Appears To Be Incorrect104Using Centralized Web Reporting and Tracking105Centralized Web Reporting and Tracking Overview105Setting Up Centralized Web Reporting and Tracking106Enabling Centralized Web Reporting on the Security Management Appliance107Enabling Centralized Web Reporting on Web Security Appliances107Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance107Anonymizing User Names in Web Reports108Working with Web Security Reports109Web Reporting Page Descriptions109About Time Spent112Web Reporting Overview112Users Report (Web)114User Details (Web Reporting)115Web Sites Report117URL Categories Report118Reducing Uncategorized URLs119URL Category Set Updates and Reports119Using The URL Categories Page in Conjunction with Other Reporting Pages120Reporting Misclassified and Uncategorized URLs120Application Visibility Report120Understanding the Difference between Application versus Application Types121Anti-Malware Report122Malware Category Report123Malware Threat Report124Malware Category Descriptions124Advanced Malware Protection (File Reputation and File Analysis) Reports125Requirements for File Analysis Report Details126(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server126(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results126(On-Premises File Analysis) Activate the File Analysis Account126Additional Requirements127Identifying Files by SHA-256 Hash127Advanced Malware Protection (File Reputation and File Analysis) Report Pages128Viewing File Reputation Filtering Data in Other Reports129For Which Files Are Detailed File Analysis Results Visible in the Cloud?129Client Malware Risk Report130Web Reputation Filters Report131What are Web Reputation Filters?131Adjusting Web Reputation Settings133L4 Traffic Monitor Report133SOCKS Proxy Report135Reports by User Location135System Capacity Page136Viewing the System Capacity Report136How to Interpret the Data You See on the System Capacity Page137System Capacity - System Load137System Capacity - Network Load137Note About Proxy Buffer Memory Swapping138Data Availability Page138About Scheduled and On-Demand Web Reports138Scheduling Web Reports139Storage of Scheduled Web Reports140Adding Scheduled Web Reports140Editing Scheduled Web Reports141Deleting Scheduled Web Reports141Additional Extended Web Reports141Top URL Categories—Extended141Top Application Types—Extended142Generating Web Reports on Demand143Viewing and Managing Archived Web Reports144Web Tracking144Searching for Transactions Processed by Web Proxy Services144Malware Category Descriptions147Searching for Transactions Processed by the L4 Traffic Monitor148Searching for Transactions Processed by the SOCKS Proxy149Working with Web Tracking Search Results149Displaying More Web Tracking Search Results149Understanding Web Tracking Search Results149Viewing Transaction Details for Web Tracking Search Results150About Web Tracking and Advanced Malware Protection Features150About Web Tracking and Upgrades151Troubleshooting Web Reporting and Tracking151Centralized Reporting Is Enabled Properly But Not Working151Advanced Malware Protection Verdict Updates Report Results Differ152Issues Viewing File Analysis Report Details152File Analysis Report Details Are Not Available152Error When Viewing File Analysis Report Details152Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance152Expected Data Is Missing from Reporting or Tracking Results152PDF Shows Only a Subset of Web Tracking Data153Troubleshooting L4 Traffic Monitor Reports153Exported .CSV file is Different From Web Interface Data153Tracking Email Messages155Tracking Service Overview155Setting Up Centralized Message Tracking156Enabling Centralized Email Tracking on a Security Management Appliance156Configuring Centralized Message Tracking on Email Security Appliances156Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance157Managing Access to Sensitive Information158Checking Message Tracking Data Availability158Searching for Email Messages158Narrowing the Result Set161About Message Tracking and Advanced Malware Protection Features161Understanding Tracking Query Results162Message Details162Envelope and Header Summary163Sending Host Summary163Processing Details163DLP Matched Content Tab163Troubleshooting Message Tracking164Expected Messages Are Missing from Search Results164Attachments Do Not Appear in Search Results164Spam Quarantine165Overview of the Spam Quarantine165Local Versus External Spam Quarantine165Setting Up the Centralized Spam Quarantine166Enabling and Configuring the Spam Quarantine166Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance168Configuring an Outbound IP Interface on the Security Management Appliance169Configuring the IP Interface for Browser Access to the Spam Quarantine170Configuring Administrative User Access to the Spam Quarantine170Limiting Which Recipients Have Mail Quarantined171Ensuring That Message Text Displays Correctly171Spam Quarantine Language171Using Safelists and Blocklists to Control Email Delivery Based on Sender172Message Processing of Safelists and Blocklists172Enabling Safelists and Blocklists173External Spam Quarantine and Safelist/Blocklists173Adding Senders and Domains to Safelists and Blocklists (Administrators)174Syntax for Safelists and Blocklist Entries175Clearing All Safelists and Blocklists176About End-User Access to Safelists and Blocklists176Adding Entries to Safelists (End Users)176Adding the Sender of a Quarantined Message to the Safelist176Adding Senders to the Safelist Without a Quarantined Message177Adding Senders to Blocklists (End Users)177Backing Up and Restoring the Safelist/Blocklist177Troubleshooting Safelists and Blocklists178Message from Safelisted Sender Was Not Delivered178Configuring Spam Management Features for End Users179Authentication Options for End Users Accessing Spam Management Features179LDAP Authentication Process180IMAP/POP Authentication Process181Setting Up End-User Access to the Spam Quarantine via Web Browser181Configuring End-User Access to the Spam Quarantine182Determining the URL for End-User Access to the Spam Quarantine183Which Messages an End User Sees183Notifying End Users About Quarantined Messages183Recipient Email Mailing List Aliases and Spam Notifications185Testing Notifications185Troubleshooting Spam Notifications186User Receives Multiple Notifications186Recipient Does Not Receive Notifications186Managing Messages in the Spam Quarantine186Accessing the Spam Quarantine (Administrative Users)186Searching for Messages in the Spam Quarantine187Searching Very Large Message Collections187Viewing Messages in the Spam Quarantine187Delivering Messages in the Spam Quarantine188Deleting Messages from the Spam Quarantine188Disk Space for the Spam Quarantine188About Disabling the External Spam Quarantine188Troubleshooting Spam Quarantine Features189Centralized Policy, Virus, and Outbreak Quarantines191Overview of Centralized Quarantines191Quarantine Types192Centralizing Policy, Virus, and Outbreak Quarantines193Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance194Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance195Configuring Migration of Policy, Virus, and Outbreak Quarantines196Designating an Alternate Appliance to Process Released Messages197Configuring Centralized Quarantine Access for Custom User Roles198Disabling Centralized Policy, Virus, and Outbreak Quarantines198Releasing Messages When an Email Security Appliance Is Unavailable198Managing Policy, Virus, and Outbreak Quarantines198Disk Space Allocation for Policy, Virus, and Outbreak Quarantines199Retention Time for Messages in Quarantines199Default Actions for Automatically Processed Quarantined Messages201Checking the Settings of System-Created Quarantines201Configuring Policy, Virus, and Outbreak Quarantines201About Editing Policy, Virus, and Outbreak Quarantine Settings203Determining the Filters and Message Actions to Which a Policy Quarantine Is Assigned203About Deleting Policy Quarantines203Monitoring Quarantine Status, Capacity, and Activity204Alerts About Quarantine Disk-Space Usage205Policy Quarantines and Logging205About Distributing Message Processing Tasks to Other Users205Which User Groups Can Access Policy, Virus, and Outbreak Quarantines206Working with Messages in Policy, Virus, or Outbreak Quarantines206Viewing Messages in Quarantines207Quarantined Messages and International Character Sets207Finding Messages in Policy, Virus, and Outbreak Quarantines207Manually Processing Messages in a Quarantine208Sending a Copy of the Message209About Moving Messages Between Policy Quarantines209Messages in Multiple Quarantines209Message Details and Viewing Message Content210Viewing Matched Content211Downloading Attachments212About Rescanning of Quarantined Messages212The Outbreak Quarantine213Rescanning Messages in an Outbreak Quarantine213Manage by Rule Summary Link214Reporting False Positives or Suspicious Messages to Cisco Systems214Troubleshooting Centralized Policy Quarantines214Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions214Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned214Managing Web Security Appliances215About Centralized Configuration Management215Determining the Correct Configuration Publishing Method215Setting Up Configuration Masters to Centrally Manage Web Security Appliances216Important Notes About Using Configuration Masters217Determine the Configuration Master Versions to Use217Enabling Centralized Configuration Management on the Security Management Appliance218Initializing Configuration Masters218About Associating Web Security Appliances to Configuration Masters219Adding Web Security Appliances and Associating Them with Configuration Master Versions219Associating Configuration Master Versions to Web Security Appliances220Configuring Settings to Publish220Importing from an Existing Configuration Master221Importing Settings from a Web Security Appliance222Configuring Web Security Features Directly in Configuration Masters222SMA-Specific Differences when Configuring Features in Configuration Masters223Tip for Working with Identities/Identification Profiles in Configuration Masters224Ensuring that Features are Enabled Consistently224Comparing Enabled Features224Enabling Features to Publish225Disabling Unused Configuration Masters226Setting Up to Use Advanced File Publishing227Publishing Configurations to Web Security Appliances227Publishing a Configuration Master227Before You Publish a Configuration Master227Publishing a Configuration Master Now229Publishing a Configuration Master Later230Publishing a Configuration Master Using the Command Line Interface230Publishing Configurations Using Advanced File Publishing231Advanced File Publish: Publish Configuration Now231Advanced File Publish: Publish Later232Viewing Status and History of Publishing Jobs233Viewing Publish History233Viewing Web Security Appliance Status233Viewing a Summary of Status of Web Appliances233Viewing Status of Individual Web Security Appliances234Web Appliance Status Details234Preparing For and Managing URL Category Set Updates235Understand the Impacts of URL Category Set Updates235Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates235Specify Default Settings for New and Changed Categories236When the URL Category Set is Updated, Check Your Policy and Identity/Identification Profile Settings236Troubleshooting Configuration Management Issues236In Configuration Master > Identities/Identification Profiles, Groups Are Not Available236Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected237Troubleshooting Configuration Publishing Failures237Monitoring System Status239About Security Management Appliance Status239Monitoring Security Management Appliance Capacity240Monitoring the Processing Queue240Monitoring CPU Utilization240Monitoring Status of Data Transfer From Managed Appliances241Viewing the Configuration Status of Your Managed Appliances242Additional Status Information for Web Security Appliances242Monitoring Reporting Data Availability Status242Monitoring Email Security Reporting Data Availability243Monitoring Web Security Reporting Data Availability243Monitoring Email Tracking Data Status244Monitoring Capacity of Managed Appliances244Identifying Active TCP/IP Services244Integrating with LDAP245Overview245Configuring LDAP to Work with the Spam Quarantine245Creating the LDAP Server Profile246Testing LDAP Servers248Configuring LDAP Queries248LDAP Query Syntax248Tokens249Spam Quarantine End-User Authentication Queries249Sample Active Directory End-User Authentication Settings250Sample OpenLDAP End-User Authentication Settings250Spam Quarantine Alias Consolidation Queries250Sample Active Directory Alias Consolidation Settings251Sample OpenLDAP Alias Consolidation Settings251Testing LDAP Queries252Domain-Based Queries252Creating a Domain-Based Query253Chain Queries254Creating a Chain Query254Configuring AsyncOS to Work With Multiple LDAP Servers255Testing Servers and Queries256Failover256Configuring the Cisco Content Security Appliance for LDAP Failover256Load Balancing257Configuring the Cisco Content Security Appliance for Load Balancing257Configuring External Authentication of Administrative Users Using LDAP258User Accounts Query for Authenticating Administrative Users259Group Membership Queries for Authenticating Administrative Users259Enabling External Authentication of Administrative Users261Configuring SMTP Routing263SMTP Routes Overview263SMTP Routes, Mail Delivery, and Message Splintering264SMTP Routes and Outbound SMTP Authentication264Routing Email for Local Domains264Default SMTP Route264Managing SMTP Routes265Defining an SMTP Route265SMTP Routes Limits265Adding SMTP Routes265Exporting SMTP Routes266Importing SMTP Routes266SMTP Routes and DNS268Distributing Administrative Tasks269About Distributing Administrative Tasks269Assigning User Roles269Predefined User Roles269Custom User Roles272About Custom Email User Roles272Access to Email Reporting272Access to Message Tracking Data274Access to Quarantines for Custom User Role274Creating Custom Email User Roles274Using Custom Email User Roles275About Custom Web User Roles275Creating Custom Web User Roles276Editing Custom Web User Roles277Deleting Custom User Roles277User Roles with Access to the CLI277Using LDAP277Access to Quarantines278About Authenticating Administrative Users278Changing the Admin User’s Password278Managing Locally-Defined Administrative Users278Adding Locally-Defined Users279Editing Locally-Defined Users279Deleting Locally-Defined Users280Viewing the List of Locally-Defined Users280Setting and Changing Passwords280Setting Password and Login Requirements280Requiring Users to Change Passwords on Demand283Locking and Unlocking Local User Accounts284Locking User Accounts Manually284Unlocking User Accounts284External User Authentication285Configuring LDAP Authentication285Enabling RADIUS Authentication285Additional Controls on Access to the Security Management Appliance288Configuring IP-Based Network Access288Direct Connections288Connecting Through a Proxy288Creating the Access List288Configuring the Web UI Session Timeout290Controlling Access to Sensitive DLP Information in Message Tracking291Displaying a Message for Administrative Users291Viewing Administrative User Activity291Viewing Active Sessions Using the Web292Viewing Your Recent Login Attempts292Viewing Administrative User Activity via the Command Line Interface292Troubleshooting Administrative User Access293Error: User Has No Access Privileges Assigned293User Has No Active Menus293Externally-Authenticated Users See Preferences Option294Common Administrative Tasks295Performing Administrative Tasks295Working with Feature Keys296Virtual Appliance Licensing and Feature Keys296Performing Maintenance Tasks Using CLI Commands296Shutting Down the Security Management Appliance297Rebooting the Security Management Appliance297Taking the Security Management Appliance Out of Service297CLI Examples: suspend and suspendtransfers Commands298Resuming from a Suspended State299CLI Examples: resume and resumetransfers Commands299Resetting the Configuration to Factory Defaults299The resetconfig Command300Displaying the Version Information for AsyncOS300Enabling Remote Power Management301Backing Up Security Management Appliance Data302What Data Is Backed Up302Restrictions and Requirements for Backups302Backup Duration303Availability of Services During Backups304Interruption of a Backup Process304Prevent the Target Appliance From Pulling Data Directly from Managed Appliances304Receiving Alerts About Backup Status305Scheduling Single or Recurring Backups305Starting an Immediate Backup306Checking Backup Status306Backup Information in Log Files307Other Important Backup Tasks307Making a Backup Appliance the Primary Appliance307Disaster Recovery on the Security Management Appliance308Upgrading Appliance Hardware310Upgrading AsyncOS310Batch Commands for Upgrades311Determining Network Requirements for Upgrades and Updates311Choosing an Upgrade Method: Remote vs. Streaming311Streaming Upgrade Overview311Remote Upgrade Overview312Hardware and Software Requirements for Remote Upgrades313Hosting a Remote Upgrade Image313Important Differences in Remote Upgrading Method314Configuring Upgrade and Service Update Settings314Upgrade and Update Settings315Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies316Configuring the Update and Upgrade Settings from the GUI318Upgrade Notifications318Before You Upgrade: Important Steps319Upgrading AsyncOS319Viewing Status of, Canceling, or Deleting a Background Download321After Upgrading321About Reverting to an Earlier Version of AsyncOS322Important Note About Reversion Impact322Reverting AsyncOS322About Updates324About URL Category Set Updates for Web Usage Controls324Configuring the Return Address for Generated Messages324Managing Alerts325Alert Types and Severities325Alert Delivery325Viewing Recent Alerts326About Duplicate Alerts326Cisco AutoSupport327Hardware Alert Descriptions327System Alert Descriptions327Changing Network Settings330Changing the System Hostname330The sethostname Command330Configuring Domain Name System Settings331Specifying DNS Servers331Multiple Entries and Priority331Using the Internet Root Servers332Reverse DNS Lookup Timeout332DNS Alert332Clearing the DNS Cache332Configuring DNS Settings via the Graphical User Interface333Configuring TCP/IP Traffic Routes333Managing Static Routes in the GUI333Modifying the Default Gateway (GUI)333Configuring the Default Gateway334Configuring the System Time334Using a Network Time Protocol (NTP) Server334Selecting a GMT Offset335Updating Time Zone Files335Automatically Updating Time Zone Files335Manually Updating Time Zone Files335Saving and Importing Configuration Settings336Managing Configuration Files336Saving and Exporting the Current Configuration File336Loading a Configuration File337Empty Versus Omitted Tags338Note About Loading Passwords for Log Subscriptions338Note About Character Set Encoding338Resetting the Current Configuration338Rolling Back to a Previously Committed Configuration338CLI Commands for Configuration Files339The showconfig, mailconfig, and saveconfig Commands339The loadconfig Command340The rollbackconfig Command340The publishconfig Command340Uploading Configuration Changes Using the CLI341Managing Disk Space342(Virtual Appliances Only) Increasing Available Disk Space342Viewing Disk Quotas and Usage343Disk Space Maximums and Allocations343Ensuring That You Receive Alerts About Disk Space343Managing Disk Space for the Miscellaneous Quota344Reallocating Disk Space Quotas344Adjusting the Reference Threshold in System Health Graphs for Email Security Appliances345Customizing Your View345Using Favorite Pages345Setting Preferences346Logging347Logging Overview347Logging Versus Reporting347Log Retrieval348Filename and Directory Structure348Log Rollover and Transfer Schedule348Timestamps in Log Files349Logs Enabled by Default349Log Types350Summary of Log Types350Log Type Comparison353Using Configuration History Logs353Using CLI Audit Logs354Using FTP Server Logs355Using HTTP Logs355Using Spam Quarantine Logs356Using Spam Quarantine GUI Logs356Using Text Mail Logs357Sample Text Mail Log357Examples of Text Mail Log Entries358Message Receiving359Successful Message Delivery Example359Unsuccessful Message Delivery (Hard Bounce)359Soft Bounce with Ultimately Successful Delivery Example359Message Scanning Results (scanconfig)360Message with Attachment360Generated or Rewritten Messages361Sending a Message to the Spam Quarantine361Using NTP Logs362Using Reporting Logs362Using Reporting Query Logs363Using Safelist/Blocklist Logs363Using SMA Logs364Using Status Logs365Using System Logs367Understanding Tracking Logs367Log Subscriptions367Configuring Log Subscriptions368Setting the Log Level368Creating a Log Subscription in the GUI369Editing Log Subscriptions370Configuring Global Settings for Logging370Logging Message Headers371Configuring Global Settings for Logging by Using the GUI371Rolling Over Log Subscriptions372Rolling Over Logs in Log Subscriptions372Rolling Over Logs Immediately Using the GUI372Rolling Over Logs Immediately via the CLI372Viewing the Most Recent Log Entries in the GUI372Viewing the Most Recent Entries in Logs (tail Command)372Configuring Host Keys373Troubleshooting377Collecting System Information377Troubleshooting Feature Setup Issues377General Troubleshooting Resources377Troubleshooting Performance Issues on Managed Appliances378Troubleshooting Issues with Specific Functionality378Responding to Alerts379Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware379Additional Alert Descriptions379Working with Technical Support379Opening or Updating a Support Case from the Appliance379Getting Support for Virtual Appliances380Enabling Remote Access for Cisco Technical Support Personnel380Enabling Remote Access to Appliances With an Internet Connection381Enabling Remote Access to Appliances Without a Direct Internet Connection381Disabling a Tech Support Tunnel382Disabling Remote Access382Checking the Status of the Support Connection382Running a Packet Capture382Remotely Resetting Appliance Power384IP Interfaces and Accessing the Appliance385IP Interfaces385Configuring IP Interfaces385Creating IP Interfaces Using the GUI386Accessing the Appliance via FTP387Secure Copy (scp) Access389Accessing via a Serial Connection390Pinout Details for the Serial Port in 80- Series Hardware390Pinout Details for the Serial Port in 70-Series Hardware390Assigning Network and IP Addresses393Ethernet Interfaces393Selecting IP Addresses and Netmasks393Sample Interface Configurations394IP Addresses, Interfaces, and Routing394Summary395Strategies for Connecting Your Content Security Appliance395Firewall Information397Web Security Management Examples401Web Security Appliance Examples401Example 1: Investigating a User401Related Topics402Example 2: Tracking a URL403Related Topics403Example 3: Investigating Top URL Categories Visited403Related Topics404Additional Resources405Cisco Notification Service405Documentation405Third Party Contributors406Training407Knowledge Base Articles (TechNotes)407Cisco Support Community407Customer Support407Registering for a Cisco Account408Cisco Welcomes Your Comments408End User License Agreement409Cisco Systems End User License Agreement409Supplemental End User License Agreement for Cisco Systems Content Security Software416Index419Tamaño: 4 MBPáginas: 428Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 8.3.5 for Cisco Content Security Management User Guide1Contents3Introduction21What’s New in This Release21What’s New in Release 8.3.522What’s New in Release 8.322Cisco Content Security Management Overview23Setup, Installation, and Basic Configuration25Solution Deployment Overview25SMA Compatibility Matrix26Installation Planning26Network Planning26About Integrating a Security Management Appliance with Email Security Appliances27Deployments with Clustered Email Security Appliances27Preparing for Setup28Physically Setting Up and Connecting the Appliance28Determining Network and IP Address Assignments28Gathering the Setup Information29Accessing the Security Management Appliance30Browser Requirements30About Accessing the Web Interfaces30Accessing the Web Interface31Accessing the Command Line Interface31Supported Languages31Running the System Setup Wizard32Before You Begin32Overview of the System Setup Wizard33Launch the System Setup Wizard33Review the End User License Agreement33Configure the System Settings34Entering an Email Address for System Alerts34Setting the Time34Setting the Password34Enabling AutoSupport34Configure the Network Settings34Network Settings35Review Your Configuration35Proceeding to the Next Steps35About Adding Managed Appliances36Editing Managed Appliance Configurations36Removing an Appliance from the List of Managed Appliances37Configuring Services on the Security Management Appliance37Committing and Abandoning Configuration Changes37Working With Reports39Ways to View Reporting Data39How the Security Appliance Gathers Data for Reports40How Reporting Data is Stored40About Reporting and Upgrades41Customizing Your View of Report Data41Viewing Reporting Data for an Appliance or Reporting Group42Choosing a Time Range for Reports42(Web Reports Only) Choosing Which Data to Chart43Customizing Tables on Report Pages44Custom Reports44Modules That Cannot Be Added to Custom Reports45Creating Your Custom Report Page45Viewing Details of Messages or Transactions Included in Reports46Improving Performance of Email Reports46Printing and Exporting Reporting and Tracking Data48Exporting Report Data as a Comma-Separated Values (CSV) File49Subdomains vs. Second-Level Domains in Reporting and Tracking50Troubleshooting All Reports50Unable to View Report Data on Backup Security Management Appliance51Reporting Is Disabled51Email and Web Reports51Using Centralized Email Security Reporting53Centralized Email Reporting Overview53Setting Up Centralized Email Reporting54Enabling Centralized Email Reporting on the Security Management Appliance54Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance55Creating Email Reporting Groups56Enabling Centralized Email Reporting on Email Security Appliances56Working with Email Report Data56Searching and the Interactive Email Report Pages57Understanding the Email Reporting Pages58Table Column Descriptions for Email Reporting Pages61Email Reporting Overview Page63How Incoming Mail Messages are Counted64How Email Messages Are Categorized by the Appliances64Categorizing Email Messages on the Overview Page64Incoming Mail Page66Views Within the Incoming Mail Page66Categorizing Email Messages on Incoming Mail Page67“No Domain Information” Link69Time Ranges in the Mail Trend Graphs69Incoming Mail Details Table69Sender Profile Pages69Sender Groups Report Page71Outgoing Destinations Page71Outgoing Senders Page72Internal Users Page73Internal User Details Page74Searching for a Specific Internal User75DLP Incidents75DLP Incidents Details Table76DLP Policy Detail Page76Message Filters76High Volume Mail77Content Filters Page77Content Filter Details Page77DMARC Verification78Virus Types Page78URL Filtering Page79Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages79Requirements for File Analysis Report Details80Identifying Files by SHA-256 Hash80File Reputation and File Analysis Report Pages80Viewing File Reputation Filtering Data in Other Reports81TLS Connections Page81Inbound SMTP Authentication Page82Rate Limits Page83Outbreak Filters Page84System Capacity Page85How to Interpret the Data You See on System Capacity Page86System Capacity – Workqueue86System Capacity – Incoming Mail87System Capacity – Outgoing Mail87System Capacity – System Load87Note About Memory Page Swapping87System Capacity – All88Reporting Data Availability Page88About Scheduled and On-Demand Email Reports88Additional Report Types89Domain-Based Executive Summary Report90Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering90Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports90Creating Domain-Based Executive Summary Reports91Executive Summary Report92Scheduling Email Reports92Adding Scheduled Reports93Editing Scheduled Reports94Discontinuing Scheduled Reports94Generating Email Reports On Demand94Viewing and Managing Archived Email Reports95Accessing Archived Reports96Deleting Archived Reports96Troubleshooting Email Reports96Outbreak Filters Reports Do Not Show Information Correctly97Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report97Advanced Malware Protection Verdict Updates Report Results Differ97Unable to View File Analysis Report Details97Using Centralized Web Reporting and Tracking99Centralized Web Reporting and Tracking Overview99Setting Up Centralized Web Reporting and Tracking100Enabling Centralized Web Reporting on the Security Management Appliance101Enabling Centralized Web Reporting on Web Security Appliances101Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance101Anonymizing User Names in Web Reports102Working with Web Security Reports103Web Reporting Page Descriptions103About Time Spent106Web Reporting Overview106Users Report (Web)108User Details (Web Reporting)109Web Sites Report111URL Categories Report112Reducing Uncategorized URLs113URL Category Set Updates and Reports113Using The URL Categories Page in Conjunction with Other Reporting Pages114Reporting Misclassified and Uncategorized URLs114Application Visibility Report114Understanding the Difference between Application versus Application Types115Anti-Malware Report116Malware Category Report117Malware Threat Report118Malware Category Descriptions118Advanced Malware Protection (File Reputation and File Analysis) Reports119Requirements for File Analysis Report Details119Identifying Files by SHA-256 Hash120Advanced Malware Protection (File Reputation and File Analysis) Report Pages120Viewing File Reputation Filtering Data in Other Reports121Client Malware Risk Report121Web Reputation Filters Report122What are Web Reputation Filters?122Adjusting Web Reputation Settings124L4 Traffic Monitor Report124SOCKS Proxy Report126Reports by User Location127System Capacity Page128Viewing the System Capacity Report128How to Interpret the Data You See on the System Capacity Page128System Capacity - System Load129System Capacity - Network Load129Note About Proxy Buffer Memory Swapping129Data Availability Page129About Scheduled and On-Demand Web Reports130Scheduling Web Reports131Adding Scheduled Reports131Editing Scheduled Reports132Deleting Scheduled Reports132Additional Extended Reports132Top URL Categories—Extended132Top Application Types—Extended133Generating Web Reports on Demand134Viewing and Managing Archived Web Reports135Web Tracking135Searching for Transactions Processed by Web Proxy Services136Malware Category Descriptions138Searching for Transactions Processed by the L4 Traffic Monitor139Searching for Transactions Processed by the SOCKS Proxy140Working with Web Tracking Search Results140Displaying More Web Tracking Search Results140Understanding Web Tracking Search Results141Viewing Transaction Details for Web Tracking Search Results141About Web Tracking and Advanced Malware Protection Features141About Web Tracking and Upgrades142Troubleshooting Web Reporting and Tracking142Centralized Reporting Is Enabled Properly But Not Working143Advanced Malware Protection Verdict Updates Report Results Differ143Unable to View File Analysis Report Details143Expected Data Is Missing from Reporting or Tracking Results143PDF Shows Only a Subset of Web Tracking Data143Troubleshooting L4 Traffic Monitor Reports144Tracking Email Messages145Tracking Service Overview145Setting Up Centralized Message Tracking146Enabling Centralized Email Tracking on a Security Management Appliance146Configuring Centralized Message Tracking on Email Security Appliances146Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance147Managing Access to Sensitive Information148Checking Message Tracking Data Availability148Searching for Email Messages148Narrowing the Result Set151About Message Tracking and Advanced Malware Protection Features151Understanding Tracking Query Results152Message Details152Envelope and Header Summary153Sending Host Summary153Processing Details153DLP Matched Content Tab153Troubleshooting Message Tracking154Expected Messages Are Missing from Search Results154Attachments Do Not Appear in Search Results154Spam Quarantine155Overview of the Spam Quarantine155Local Versus External Spam Quarantine155Setting Up the Centralized Spam Quarantine156Enabling and Configuring the Spam Quarantine156Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance158Configuring an Outbound IP Interface on the Security Management Appliance159Configuring the IP Interface for Browser Access to the Spam Quarantine159Configuring Administrative User Access to the Spam Quarantine160Limiting Which Recipients Have Mail Quarantined161Ensuring That Message Text Displays Correctly161Spam Quarantine Language161Using Safelists and Blocklists to Control Email Delivery Based on Sender161Message Processing of Safelists and Blocklists161Enabling Safelists and Blocklists162External Spam Quarantine and Safelist/Blocklists163Adding Senders and Domains to Safelists and Blocklists (Administrators)163Syntax for Safelists and Blocklist Entries164Clearing All Safelists and Blocklists165About End-User Access to Safelists and Blocklists165Adding Entries to Safelists (End Users)165Adding the Sender of a Quarantined Message to the Safelist165Adding Senders to the Safelist Without a Quarantined Message166Adding Senders to Blocklists (End Users)166Backing Up and Restoring the Safelist/Blocklist166Troubleshooting Safelists and Blocklists167Message from Safelisted Sender Was Not Delivered167Configuring Spam Management Features for End Users168Authentication Options for End Users Accessing Spam Management Features168LDAP Authentication Process169IMAP/POP Authentication Process169Setting Up End-User Access to the Spam Quarantine via Web Browser170Configuring End-User Access to the Spam Quarantine170Determining the URL for End-User Access to the Spam Quarantine171Which Messages an End User Sees171Notifying End Users About Quarantined Messages172Recipient Email Aliases and Spam Notifications173Testing Notifications174Troubleshooting Spam Notifications174User Receives Multiple Notifications174Recipient Does Not Receive Notifications175Managing Messages in the Spam Quarantine175Accessing the Spam Quarantine (Administrative Users)175Searching for Messages in the Spam Quarantine175Searching Very Large Message Collections176Viewing Messages in the Spam Quarantine176Delivering Messages in the Spam Quarantine176Deleting Messages from the Spam Quarantine176Disk Space for the Spam Quarantine177About Disabling the External Spam Quarantine177Troubleshooting Spam Quarantine Features177Centralized Policy, Virus, and Outbreak Quarantines179Overview of Centralized Quarantines179Quarantine Types180Centralizing Policy, Virus, and Outbreak Quarantines181Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance182Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance183Configuring Migration of Policy, Virus, and Outbreak Quarantines184Designating an Alternate Appliance to Process Released Messages185Configuring Centralized Quarantine Access for Custom User Roles186Disabling Centralized Policy, Virus, and Outbreak Quarantines186Releasing Messages When an Email Security Appliance Is Unavailable186Managing Policy, Virus, and Outbreak Quarantines186Disk Space Allocation for Policy, Virus, and Outbreak Quarantines187Retention Time for Messages in Quarantines187Default Actions for Automatically Processed Quarantined Messages188Checking the Settings of System-Created Quarantines189Creating Policy Quarantines189About Editing Policy, Virus, and Outbreak Quarantine Settings191Determining the Filters and Message Actions to Which a Quarantine Is Assigned191About Deleting Policy Quarantines191Monitoring Quarantine Status, Capacity, and Activity192Alerts About Quarantine Disk-Space Usage192Policy Quarantines and Logging193About Distributing Message Processing Tasks to Other Users193Which User Groups Can Access Policy, Virus, and Outbreak Quarantines193Working with Messages in Policy, Virus, or Outbreak Quarantines194Viewing Messages in Quarantines194Quarantined Messages and International Character Sets195Finding Messages in Policy, Virus, and Outbreak Quarantines195Manually Processing Messages in a Quarantine196Sending a Copy of the Message196About Moving Messages Between Policy Quarantines197Messages in Multiple Quarantines197Message Details and Viewing Message Content198Viewing Matched Content198Downloading Attachments199About Rescanning of Quarantined Messages199The Outbreak Quarantine200Rescanning Messages in an Outbreak Quarantine200Manage by Rule Summary Link200Reporting False Positives or Suspicious Messages to Cisco Systems201Troubleshooting Centralized Policy Quarantines201Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions201Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned201Managing Web Security Appliances203About Centralized Configuration Management203Determining the Correct Configuration Publishing Method203Setting Up Configuration Masters to Centrally Manage Web Security Appliances204Important Notes About Using Configuration Masters205Determine the Configuration Master Versions to Use205Enabling Centralized Configuration Management on the Security Management Appliance205Initializing Configuration Masters206About Associating Web Security Appliances to Configuration Masters206Adding Web Security Appliances and Associating Them with Configuration Master Versions207Associating Configuration Master Versions to Web Security Appliances207Configuring Settings to Publish208Importing from an Existing Configuration Master209Importing Settings from a Web Security Appliance209Configuring Web Security Features Directly in Configuration Masters210SMA-Specific Differences when Configuring Features in Configuration Masters210Tip for Working with Identities in Configuration Masters211Ensuring that Features are Enabled Consistently212Comparing Enabled Features212Enabling Features to Publish213Disabling Unused Configuration Masters214Setting Up to Use Advanced File Publishing214Publishing Configurations to Web Security Appliances214Publishing a Configuration Master214Before You Publish a Configuration Master215Publishing a Configuration Master Now216Publishing a Configuration Master Later217Publishing a Configuration Master Using the Command Line Interface218Publishing Configurations Using Advanced File Publishing218Advanced File Publish: Publish Configuration Now219Advanced File Publish: Publish Later219Viewing Status and History of Publishing Jobs220Viewing Publish History220Viewing Web Security Appliance Status221Viewing a Summary of Status of Web Appliances221Viewing Status of Individual Web Security Appliances221Web Appliance Status Details221Preparing For and Managing URL Category Set Updates222Understand the Impacts of URL Category Set Updates222Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates223Specify Default Settings for New and Changed Categories223When the URL Category Set is Updated, Check Your Policy and Identity Settings223Troubleshooting Configuration Management Issues223In Configuration Master > Identities, Groups Are Not Available224Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected224Troubleshooting Configuration Publishing Failures224Monitoring System Status225About Security Management Appliance Status225Monitoring Security Management Appliance Capacity226Monitoring the Processing Queue226Monitoring CPU Utilization226Monitoring Status of Data Transfer From Managed Appliances227Viewing the Configuration Status of Your Managed Appliances228Additional Status Information for Web Security Appliances228Monitoring Reporting Data Availability Status228Monitoring Email Security Reporting Data Availability229Monitoring Web Security Reporting Data Availability229Monitoring Email Tracking Data Status230Monitoring Capacity of Managed Appliances230Identifying Active TCP/IP Services230Integrating with LDAP231Overview231Configuring LDAP to Work with the Spam Quarantine231Creating the LDAP Server Profile232Testing LDAP Servers234Configuring LDAP Queries234LDAP Query Syntax234Tokens235Spam Quarantine End-User Authentication Queries235Sample Active Directory End-User Authentication Settings236Sample OpenLDAP End-User Authentication Settings236Spam Quarantine Alias Consolidation Queries236Sample Active Directory Alias Consolidation Settings237Sample OpenLDAP Alias Consolidation Settings237Testing LDAP Queries238Domain-Based Queries238Creating a Domain-Based Query239Chain Queries240Creating a Chain Query240Configuring AsyncOS to Work With Multiple LDAP Servers241Testing Servers and Queries242Failover242Configuring the Cisco Content Security Appliance for LDAP Failover242Load Balancing243Configuring the Cisco Content Security Appliance for Load Balancing243Configuring External Authentication of Administrative Users Using LDAP244User Accounts Query for Authenticating Administrative Users245Group Membership Queries for Authenticating Administrative Users245Enabling External Authentication of Administrative Users247Configuring SMTP Routing249SMTP Routes Overview249SMTP Routes, Mail Delivery, and Message Splintering250SMTP Routes and Outbound SMTP Authentication250Routing Email for Local Domains250Default SMTP Route250Managing SMTP Routes251Defining an SMTP Route251SMTP Routes Limits251Adding SMTP Routes251Exporting SMTP Routes252Importing SMTP Routes252SMTP Routes and DNS254Distributing Administrative Tasks255About Distributing Administrative Tasks255Assigning User Roles255Predefined User Roles255Custom User Roles258About Custom Email User Roles258Email Reporting259Message Tracking260Quarantines260Creating Custom Email User Roles260Using Custom Email User Roles261About Custom Web User Roles262Creating Custom Web User Roles262Editing Custom Web User Roles263Deleting Custom User Roles264About Authenticating Administrative Users264Changing the Admin User’s Password264Managing Locally-Defined Administrative Users264Adding Locally-Defined Users265Editing Locally-Defined Users265Deleting Locally-Defined Users266Viewing the List of Locally-Defined Users266Setting and Changing Passwords266Setting Password and Login Requirements266Requiring Users to Change Passwords at Next Login269Locking and Unlocking Local User Accounts270Locking User Accounts Manually270Unlocking User Accounts270External User Authentication271Configuring LDAP Authentication271Enabling RADIUS Authentication271Additional Controls on Access to the Security Management Appliance274Configuring IP-Based Network Access274Direct Connections274Connecting Through a Proxy274Creating the Access List274Configuring the Web UI Session Timeout276Controlling Access to Sensitive DLP Information in Message Tracking277Viewing Administrative User Activity277Viewing Active Sessions Using the Web277Viewing Administrative User Activity via the Command Line Interface278Troubleshooting Administrative User Access279Error: User Has No Access Privileges Assigned279User Has No Active Menus279Externally-Authenticated Users See Preferences Option279Common Administrative Tasks281Performing Administrative Tasks281Working with Feature Keys282Performing Maintenance Tasks Using CLI Commands282Shutting Down the Security Management Appliance282Rebooting the Security Management Appliance283Placing the Security Management Appliance into a Maintenance State283The suspend and offline Commands283Resuming from an Offline State284The resume Command284Resetting the Configuration to Factory Defaults284The resetconfig Command285Displaying the Version Information for AsyncOS285Enabling Remote Power Management286Backing Up Security Management Appliance Data287What Data Is Backed Up287Restrictions and Requirements for Backups287Backup Duration288Availability of Services During Backups288Interruption of a Backup Process289Scheduling Single or Recurring Backups289Starting an Immediate Backup290Checking Backup Status292Backup Information in Log Files292Other Important Backup Tasks292Disaster Recovery on the Security Management Appliance292Upgrading Appliance Hardware294Upgrading AsyncOS296Batch Commands for Upgrades296Determining Network Requirements for Upgrades and Updates296Choosing an Upgrade Method: Remote vs. Streaming297Streaming Upgrade Overview297Remote Upgrade Overview297Hardware and Software Requirements for Remote Upgrades298Hosting a Remote Upgrade Image299Important Differences in Remote Upgrading Method299Configuring Upgrade and Service Update Settings299Upgrade and Update Settings300Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies301Configuring the Update and Upgrade Settings from the GUI302Upgrade Notifications303Before You Upgrade: Important Steps303Upgrading AsyncOS304Viewing Status of, Canceling, or Deleting a Background Download306After Upgrading306About Reverting to an Earlier Version of AsyncOS306Important Note About Reversion Impact307Reverting AsyncOS307About Updates309About URL Category Set Updates for Web Usage Controls309Configuring the Return Address for Generated Messages309Managing Alerts309Alert Types and Severities310Alert Delivery310Viewing Recent Alerts311About Duplicate Alerts311Cisco AutoSupport311Hardware Alert Descriptions312System Alert Descriptions312Changing Network Settings315Changing the System Hostname315The sethostname Command315Configuring Domain Name System Settings316Specifying DNS Servers316Multiple Entries and Priority316Using the Internet Root Servers317Reverse DNS Lookup Timeout317DNS Alert317Clearing the DNS Cache317Configuring DNS Settings via the Graphical User Interface318Configuring TCP/IP Traffic Routes318Managing Static Routes in the GUI318Modifying the Default Gateway (GUI)318Configuring the Default Gateway319Configuring the System Time319Using a Network Time Protocol (NTP) Server319Selecting a GMT Offset320Updating Time Zone Files320Automatically Updating Time Zone Files320Manually Updating Time Zone Files320Saving and Importing Configuration Settings321Managing Multiple Appliances with XML Configuration Files321Managing Configuration Files322Saving and Exporting the Current Configuration File322Loading a Configuration File322Empty Versus Omitted Tags324Note About Loading Passwords for Log Subscriptions324Note About Character Set Encoding324Resetting the Current Configuration324Rolling Back to a Previously Committed Configuration324CLI Commands for Configuration Files325The showconfig, mailconfig, and saveconfig Commands325The loadconfig Command326The rollbackconfig Command326The publishconfig Command326Uploading Configuration Changes Using the CLI327Managing Disk Usage328Disk Space Maximums and Allocations328Reallocating Disk Space Quotas329Customizing Your View329Using Favorite Pages329Setting Preferences330Logging331Logging Overview331Logging Versus Reporting331Log Retrieval332Filename and Directory Structure332Log Rollover and Transfer Schedule332Timestamps in Log Files333Logs Enabled by Default333Log Types334Summary of Log Types334Log Type Comparison337Using Configuration History Logs337Using CLI Audit Logs338Using FTP Server Logs339Using HTTP Logs339Using Spam Quarantine Logs340Using Spam Quarantine GUI Logs340Using Text Mail Logs341Sample Text Mail Log341Examples of Text Mail Log Entries342Message Receiving343Successful Message Delivery Example343Unsuccessful Message Delivery (Hard Bounce)343Soft Bounce with Ultimately Successful Delivery Example343Message Scanning Results (scanconfig)344Message with Attachment344Generated or Rewritten Messages345Sending a Message to the Spam Quarantine345Using NTP Logs346Using Reporting Logs346Using Reporting Query Logs347Using Safelist/Blocklist Logs347Using SMA Logs348Using Status Logs349Using System Logs351Understanding Tracking Logs351Log Subscriptions351Configuring Log Subscriptions352Setting the Log Level352Creating a Log Subscription in the GUI353Editing Log Subscriptions354Configuring Global Settings for Logging354Logging Message Headers355Configuring Global Settings for Logging by Using the GUI355Rolling Over Log Subscriptions356Rolling Over Logs in Log Subscriptions356Rolling Over Logs Immediately Using the GUI356Rolling Over Logs Immediately via the CLI356Viewing the Most Recent Log Entries in the GUI356Viewing the Most Recent Entries in Logs (tail Command)356Configuring Host Keys357Troubleshooting361Collecting System Information361Troubleshooting Feature Setup Issues361General Troubleshooting Resources361Troubleshooting Performance Issues on Managed Appliances362Troubleshooting Issues with Specific Features362Working with Technical Support363Opening or Updating a Support Case from the Appliance363Enabling Remote Access for Cisco Technical Support Personnel364Enabling Remote Access to Appliances With an Internet Connection364Enabling Remote Access to Appliances Without a Direct Internet Connection365Disabling a Tech Support Tunnel365Disabling Remote Access365Checking the Status of the Support Connection366Running a Packet Capture366Remotely Resetting Appliance Power367IP Interfaces and Accessing the Appliance369IP Interfaces369Configuring IP Interfaces369Creating IP Interfaces Using the GUI370Accessing the Appliance via FTP371Secure Copy (scp) Access373Accessing via a Serial Connection374Assigning Network and IP Addresses375Ethernet Interfaces375Selecting IP Addresses and Netmasks375Sample Interface Configurations376IP Addresses, Interfaces, and Routing376Summary377Strategies for Connecting Your Content Security Appliance377Firewall Information379Web Security Management Examples381Web Security Appliance Examples381Example 1: Investigating a User381Related Topics382Example 2: Tracking a URL383Related Topics383Example 3: Investigating Top URL Categories Visited383Related Topics384Additional Resources385Cisco Notification Service385Documentation385Third Party Contributors386Training387Knowledge Base387Cisco Support Community387Customer Support387Registering for a Cisco Account388Cisco Welcomes Your Comments388End User License Agreement389Cisco Systems End User License Agreement389Supplemental End User License Agreement for Cisco Systems Content Security Software396Index399Tamaño: 4 MBPáginas: 408Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidosSafety and Compliance Guide1About This Guide3Safety Instructions3General3Rack Mounting of Systems5Modems, Telecommunications, or Local Area Network Options6Products With Laser Devices6When Working Inside Your System6Protecting Against Electrostatic Discharge7Battery Disposal8Taiwan Battery Recycling Mark8Regulatory Notices8FCC Notices (U.S. Only)9Class A9Class B10IC Notice (Canada Only)10CE Notice (European Union)11Simplified Chinese Class A Warning Notice (China Only)11VCCI Notice (Japan Only)12Class A ITE12Class B ITE12MIC Notice (Republic of Korea Only)13Class A Device13Class B Device14BSMI Notice (Taiwan Only)14Recycling Information15Waste Electrical and Electronic Equipment (WEEE) Directive15IronPort Customer Support15Tamaño: 600 KBPáginas: 16Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 9.0 for Cisco Content Security Management Appliances 사용 설명서1목차3소개23이 릴리스의 새로운 기능23Cisco Content Security Management 개요25설정, 설치 및 기본 컨피그레이션27솔루션 구축 개요27SMA 호환성 매트릭스28설치 계획28네트워크 계획28Security Management Appliance와 Email Security Appliance 통합 소개29클러스터링된 Email Security Appliance로 구축29설정 준비30물리적으로 어플라이언스 설치 및 연결30네트워크 및 IP 주소 할당 확인30설정 정보 수집31Security Management Appliance에 액세스32브라우저 요구 사항32웹 인터페이스 액세스 정보32웹 인터페이스에 액세스33CLI(Command Line Interface)에 액세스33지원되는 언어33시스템 설정 마법사 실행34시작하기 전에34시스템 설정 마법사 개요35시스템 설정 마법사 구동35최종 사용자 라이센스 계약 검토35시스템 설정 구성35시스템 알림을 위한 이메일 주소 입력35시간 설정36비밀번호 설정36AutoSupport 활성화36네트워크 설정 구성36네트워크 설정36컨피그레이션 검토37다음 단계로 진행37관리되는 어플라이언스 추가 소개37관리되는 어플라이언스 컨피그레이션 수정38관리되는 어플라이언스 목록에서 어플라이언스 제거38Security Appliances(보안 어플라이언스) 페이지39Security Management Appliance에서 서비스 구성39컨피그레이션 변경 사항 커밋 및 취소39보고서 작업41보고 데이터를 보는 방법41보안 어플라이언스가 보고서용 데이터를 수집하는 방법42보고 데이터 저장 방법43보고 및 업그레이드 소개43보고서 데이터의 보고 맞춤화43어플라이언스 또는 보고 그룹에 대한 보고 데이터 보기44보고서의 시간 범위 선택44(웹 보고서 전용) 차트에 추가할 데이터 선택45보고서 페이지에서 테이블 맞춤화46맞춤형 보고서46맞춤형 보고서에 추가할 수 없는 모듈47맞춤형 보고서 페이지 만들기47보고서에 포함된 메시지 또는 트랜잭션의 세부사항 보기48이메일 보고서 성능 개선48보고 및 추적 데이터 인쇄하기와 내보내기50보고서 데이터를 CSV(Comma-Separated Values) 파일로 내보내기51보고 및 추적에서 하위 도메인 대 2-레벨 도메인52모든 보고서 문제 해결52백업 Security Management Appliance에서 보고서 데이터를 볼 수 없음53보고 기능이 비활성화됨53이메일 및 웹 보고서53중앙 집중식 이메일 보안 보고 사용55중앙 집중식 이메일 보고 개요55중앙 집중식 이메일 보고 설정56Security Management Appliance에서 중앙 집중식 이메일 보고 활성화56관리되는 각 Email Security Appliance에 중앙 집중식 이메일 보고 서 비스 추가57이메일 보고 그룹 생성58Email Security Appliance에서 중앙 집중식 이메일 보고 활성화58이메일 보고 데이터 작업58검색 및 인터랙티브 이메일 보고서 페이지59이메일 보고 페이지 이해60Email Reporting(이메일 보고) 페이지에 대한 테이블 열 설명63Email Reporting Overview(이메일 보고 개요) 페이지65수신 메일 메시지 계산 방법66이메일 메시지를 어플라이언스별로 분류하는 방법66Overview(개요) 페이지에서 이메일 메시지 분류67Incoming Mail(수신 메일) 페이지68Incoming Mail(수신 메일) 페이지 내 보기68Incoming Mail(수신 메일) 페이지에서 이메일 메시지 분류69"No Domain Information(도메인 정보 없음)" 링크71메일 추세 그래프의 시간 범위71수신 메일 세부사항 테이블71Sender Profile(발신자 프로필) 페이지71Sender Groups Report(발신자 그룹 보고서) 페이지73Outgoing Destinations(발신 대상) 페이지73Outgoing Senders(발신 발신자) 페이지74Internal Users(내부 사용자) 페이지75Internal User Details(내부 사용자 세부사항) 페이지76특정 내부 사용자 검색77DLP 인시던트77DLP Incident Details(DLP 인시던트 세부사항) 테이블78DLP Policy Detail(DLP 정책 세부사항) 페이지78메시지 필터78대량의 메일79Content Filters(콘텐츠 필터) 페이지79Content Filter Details(콘텐츠 필터 세부사항) 페이지80DMARC 확인80Virus Types(바이러스 유형) 페이지80URL Filtering(URL 필터링) 페이지81Advanced Malware Protection (파일 평판 및 파일 분석) 보고 페이지82파일 분석 보고서 세부사항을 위한 요건82SHA-256 해시로 파일 식별82파일 평판 및 파일 분석 보고서 페이지83다른 보고서의 파일 평판 필터링 데이터 보기83TLS Connections(TLS 연결) 페이지84Inbound SMTP Authentication(인바운드 SMTP 인증) 페이지85Rate Limits(속도 제한) 페이지85Outbreak Filters(보안 침해 필터) 페이지86System Capacity(시스템 용량) 페이지88System Capacity(시스템 용량) 페이지에 표시되는 데이터 해석 방법88시스템 용량 - 작업 대기열89시스템 용량 - 수신 메일89시스템 용량 - 발신 메일89시스템 용량 - 시스템 로드89메모리 페이지 스와핑에 대한 참고 사항90시스템 용량 - 전체90Reporting Data Availability(보고 데이터 가용성) 페이지90예약된/온디맨드 이메일 보고서 소개90추가 보고서 유형92Domain-Based Executive Summary(도메인 기반 개요 요약) 보고서92도메인 기반 개요 요약 보고서 및 발신자 평판 필터링에 의해 차단된 메시지92도메인 기반 개요 요약 보고서용 도메인 및 수신자 목록 관리93Domain-Based Executive Summary(도메인 기반 개요 요약) 보고서 만들기93Executive Summary(개요 요약) 보고서95Scheduled Reports(예약된 보고서) 페이지95이메일 보고서 예약95예약된 보고서 추가95예약된 보고서 수정96예약된 보고서 중단96온디맨드 방식으로 보고서 생성97Archived Email Reports(보관된 이메일 보고서) 페이지98보관된 이메일 보고서 보기 및 관리98보관된 보고서에 액세스99보관된 보고서 삭제99이메일 보고서 문제 해결99보안 침해 필터 보고서에 정보가 정확히 표시되지 않음100보고서에서 링크를 클릭한 후 메시지 추적 결과가 보고서 결과와 일치 하지 않음100Advanced Malware Protection 판정 업데이트 보고서 결과가 다름100파일 분석 보고서 세부사항 보기 관련 문제100파일 분석 보고서 세부사항을 사용할 수 없음100파일 분석 보고서 세부사항을 볼 때 오류 발생101중앙 집중식 웹 보고 및 추적 사용103중앙 집중식 웹 보고 및 추적 개요103중앙 집중식 웹 보고 및 추적 설정105Security Management Appliance에서 중앙 집중식 웹 보고 활성화105Web Security Appliance에서 중앙 집중식 웹 보고 활성화105관리되는 각 Web Security Appliance에 중앙 집중식 웹 보고 서비스 추가106웹 보고서에서 사용자 이름 익명 처리107웹 보안 보고서 작업107웹 보고 페이지 설명108소요된 시간 소개110웹 보고 개요111사용자 보고서(웹)112사용자 세부사항(웹 보고)114웹 사이트 보고서116URL 범주 보고서117범주화되지 않은 URL 감소117URL 범주 집합 업데이트 및 보고서118다른 보고 페이지와 함께 URL Categories(URL 범주) 페이지 사용118미분류 URL 및 범주화되지 않은 URL 신고118애플리케이션 가시성 보고서119애플리케이션과 애플리케이션 유형의 차이점 이해119악성코드 차단 보고서120악성코드 범주 보고서122악성코드 위협 보고서122악성코드 범주 설명122Advanced Malware Protection(파일 평판 및 파일 분석) 보고서124파일 분석 보고서 세부사항을 위한 요건124SHA-256 해시로 파일 식별124Advanced Malware Protection(파일 평판 및 파일 분석) 보고서 페이지125다른 보고서의 파일 평판 필터링 데이터 보기125클라이언트 악성코드 위험 보고서126Web Reputation Filters(웹 평판 필터) 보고서127웹 평판 필터란 무엇입니까?127웹 평판 설정 조정128L4 트래픽 모니터 보고서128SOCKS 프록시 보고서130사용자 위치별 보고서131System Capacity(시스템 용량) 페이지132시스템 용량 보고서 보기132System Capacity(시스템 용량) 페이지에 표시되는 데이터 해석 방법133시스템 용량 - 시스템 로드133시스템 용량 - 네트워크 로드133프록시 버퍼 메모리 스와핑에 대한 참고 사항134Data Availability(데이터 가용성) 페이지134예약된/온디맨드 웹 보고서 소개134웹 보고서 예약135예약된 웹 보고서의 스토리지136예약된 웹 보고서 추가136예약된 웹 보고서 수정137예약된 웹 보고서 삭제137추가 확장 웹 보고서137Top URL Categories - Extended(상위 URL 범주 - 확장)137Top Application Types - Extended(상위 애플리케이션 유형 - 확장)138온디맨드 방식으로 웹 보고서 생성139Archived Web Reports(보관된 웹 보고서) 페이지140보관된 웹 보고서 보기 및 관리140웹 추적141웹 프록시 서비스로 처리된 트랜잭션 검색141악성코드 범주 설명144L4 트래픽 모니터로 처리된 트랜잭션 검색145SOCKS 프록시에 의해 처리된 트랜잭션 검색145웹 추적 검색 결과 작업146더 많은 웹 추적 검색 결과 표시146웹 추적 검색 결과 이해146웹 추적 검색 결과에 대한 트랜잭션 세부사항 보기147웹 추적 및 Advanced Malware Protection 기능 소개147웹 추적 및 업데이트 정보148웹 보고 및 추적 문제 해결148중앙 집중식 보고가 제대로 활성화되었지만 작동하지 않음148Advanced Malware Protection 판정 업데이트 보고서 결과가 다름148파일 분석 보고서 세부사항 보기 관련 문제148파일 분석 보고서 세부사항을 사용할 수 없음149파일 분석 보고서 세부사항을 볼 때 오류 발생149보고 또는 추적 결과에서 예상 데이터가 누락됨149PDF에 웹 추적 데이터의 하위 집합만 표시됨149L4 트래픽 모니터 보고서 문제 해결150이메일 메시지 추적151추적 서비스 개요151중앙 집중식 메시지 추적 설정152Security Management Appliance에서 중앙 집중식 이메일 추적 활성화152Email Security Appliance에서 중앙 집중식 메시지 추적 구성153관리되는 각 Email Security Appliance에 중앙 집중식 메시지 추적 서 비스 추가153민감한 정보에 대한 액세스 관리154메시지 추적 데이터 가용성 확인154이메일 메시지 검색155결과 집합의 범위 좁히기157메시지 추적 및 Advanced Malware Protection 기능 소개158추적 쿼리 결과 이해159메시지 세부사항159Envelope and Header Summary(봉투 및 헤더 요약)159Sending Host Summary(전송 호스트 요약)160Processing Details(처리 세부사항)160DLP Matched Content(DLP 일치 콘텐츠) 탭160메시지 추적 트러블슈팅160검색 결과에 예상 메시지가 누락됨161첨부 파일이 검색 결과에 나타나지 않음161스팸 격리163스팸 격리 개요163로컬 대 외부 스팸 격리163중앙 집중식 스팸 격리 설정164스팸 격리 활성화 및 구성164관리되는 각 Email Security Appliance에 중앙 집중식 스팸 격리 서비 스 추가166Security Management Appliance에서 아웃바운드 IP 인터페이스 구성167브라우저가 스팸 격리에 액세스하도록 IP 인터페이스 구성167스팸 격리에 대한 관리 사용자 액세스 구성168메일을 격리할 수신자 제한169메시지 텍스트가 올바르게 표시되는지 확인169스팸 격리 언어169Spam Quarantine(스팸 격리) 페이지 수정169허용 목록 및 차단 목록을 사용하여 발신자 기준으로 이메 일 전달 제어170허용 목록 및 차단 목록의 메시지 처리170허용 목록 및 차단 목록 활성화171외부 스팸 격리 및 허용 목록/차단 목록171허용 목록 및 차단 목록에 발신자 및 도메인 추가(관리자)172허용 목록 및 차단 목록 항목의 구문173모든 허용 목록 및 차단 목록 지우기174허용 목록 및 차단 목록에 대한 최종 사용자 액세스 정보174허용 목록에 항목 추가(최종 사용자)174격리된 메시지의 발신자를 허용 목록에 추가174격리된 메시지 없는 허용 목록에 발신자 추가175차단 목록에 발신자 추가(최종 사용자)175허용 목록/차단 목록 백업 및 복원175허용 목록 및 차단 목록 문제 해결176허용 목록 발신자의 메시지가 전달되지 않음176최종 사용자에 대한 스팸 관리 기능 구성177스팸 관리 기능에 액세스하는 최종 사용자를 위한 인증 옵션177LDAP 인증 프로세스178IMAP/POP 인증 프로세스178최종 사용자가 웹 브라우저를 통해 스팸 격리에 액세스하도록 설정179스팸 격리에 대한 최종 사용자 액세스 구성179스팸 격리에 대한 최종 사용자 액세스용 URL 결정180최종 사용자에게 표시할 메시지181최종 사용자에게 격리된 메시지에 대해 알리기181수신자 이메일 메일 목록 별칭 및 스팸 알림182알림 테스트183스팸 알림 문제 해결183사용자가 여러 알림 수신184수신자가 알림을 수신하지 못함184스팸 격리의 메시지 관리184스팸 격리에 액세스(관리 사용자)184스팸 격리에서 메시지 검색185매우 큰 메시지 컬렉션 검색185스팸 격리의 메시지 보기185스팸 격리의 메시지 전달186스팸 격리에서 메시지 삭제186스팸 격리에 대한 디스크 공간186외부 스팸 격리 비활성화 소개186스팸 격리 기능 문제 해결187중앙 집중식 정책, 바이러스 및 보안 침해 격리189중앙 집중식 격리 개요189격리 유형190정책, 바이러스 및 Outbreak 격리 중앙 집중화191Security Management Appliance에서 중앙 집중식 정책, 바이러스 및 Outbreak 격리 활성화192중앙 집중식 정책, 바이러스 및 Outbreak 격리 서비스를 관리되는 각 Email Security Appliance에 추가193정책, 바이러스 및 Outbreak 격리의 마이그레이션 구성194릴리스된 메시지를 처리할 대체 어플라이언스 지정196맞춤형 사용자 역할을 위해 중앙 집중식 격리 액세스 구성196중앙 집중식 정책, 바이러스 및 Outbreak 격리 비활성화197Email Security Appliance를 사용할 수 없을 때 메시지 릴리스197정책, 바이러스 및 Outbreak 격리 관리197정책, 바이러스 및 Outbreak 격리를 위한 디스크 공간 할당198격리에서 메시지의 보유 시간198자동으로 처리되는 격리 메시지에 대한 기본 작업199시스템 생성 격리의 설정 확인199정책 격리 만들기200정책, 바이러스 및 Outbreak 격리 설정의 수정에 대한 정보201격리를 할당할 필터 및 메시지 작업 결정202정책 격리 삭제 정보202격리 상태, 용량 및 활동 모니터링202격리 디스크 공간 사용량에 대한 알림203정책 격리 및 로깅204메시지 처리 작업을 다른 사용자들에게 분산204정책, 바이러스 및 Outbreak 격리에 액세스할 수 있는 사용자 그룹204중앙 집중식 파일 분석 격리 정보205정책, 바이러스 또는 보안 침해 격리의 메시지 작업205격리의 메시지 보기206격리된 메시지 및 국제 문자 집합206정책, 바이러스 및 보안 침해 격리에서 메시지 찾기206격리에 있는 메시지 수동 처리207메시지의 복사본 전송208정책 격리 간 메시지 이동 정보208여러 격리에 있는 메시지209메시지 세부사항 및 메시지 내용 보기209일치 콘텐츠 보기210어태치 파일 다운로드211격리된 메시지 재검사 정보212Outbreak 격리212Outbreak 격리에 있는 메시지 재검사212Manage by Rule Summary(규칙 요약에 의한 관리) 링크213Cisco Systems에 오탐 또는 의심스런 메시지 보고213중앙 집중식 정책 격리 트러블슈팅213관리 사용자가 필터 및 DLP 메시지 작업에서 격리를 선택할 수 없음213중앙 집중식 Outbreak 격리에서 릴리스된 메시지가 재검사되지 않음213Web Security Appliance 관리215중앙 집중식 컨피그레이션 관리 소개215올바른 컨피그레이션 게시 방법 결정216Web Security Appliance를 중앙에서 관리하도록 컨피그 레이션 마스터 설정216컨피그레이션 마스터 사용에 대한 중요한 참고 사항217사용할 컨피그레이션 마스터 버전 결정217Security Management Appliance에서 중앙 집중식 컨피그레이션 관 리 활성화218컨피그레이션 마스터 초기화 및 구성218컨피그레이션 마스터 초기화218Web Security Appliance를 컨피그레이션 마스터에 연결하는 방법 소개219Web Security Appliance를 추가하고 컨피그레이션 마스터 버전과 연결219컨피그레이션 마스터 버전을 Web Security Appliance에 연결220게시할 설정 구성220기존의 컨피그레이션 마스터에서 가져오기221Web Security Appliance에서 설정 가져오기222컨피그레이션 마스터에서 웹 보안 기능 직접 구성222컨피그레이션 마스터에서 기능을 구성할 때 SMA와의 차이점223컨피그레이션 마스터에서 ID 작업에 대한 팁224기능이 지속적으로 활성화되도록 보장224활성화된 기능 비교224게시할 기능 활성화225사용되지 않는 컨피그레이션 마스터 비활성화226고급 파일 게시를 사용하기 위한 설정227Web Security Appliance에 컨피그레이션 게시227컨피그레이션 마스터 게시227컨피그레이션 마스터를 게시하기 전에227지금 컨피그레이션 마스터 게시229나중에 컨피그레이션 마스터 게시230CLI를 사용하여 컨피그레이션 마스터 게시230고급 파일 게시를 사용하여 컨피그레이션 게시231고급 파일 게시: 지금 컨피그레이션 게시231고급 파일 게시: 나중에 게시232게시 작업의 상태 및 기록 보기233게시 기록 보기233Web Security Appliance 상태 보기233웹 어플라이언스의 상태 요약 보기234개별 Web Security Appliance의 상태 보기234웹 어플라이언스 상태 세부사항234URL 범주 집합 업데이트 준비 및 관리235URL 범주 집합 업데이트의 영향 이해235URL 범주 집합 업데이트에 대한 알림 수신 확인235새 범주 및 변경된 범주에 대한 기본 설정 지정236URL 범주 집합이 업데이트될 때 정책 및 ID 설정 확인236컨피그레이션 관리 관련 문제 해결236Configuration Master(컨피그레이션 마스터) > Identities(ID)에서 그 룹을 사용할 수 없음236Configuration Master(컨피그레이션 마스터) > Access Policies(액세 스 정책) > Web Reputation and Anti-Malware Settings(웹 평판 및 악 성코드 차단 설정) 페이지의 설정이 예상과 다름237컨피그레이션 게시 실패 문제 해결237시스템 상태 모니터링239Security Management Appliance 상태 소개239Security Management Appliance 용량 모니터링240처리 대기열 모니터링240CPU 사용률 모니터링241관리되는 어플라이언스에서 데이터 전송 상태 모니터링241관리되는 어플라이언스의 컨피그레이션 상태 보기243Web Security Appliance의 추가 상태 정보243보고 데이터 가용성 상태 모니터링243Email Security 보고 데이터 가용성 모니터링243Web Security 보고 데이터 가용성 모니터링244이메일 추적 데이터 상태 모니터링244관리되는 어플라이언스의 용량 모니터링245활성 TCP/IP 서비스 식별245LDAP와 통합247개요247스팸 격리와 작동하도록 LDAP 구성248LDAP 서버 프로필 만들기248LDAP 서버 테스트250LDAP 쿼리 구성250LDAP 쿼리 구문251토큰251스팸 격리 최종 사용자 인증 쿼리251샘플 Active Directory 최종 사용자 인증 설정252샘플 OpenLDAP 최종 사용자 인증 설정252스팸 격리 별칭 통합 쿼리252샘플 Active Directory 별칭 통합 설정253OpenLDAP의 별칭 통합 설정 샘플253LDAP 쿼리 테스트254도메인 기반 쿼리254도메인 기반 쿼리 만들기255체인 쿼리256체인 쿼리 만들기256여러 LDAP 서버와 작동하도록 AsyncOS 구성257서버 및 쿼리 테스트258장애 조치258Cisco Content Security Appliance에서 LDAP 장애 조치 구성258부하분산259Cisco Content Security Appliance에서 로드 밸런싱 구성259LDAP를 사용하여 관리 사용자의 외부 인증 구성260관리 사용자 인증을 위한 사용자 계정 쿼리261관리 사용자 인증을 위한 그룹 멤버십 쿼리261관리 사용자의 외부 인증 활성화263SMTP 라우팅 구성265SMTP 경로 개요265SMTP 경로, 메일 전달 및 메시지 분리266SMTP 경로 및 아웃바운드 SMTP 인증266로컬 도메인용 이메일 라우팅266기본 SMTP 경로267SMTP 경로 관리267SMTP 경로 정의267SMTP 경로 제한267SMTP 경로 추가268SMTP 경로 내보내기268SMTP 경로 가져오기268SMTP 경로 및 DNS270관리 작업 배포271관리 작업 배포 소개271사용자 역할 할당271사전 정의된 사용자 역할272맞춤형 사용자 역할274맞춤형 이메일 사용자 역할 소개274이메일 보고에 액세스274메시지 추적 데이터에 액세스276맞춤형 사용자 역할의 격리 액세스276맞춤형 이메일 사용자 역할 만들기276맞춤형 이메일 사용자 역할 사용277맞춤형 웹 사용자 역할 소개277맞춤형 웹 사용자 역할 만들기278맞춤형 웹 사용자 역할 수정279맞춤형 사용자 역할 삭제279CLI에 대한 액세스 권한이 있는 사용자 역할280LDAP 사용280격리에 액세스280Users(사용자) 페이지280관리 사용자 인증 소개280Admin 사용자의 비밀번호 변경281로컬에서 정의한 관리 사용자 관리281로컬에서 정의한 사용자 추가281로컬에서 정의한 사용자 수정282로컬에서 정의한 사용자 삭제282로컬에서 정의한 사용자 목록 보기282비밀번호 설정 및 변경283비밀번호 및 로그인 요구 사항 설정283사용자에게 온디맨드 방식으로 비밀번호를 변경하도록 요구286로컬 사용자 계정 잠금 및 잠금 해제287사용자 계정 수동으로 잠금287사용자 계정 잠금 해제288외부 사용자 인증288LDAP 인증 구성288RADIUS 인증 활성화288Security Management Appliance에 대한 액세스 추가 제어291IP 기반 네트워크 액세스 구성291직접 연결291프록시를 통해 연결291액세스 목록 만들기292웹 UI 세션 시간 초과 구성293메시지 추적에서 민감한 DLP 정보에 대한 액세스 제어294관리 사용자에 대한 메시지 표시294관리 사용자 활동 보기295웹을 사용하여 활성 세션 보기295최근 로그인 시도 보기295CLI를 통해 관리 사용자 활동 보기295관리 사용자 액세스 문제 해결296오류: 사용자에게 할당된 액세스 권한이 없음296사용자에게 활성 메뉴가 표시되지 않음297외부 인증 사용자에게 Preferences(기본 설정) 옵션이 표시됨297일반 관리 작업299관리 작업 수행299기능 키 작업300가상 어플라이언스 라이센스 및 기능 키300CLI 명령을 사용하여 유지 관리 작업 수행301Security Management Appliance 종료301Security Management Appliance 재부팅301Security Management Appliance의 서비스 중단302CLI 예: suspend 및 suspendtransfers 명령302일시 중단 상태에서 다시 시작303CLI 예: resume 및 resumetransfers 명령303컨피그레이션을 공장 기본값으로 재설정303resetconfig 명령304AsyncOS의 버전 정보 표시304원격 전원 관리 활성화305백업 Security Management Appliance 데이터306백업되는 데이터306백업의 제한 사항 및 요건307백업 기간308백업 도중 서비스 가용성308백업 프로세스 중단308대상 어플라이언스가 관리되는 어플라이언스에서 직접 데이터를 가져 오는 것 방지309백업 상태에 대한 알림 받기309단일 또는 반복 백업 예약309즉시 백업 시작310백업 상태 확인311로그 파일의 백업 정보311기타 중요한 백업 작업311백업 어플라이언스를 기본 어플라이언스로 전환312Security Management Appliance에서 재해 복구313어플라이언스 하드웨어 업그레이드315AsyncOS 업그레이드315업그레이드에 대한 배치 명령315업그레이드 및 업데이트에 대한 네트워크 요구 사항 확인316업그레이드 방법 선택: 원격 대 스트리밍316스트리밍 업그레이드 개요316원격 업그레이드 개요316원격 업그레이드를 위한 하드웨어 및 소프트웨어 요구 사항317원격 업그레이드 이미지 호스팅318원격 업그레이드 방법의 중요한 차이318업그레이드 및 서비스 업데이트 설정 구성318업그레이드 및 업데이트 설정319엄격한 방화벽 정책의 환경에 대한 고정 업그레이드 및 업데이트 서버 설정321GUI에서 업데이트 및 업그레이드 설정 구성322업그레이드 알림323업그레이드 전에: 중요한 단계323AsyncOS 업그레이드324백그라운드 다운로드 상태 보기, 취소 또는 삭제326업그레이드 후326AsyncOS의 이전 버전으로 복귀 소개327복귀 영향에 대한 중요한 참고 사항327AsyncOS 복귀327업데이트 소개329웹 사용 제어를 위한 URL 범주 집합 업데이트 소개329생성된 메시지에 대한 반환 주소 구성329알림 관리330알림 유형 및 심각도330알림 전달331최근 알림 보기331중복 알림 소개331Cisco AutoSupport332하드웨어 알림 설명332시스템 알림 설명332네트워크 설정 변경335시스템 호스트 이름 변경335sethostname 명령336도메인 이름 시스템 설정 구성336DNS 서버 지정336여러 항목 및 우선 순위337인터넷 루트 서버 사용337역방향 DNS 조회 시간 초과337DNS 알림338DNS 캐시 지우기338GUI(Graphical User Interface)를 통해 DNS 설정 구성338TCP/IP 트래픽 경로 구성338GUI의 고정 경로 관리339기본 게이트웨이 수정(GUI)339기본 게이트웨이 구성339시스템 시간 구성339NTP(Network Time Protocol) 서버 사용340GMT 오프셋 선택340표준 시간대 파일 업데이트341표준 시간대 파일 자동 업데이트341표준 시간대 파일 수동 업데이트341Configuration File(컨피그레이션 파일) 페이지341컨피그레이션 설정 저장 및 가져오기342컨피그레이션 파일 관리342현재 컨피그레이션 파일 저장 및 내보내기342컨피그레이션 파일 로드343빈 태그 대 생략된 태그344로그 서브스크립션용 비밀번호 로드에 대한 참고 사항344문자 집합 인코딩에 대한 참고 사항344현재 컨피그레이션 재설정344전에 커밋한 컨피그레이션으로 롤백345구성 파일에 대한 CLI 명령345showconfig, mailconfig 및 saveconfig 명령345loadconfig 명령346rollbackconfig 명령346publishconfig 명령346CLI를 사용하여 구성 변경 사항 업로드347디스크 공간 관리348(가상 어플라이언스 전용) 사용 가능한 디스크 공간 늘리기348디스크 할당량 및 사용률 보기349최대 디스크 공간 및 할당349디스크 공간에 대한 알림을 수신하는지 확인350기타 할당량에 대한 디스크 공간 관리350디스크 공간 할당량 재할당350보기 맞춤화351즐겨찾기 페이지 사용351기본 설정 지정352로깅353로깅 개요353로깅 대 보고353로그 검색354파일 이름 및 디렉터리 구조354로그 롤오버 및 전송 예약354로그 파일의 타임스탬프355기본적으로 활성화된 로그355로그 유형356로그 유형 요약357로그 유형 비교359컨피그레이션 기록 로그 사용360CLI 감사 로그 사용360FTP 서버 로그 사용361HTTP 로그 사용361스팸 격리 로그 사용362스팸 격리 GUI 로그 사용363텍스트 메일 로그 사용363샘플 텍스트 메일 로그364텍스트 메일 로그 항목의 예365메시지 수신365메시지 전달 성공 예365메시지 전달 실패(하드 반송)365궁극적으로 성공한 전달의 소프트 반송 예366메시지 검사 결과(scanconfig)366첨부 파일이 있는 메시지367생성된 또는 재작성된 메시지367스팸 격리에 메시지 전송367NTP 로그 사용368보고 로그 사용368보고 쿼리 로그 사용369허용 목록/차단 목록 로그 사용370SMA 로그 사용370상태 로그 사용371시스템 로그 사용373추적 로그 이해373로그 서브스크립션374로그 서브스크립션 구성374로그 레벨 설정375GUI에서 로그 서브스크립션 만들기375로그 서브스크립션 수정376로깅을 위한 전역 설정 구성376메시지 헤더 로깅377GUI를 사용하여 로깅할 전역 설정 구성377로그 서브스크립션 롤오버378로그 서브스크립션의 로그 롤오버378GUI를 사용하여 로그를 즉시 롤오버378CLI를 통해 로그를 즉시 롤오버378GUI에서 최신 로그 항목 보기379로그의 최신 항목 보기(tail 명령)379호스트 키 구성380문제 해결383시스템 정보 수집383기능 설정 관련 문제 해결383일반 문제 해결 리소스384관리되는 어플라이언스에서 성능 문제 해결384특정 기능 관련 문제 해결384기술 지원 작업385어플라이언스에서 지원 사례 열기 또는 업데이트385가상 어플라이언스에 대한 지원받기386Cisco 고객 지원 담당자를 위한 원격 액세스 활성화386인터넷이 연결되는 어플라이언스에 대한 원격 액세스 활성화386직접 인터넷에 연결되지 않은 어플라이언스에 대한 원격 액세스 활성화387기술 지원 터널 비활성화388원격 액세스 비활성화388지원 연결의 상태 확인388패킷 캡처 실행388어플라이언스 전원 원격 초기화390IP 인터페이스 및 어플라이언스에 액세스391IP 인터페이스391IP 인터페이스 구성392GUI를 사용하여 IP 인터페이스 만들기392FTP를 통해 어플라이언스에 액세스393Secure Copy(scp) 액세스395시리얼 연결을 통해 액세스395네트워크 및 IP 주소 할당397이더넷 인터페이스397IP 주소 및 넷마스크 선택397샘플 인터페이스 컨피그레이션398IP 주소, 인터페이스 및 라우팅399요약399Content Security Appliance 연결을 위한 전략399방화벽 정보401Web Security Management 예403Web Security Appliance 예403예 1: 사용자 조사403관련 항목404예 2: URL 추적405관련 항목405예 3: 방문한 상위 URL 범주 조사405관련 항목406추가 리소스407Cisco 알림 서비스407문서408서드파티 기여자409교육409기술 자료 문서(TechNotes)409Cisco 지원 커뮤니티409고객 지원410Cisco 계정 등록410Cisco에 의견 보내기410최종 사용자 라이센스 계약411Cisco Systems 최종 사용자 라이센스 계약411Cisco Systems Content Security 소프트웨어에 대한 보 충 최종 사용자 라이센스 계약417색인421Tamaño: 6 MBPáginas: 430Language: 한국어Manuales abiertas
ProspectoTabla de contenidos目录1一般兼容性信息1与虚拟设备的兼容性1与邮件安全设备的兼容性2与网络安全设备的兼容性4集中的网络报告和跟踪4集中式配置管理6高级文件发布6主配置7云网络安全连接器支持11更多信息11Tamaño: 400 KBPáginas: 12Language: 中文(zhōngwén)Manuales abiertas
ProspectoTabla de contenidos1 안녕하세요!22 시작하기 전에33 네트워크 설정 문서화44 설치 계획55 랙에 어플라이언스 설치5어플라이언스 배치66 어플라이언스 연결77 IP 주소 일시적 변경7Windows 용8Mac88 어플라이언스에 연결99 어플라이언스 전원 켜기1010 어플라이언스에 로그인11웹 기반 인터페이스11CLI(Command Line Interface)1211 시스템 설정 마법사 실행1312 네트워크 설정 구성1413 컨피그레이션 요약1514 완료!16보안 어플라이언스 추가16중앙 집중식 이메일 및 웹 보고 사용16메시지 추적17이메일 및 웹 보고 예약17추가 정보1715 자주 묻는 질문(FAQ)1716 참고 자료19Tamaño: 700 KBPáginas: 24Language: 한국어Manuales abiertas
Notas De La VersiónTabla de contenidos目录1新增功能1版本 9.6.1 新增功能2版本 9.6.0 的新增功能2支持的硬件2升级路径2升级到版本 9.6.1-019(GD - 通用部署)3升级到版本 9.6.0-051(GD - 通用部署)3内容安全版本术语3与邮件和网络安全版本的兼容性3新信息及更改内容3通信协议4(邮件安全)URL 过滤报告更改4(邮件安全)营销邮件报告更改4当在升级期间保存配置文件时进行更改 (CLI)5(网络安全)恶意软件类别和恶意软件威胁的更改5(网络安全)主配置的更改5(网络安全)网络信誉过滤报告的更改5安装和升级说明5其他重要阅读事项6虚拟设备6升级虚拟设备6从物理设备迁移到虚拟设备6升级前的要求6准备 SSH 漏洞修复7确认相关邮件和网络安全设备的版本7备份您现有的配置7升级到本版本7重要提示!升级后的要求8虚拟设备:SSH 安全性漏洞修复所需的更改8文件分析:要查看云中分析结果详细信息所需的更改8文档更新9警报:380 或 680 硬件上的电池再学习已超时(RAID 事件)9SNMP9已知和已修复的问题10缺陷搜索工具的要求10已知和已修复问题列表10版本 9.6.1 中已知和已修复的问题10版本 9.6.0 中已知和已修复的问题10其他漏洞搜索11相关文档11服务与支持12Tamaño: 500 KBPáginas: 12Language: 中文(zhōngwén)Manuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 9.6 for Cisco Content Security Management Appliances User Guide1Contents3Introduction23What’s New in This Release23Cisco Content Security Management Overview24Setup, Installation, and Basic Configuration25Solution Deployment Overview25SMA Compatibility Matrix26Installation Planning26Network Planning26About Integrating a Security Management Appliance with Email Security Appliances27Deployments with Clustered Email Security Appliances27Preparing for Setup28Physically Setting Up and Connecting the Appliance28Determining Network and IP Address Assignments28Gathering the Setup Information29Accessing the Security Management Appliance30Browser Requirements30About Accessing the Web Interfaces30Accessing the Web Interface31Accessing the Command Line Interface31Supported Languages31Running the System Setup Wizard32Before You Begin32Overview of the System Setup Wizard32Launch the System Setup Wizard33Review the End User License Agreement33Configure the System Settings33Entering an Email Address for System Alerts33Setting the Time33Setting the Password34Enabling AutoSupport34Configure the Network Settings34Network Settings34Review Your Configuration35Proceeding to the Next Steps35About Adding Managed Appliances35Editing Managed Appliance Configurations36Removing an Appliance from the List of Managed Appliances36Configuring Services on the Security Management Appliance37Committing and Abandoning Configuration Changes37Working With Reports43Ways to View Reporting Data43How the Security Appliance Gathers Data for Reports44How Reporting Data is Stored44About Reporting and Upgrades45Customizing Your View of Report Data45Viewing Reporting Data for an Appliance or Reporting Group46Choosing a Time Range for Reports46(Web Reports Only) Choosing Which Data to Chart47Customizing Tables on Report Pages48Custom Reports48Modules That Cannot Be Added to Custom Reports49Creating Your Custom Report Page49Viewing Details of Messages or Transactions Included in Reports50Improving Performance of Email Reports51Printing and Exporting Reporting and Tracking Data52Exporting Report Data as a Comma-Separated Values (CSV) File53Subdomains vs. Second-Level Domains in Reporting and Tracking54Troubleshooting All Reports54Unable to View Report Data on Backup Security Management Appliance55Reporting Is Disabled55Email and Web Reports55Using Centralized Email Security Reporting57Centralized Email Reporting Overview57Setting Up Centralized Email Reporting58Enabling Centralized Email Reporting on the Security Management Appliance58Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance59Creating Email Reporting Groups60Enabling Centralized Email Reporting on Email Security Appliances60Working with Email Report Data60Searching and the Interactive Email Report Pages61Understanding the Email Reporting Pages62Table Column Descriptions for Email Reporting Pages65Email Reporting Overview Page67How Incoming Mail Messages are Counted68How Email Messages Are Categorized by the Appliances68Categorizing Email Messages on the Overview Page69Incoming Mail Page71Views Within the Incoming Mail Page72“No Domain Information” Link73Time Ranges in the Mail Trend Graphs73Incoming Mail Details Table73Sender Profile Pages74Sender Groups Report Page75Outgoing Destinations Page75Outgoing Senders Page76Internal Users Page77Internal User Details Page78Searching for a Specific Internal User79DLP Incidents79DLP Incidents Details Table80DLP Policy Detail Page80Message Filters80High Volume Mail81Content Filters Page81Content Filter Details Page81DMARC Verification82Virus Types Page82URL Filtering Page83Web Interaction Tracking Page83Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages84Requirements for File Analysis Report Details84(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server84(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results85(On-Premises File Analysis) Activate the File Analysis Account85Additional Requirements86Identifying Files by SHA-256 Hash86File Reputation and File Analysis Report Pages86Viewing File Reputation Filtering Data in Other Reports87For Which Files Are Detailed File Analysis Results Visible in the Cloud?87TLS Connections Page88Inbound SMTP Authentication Page89Rate Limits Page90Outbreak Filters Page91Reporting of Graymail92Reporting of Marketing Messages after Upgrade to AsyncOS 9.593System Capacity Page93How to Interpret the Data You See on System Capacity Page94System Capacity – Workqueue94System Capacity – Incoming Mail95System Capacity – Outgoing Mail95System Capacity – System Load95Overall CPU Usage95Memory Page Swapping96Resource Conservation Activity96System Capacity – All96Threshold Indicator in System Capacity Graphs96Reporting Data Availability Page96About Scheduled and On-Demand Email Reports97Additional Report Types98Domain-Based Executive Summary Report98Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering99Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports99Creating Domain-Based Executive Summary Reports100Executive Summary Report101Scheduling Email Reports101Adding Scheduled Reports101Editing Scheduled Reports102Discontinuing Scheduled Reports102Generating Email Reports On Demand103Viewing and Managing Archived Email Reports104Accessing Archived Reports104Deleting Archived Reports105Troubleshooting Email Reports105Outbreak Filters Reports Do Not Show Information Correctly105Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report106Advanced Malware Protection Verdict Updates Report Results Differ106Issues Viewing File Analysis Report Details106File Analysis Report Details Are Not Available106Error When Viewing File Analysis Report Details106Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance107Logging of File Analysis-Related Errors107Total Graymail or Marketing Messages Appears To Be Incorrect107Using Centralized Web Reporting and Tracking109Centralized Web Reporting and Tracking Overview109Setting Up Centralized Web Reporting and Tracking110Enabling Centralized Web Reporting on the Security Management Appliance111Enabling Centralized Web Reporting on Web Security Appliances111Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance111Anonymizing User Names in Web Reports112Working with Web Security Reports113Web Reporting Page Descriptions113About Time Spent116Web Reporting Overview116Users Report (Web)118User Details (Web Reporting)119Web Sites Report121URL Categories Report122Reducing Uncategorized URLs123URL Category Set Updates and Reports123Using The URL Categories Page in Conjunction with Other Reporting Pages124Reporting Misclassified and Uncategorized URLs124Application Visibility Report124Understanding the Difference between Application versus Application Types125Anti-Malware Report126Malware Category Report127Malware Threat Report128Malware Category Descriptions128Advanced Malware Protection (File Reputation and File Analysis) Reports129Requirements for File Analysis Report Details130(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server130(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results130(On-Premises File Analysis) Activate the File Analysis Account130Additional Requirements131Identifying Files by SHA-256 Hash131Advanced Malware Protection (File Reputation and File Analysis) Report Pages132Viewing File Reputation Filtering Data in Other Reports133For Which Files Are Detailed File Analysis Results Visible in the Cloud?133Client Malware Risk Report134Web Reputation Filters Report135What are Web Reputation Filters?135Adjusting Web Reputation Settings137L4 Traffic Monitor Report137SOCKS Proxy Report139Reports by User Location139System Capacity Page140Viewing the System Capacity Report140How to Interpret the Data You See on the System Capacity Page141System Capacity - System Load141System Capacity - Network Load141Note About Proxy Buffer Memory Swapping142Data Availability Page142About Scheduled and On-Demand Web Reports142Scheduling Web Reports143Storage of Scheduled Web Reports144Adding Scheduled Web Reports144Editing Scheduled Web Reports145Deleting Scheduled Web Reports145Additional Extended Web Reports145Top URL Categories—Extended145Top Application Types—Extended146Generating Web Reports on Demand147Viewing and Managing Archived Web Reports148Web Tracking148Searching for Transactions Processed by Web Proxy Services148Malware Category Descriptions151Searching for Transactions Processed by the L4 Traffic Monitor152Searching for Transactions Processed by the SOCKS Proxy153Working with Web Tracking Search Results153Displaying More Web Tracking Search Results153Understanding Web Tracking Search Results153Viewing Transaction Details for Web Tracking Search Results154About Web Tracking and Advanced Malware Protection Features154About Web Tracking and Upgrades155Troubleshooting Web Reporting and Tracking155Centralized Reporting Is Enabled Properly But Not Working155Advanced Malware Protection Verdict Updates Report Results Differ156Issues Viewing File Analysis Report Details156File Analysis Report Details Are Not Available156Error When Viewing File Analysis Report Details156Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance156Expected Data Is Missing from Reporting or Tracking Results156PDF Shows Only a Subset of Web Tracking Data157Troubleshooting L4 Traffic Monitor Reports157Exported .CSV file is Different From Web Interface Data157Tracking Email Messages159Tracking Service Overview159Setting Up Centralized Message Tracking160Enabling Centralized Email Tracking on a Security Management Appliance160Configuring Centralized Message Tracking on Email Security Appliances160Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance161Managing Access to Sensitive Information162Checking Message Tracking Data Availability162Searching for Email Messages162Narrowing the Result Set165About Message Tracking and Advanced Malware Protection Features165Understanding Tracking Query Results166Message Details166Envelope and Header Summary167Sending Host Summary167Processing Details167DLP Matched Content Tab167Troubleshooting Message Tracking168Expected Messages Are Missing from Search Results168Attachments Do Not Appear in Search Results168Spam Quarantine169Overview of the Spam Quarantine169Local Versus External Spam Quarantine169Setting Up the Centralized Spam Quarantine170Enabling and Configuring the Spam Quarantine170Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance172Configuring an Outbound IP Interface on the Security Management Appliance173Configuring the IP Interface for Browser Access to the Spam Quarantine174Configuring Administrative User Access to the Spam Quarantine174Limiting Which Recipients Have Mail Quarantined175Ensuring That Message Text Displays Correctly175Spam Quarantine Language175Using Safelists and Blocklists to Control Email Delivery Based on Sender176Message Processing of Safelists and Blocklists176Enabling Safelists and Blocklists177External Spam Quarantine and Safelist/Blocklists177Adding Senders and Domains to Safelists and Blocklists (Administrators)178Syntax for Safelists and Blocklist Entries179Clearing All Safelists and Blocklists180About End-User Access to Safelists and Blocklists180Adding Entries to Safelists (End Users)180Adding the Sender of a Quarantined Message to the Safelist180Adding Senders to the Safelist Without a Quarantined Message181Adding Senders to Blocklists (End Users)181Backing Up and Restoring the Safelist/Blocklist181Troubleshooting Safelists and Blocklists182Message from Safelisted Sender Was Not Delivered182Configuring Spam Management Features for End Users183Authentication Options for End Users Accessing Spam Management Features183LDAP Authentication Process184IMAP/POP Authentication Process185Setting Up End-User Access to the Spam Quarantine via Web Browser185Configuring End-User Access to the Spam Quarantine186Determining the URL for End-User Access to the Spam Quarantine187Which Messages an End User Sees187Notifying End Users About Quarantined Messages187Recipient Email Mailing List Aliases and Spam Notifications189Testing Notifications189Troubleshooting Spam Notifications190User Receives Multiple Notifications190Recipient Does Not Receive Notifications190Managing Messages in the Spam Quarantine190Accessing the Spam Quarantine (Administrative Users)190Searching for Messages in the Spam Quarantine191Searching Very Large Message Collections191Viewing Messages in the Spam Quarantine191Delivering Messages in the Spam Quarantine192Deleting Messages from the Spam Quarantine192Disk Space for the Spam Quarantine192About Disabling the External Spam Quarantine192Troubleshooting Spam Quarantine Features193Centralized Policy, Virus, and Outbreak Quarantines195Overview of Centralized Quarantines195Quarantine Types196Centralizing Policy, Virus, and Outbreak Quarantines197Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance198Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance199Configuring Migration of Policy, Virus, and Outbreak Quarantines200Designating an Alternate Appliance to Process Released Messages201Configuring Centralized Quarantine Access for Custom User Roles202Disabling Centralized Policy, Virus, and Outbreak Quarantines202Releasing Messages When an Email Security Appliance Is Unavailable202Managing Policy, Virus, and Outbreak Quarantines202Disk Space Allocation for Policy, Virus, and Outbreak Quarantines203Retention Time for Messages in Quarantines203Default Actions for Automatically Processed Quarantined Messages205Checking the Settings of System-Created Quarantines205Configuring Policy, Virus, and Outbreak Quarantines205About Editing Policy, Virus, and Outbreak Quarantine Settings207Determining the Filters and Message Actions to Which a Policy Quarantine Is Assigned207About Deleting Policy Quarantines207Monitoring Quarantine Status, Capacity, and Activity208Alerts About Quarantine Disk-Space Usage209Policy Quarantines and Logging209About Distributing Message Processing Tasks to Other Users209Which User Groups Can Access Policy, Virus, and Outbreak Quarantines210Working with Messages in Policy, Virus, or Outbreak Quarantines210Viewing Messages in Quarantines211Quarantined Messages and International Character Sets211Finding Messages in Policy, Virus, and Outbreak Quarantines211Manually Processing Messages in a Quarantine212Sending a Copy of the Message213About Moving Messages Between Policy Quarantines213Messages in Multiple Quarantines213Message Details and Viewing Message Content214Viewing Matched Content215Downloading Attachments216About Rescanning of Quarantined Messages216The Outbreak Quarantine217Rescanning Messages in an Outbreak Quarantine217Manage by Rule Summary Link218Reporting False Positives or Suspicious Messages to Cisco Systems218Troubleshooting Centralized Policy Quarantines218Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions218Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned218Managing Web Security Appliances219About Centralized Configuration Management219Determining the Correct Configuration Publishing Method219Setting Up Configuration Masters to Centrally Manage Web Security Appliances220Important Notes About Using Configuration Masters221Determine the Configuration Master Versions to Use221Enabling Centralized Configuration Management on the Security Management Appliance222Initializing Configuration Masters222About Associating Web Security Appliances to Configuration Masters223Adding Web Security Appliances and Associating Them with Configuration Master Versions223Associating Configuration Master Versions to Web Security Appliances224Configuring Settings to Publish224Importing from an Existing Configuration Master225Importing Settings from a Web Security Appliance226Configuring Web Security Features Directly in Configuration Masters226SMA-Specific Differences when Configuring Features in Configuration Masters227Tip for Working with Identities/Identification Profiles in Configuration Masters228Ensuring that Features are Enabled Consistently228Comparing Enabled Features228Enabling Features to Publish229Disabling Unused Configuration Masters230Setting Up to Use Advanced File Publishing231Publishing Configurations to Web Security Appliances231Publishing a Configuration Master231Before You Publish a Configuration Master231Publishing a Configuration Master Now233Publishing a Configuration Master Later234Publishing a Configuration Master Using the Command Line Interface234Publishing Configurations Using Advanced File Publishing235Advanced File Publish: Publish Configuration Now235Advanced File Publish: Publish Later236Viewing Status and History of Publishing Jobs236Viewing Publish History237Viewing Web Security Appliance Status237Viewing a Summary of Status of Web Appliances237Viewing Status of Individual Web Security Appliances237Web Appliance Status Details238Preparing For and Managing URL Category Set Updates238Understand the Impacts of URL Category Set Updates239Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates239Specify Default Settings for New and Changed Categories239When the URL Category Set is Updated, Check Your Policy and Identity/Identification Profile Settings239Troubleshooting Configuration Management Issues240In Configuration Master > Identities/Identification Profiles, Groups Are Not Available240Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected240Troubleshooting Configuration Publishing Failures240Monitoring System Status243About Security Management Appliance Status243Monitoring Security Management Appliance Capacity244Monitoring the Processing Queue244Monitoring CPU Utilization244Monitoring Status of Data Transfer From Managed Appliances245Viewing the Configuration Status of Your Managed Appliances246Additional Status Information for Web Security Appliances246Monitoring Reporting Data Availability Status246Monitoring Email Security Reporting Data Availability247Monitoring Web Security Reporting Data Availability247Monitoring Email Tracking Data Status248Monitoring Capacity of Managed Appliances248Identifying Active TCP/IP Services248Integrating with LDAP251Overview251Configuring LDAP to Work with the Spam Quarantine251Creating the LDAP Server Profile252Testing LDAP Servers254Configuring LDAP Queries254LDAP Query Syntax254Tokens255Spam Quarantine End-User Authentication Queries255Sample Active Directory End-User Authentication Settings256Sample OpenLDAP End-User Authentication Settings256Spam Quarantine Alias Consolidation Queries256Sample Active Directory Alias Consolidation Settings257Sample OpenLDAP Alias Consolidation Settings257Testing LDAP Queries258Domain-Based Queries258Creating a Domain-Based Query259Chain Queries260Creating a Chain Query260Configuring AsyncOS to Work With Multiple LDAP Servers261Testing Servers and Queries262Failover262Configuring the Cisco Content Security Appliance for LDAP Failover262Load Balancing263Configuring the Cisco Content Security Appliance for Load Balancing263Configuring External Authentication of Administrative Users Using LDAP264User Accounts Query for Authenticating Administrative Users265Group Membership Queries for Authenticating Administrative Users265Enabling External Authentication of Administrative Users267Configuring SMTP Routing269SMTP Routes Overview269SMTP Routes, Mail Delivery, and Message Splintering270SMTP Routes and Outbound SMTP Authentication270Routing Email for Local Domains270Default SMTP Route270Managing SMTP Routes271Defining an SMTP Route271SMTP Routes Limits271Adding SMTP Routes271Exporting SMTP Routes272Importing SMTP Routes272SMTP Routes and DNS274Distributing Administrative Tasks275About Distributing Administrative Tasks275Assigning User Roles275Predefined User Roles275Custom User Roles278About Custom Email User Roles278Access to Email Reporting278Access to Message Tracking Data280Access to Quarantines for Custom User Role280Creating Custom Email User Roles280Using Custom Email User Roles281About Custom Web User Roles281Creating Custom Web User Roles282Editing Custom Web User Roles283Deleting Custom User Roles283User Roles with Access to the CLI283Using LDAP283Access to Quarantines284About Authenticating Administrative Users284Changing the Admin User’s Password284Managing Locally-Defined Administrative Users284Adding Locally-Defined Users285Editing Locally-Defined Users285Deleting Locally-Defined Users286Viewing the List of Locally-Defined Users286Setting and Changing Passwords286Setting Password and Login Requirements286Requiring Users to Change Passwords on Demand289Locking and Unlocking Local User Accounts290Locking User Accounts Manually290Unlocking User Accounts290External User Authentication291Configuring LDAP Authentication291Enabling RADIUS Authentication291Additional Controls on Access to the Security Management Appliance294Configuring IP-Based Network Access294Direct Connections294Connecting Through a Proxy294Creating the Access List294Configuring the Web UI Session Timeout296Controlling Access to Sensitive Information in Message Tracking297Displaying a Message for Administrative Users297Viewing Administrative User Activity297Viewing Active Sessions Using the Web298Viewing Your Recent Login Attempts298Viewing Administrative User Activity via the Command Line Interface298Troubleshooting Administrative User Access299Error: User Has No Access Privileges Assigned299User Has No Active Menus299Externally-Authenticated Users See Preferences Option300Common Administrative Tasks301Performing Administrative Tasks301Working with Feature Keys302Virtual Appliance Licensing and Feature Keys302Performing Maintenance Tasks Using CLI Commands302Shutting Down the Security Management Appliance303Rebooting the Security Management Appliance303Taking the Security Management Appliance Out of Service303CLI Examples: suspend and suspendtransfers Commands304Resuming from a Suspended State305CLI Examples: resume and resumetransfers Commands305Resetting the Configuration to Factory Defaults305The resetconfig Command306Displaying the Version Information for AsyncOS306Enabling Remote Power Cycling307Monitoring System Health Using SNMP308Example: snmpconfig Command308Backing Up Security Management Appliance Data310What Data Is Backed Up310Restrictions and Requirements for Backups311Backup Duration312Availability of Services During Backups312Interruption of a Backup Process313Prevent the Target Appliance From Pulling Data Directly from Managed Appliances313Receiving Alerts About Backup Status314Scheduling Single or Recurring Backups314Starting an Immediate Backup314Checking Backup Status315Backup Information in Log Files315Other Important Backup Tasks316Making a Backup Appliance the Primary Appliance316Disaster Recovery on the Security Management Appliance317Upgrading Appliance Hardware319Upgrading AsyncOS319Batch Commands for Upgrades319Determining Network Requirements for Upgrades and Updates320Choosing an Upgrade Method: Remote vs. Streaming320Streaming Upgrade Overview320Remote Upgrade Overview320Hardware and Software Requirements for Remote Upgrades321Hosting a Remote Upgrade Image322Important Differences in Remote Upgrading Method322Configuring Upgrade and Service Update Settings322Upgrade and Update Settings323Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies324Configuring the Update and Upgrade Settings from the GUI326Upgrade Notifications326Before You Upgrade: Important Steps327Upgrading AsyncOS327Viewing Status of, Canceling, or Deleting a Background Download329After Upgrading329About Reverting to an Earlier Version of AsyncOS330Important Note About Reversion Impact330Reverting AsyncOS330About Updates332About URL Category Set Updates for Web Usage Controls332Configuring the Return Address for Generated Messages332Managing Alerts333Alert Types and Severities333Alert Delivery333Viewing Recent Alerts334About Duplicate Alerts334Cisco AutoSupport335Hardware Alert Descriptions335System Alert Descriptions335Changing Network Settings338Changing the System Hostname338The sethostname Command338Configuring Domain Name System Settings339Specifying DNS Servers339Multiple Entries and Priority339Using the Internet Root Servers340Reverse DNS Lookup Timeout340DNS Alert340Clearing the DNS Cache340Configuring DNS Settings via the Graphical User Interface341Configuring TCP/IP Traffic Routes341Managing Static Routes in the GUI341Modifying the Default Gateway (GUI)341Configuring the Default Gateway342Configuring the System Time342Using a Network Time Protocol (NTP) Server342Selecting a GMT Offset343Updating Time Zone Files343Automatically Updating Time Zone Files343Manually Updating Time Zone Files343Saving and Importing Configuration Settings344Managing Configuration Files344Saving and Exporting the Current Configuration File344Loading a Configuration File345Empty Versus Omitted Tags346Note About Loading Passwords for Log Subscriptions346Note About Character Set Encoding346Resetting the Current Configuration346Rolling Back to a Previously Committed Configuration346CLI Commands for Configuration Files347The showconfig, mailconfig, and saveconfig Commands347The loadconfig Command348The rollbackconfig Command348The publishconfig Command348Uploading Configuration Changes Using the CLI349Managing Disk Space350(Virtual Appliances Only) Increasing Available Disk Space350Viewing Disk Space, Quotas, and Usage351About Disk Space Maximums and Allocations351Ensuring That You Receive Alerts About Disk Space351Managing Disk Space for the Miscellaneous Quota352Reallocating Disk Space Quotas352Adjusting the Reference Threshold in System Health Graphs for Email Security Appliances353Customizing Your View353Using Favorite Pages354Setting Preferences354Improving Web Interface Rendering355Logging365Logging Overview365Logging Versus Reporting365Log Retrieval366Filename and Directory Structure366Log Rollover and Transfer Schedule366Timestamps in Log Files367Logs Enabled by Default367Log Types368Summary of Log Types368Log Type Comparison371Using Configuration History Logs371Using CLI Audit Logs372Using FTP Server Logs373Using HTTP Logs373Using Spam Quarantine Logs374Using Spam Quarantine GUI Logs374Using Text Mail Logs375Sample Text Mail Log375Examples of Text Mail Log Entries376Message Receiving377Successful Message Delivery Example377Unsuccessful Message Delivery (Hard Bounce)377Soft Bounce with Ultimately Successful Delivery Example377Message Scanning Results (scanconfig)378Message with Attachment378Generated or Rewritten Messages379Sending a Message to the Spam Quarantine379Using NTP Logs380Using Reporting Logs380Using Reporting Query Logs381Using Safelist/Blocklist Logs381Using SMA Logs382Using Status Logs383Using System Logs385Understanding Tracking Logs385Log Subscriptions385Configuring Log Subscriptions386Setting the Log Level386Creating a Log Subscription in the GUI387Editing Log Subscriptions388Configuring Global Settings for Logging388Logging Message Headers389Configuring Global Settings for Logging by Using the GUI389Rolling Over Log Subscriptions390Rolling Over Logs in Log Subscriptions390Rolling Over Logs Immediately Using the GUI390Rolling Over Logs Immediately via the CLI390Viewing the Most Recent Log Entries in the GUI390Viewing the Most Recent Entries in Logs (tail Command)390Configuring Host Keys391Troubleshooting395Collecting System Information395Troubleshooting Hardware Issues395Troubleshooting Feature Setup Issues396General Troubleshooting Resources396Troubleshooting Performance Issues on Managed Appliances396Troubleshooting Issues with Specific Functionality396Responding to Alerts397Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware397Additional Alert Descriptions397Working with Technical Support398Opening or Updating a Support Case from the Appliance398Getting Support for Virtual Appliances399Enabling Remote Access for Cisco Technical Support Personnel399Enabling Remote Access to Appliances With an Internet Connection399Enabling Remote Access to Appliances Without a Direct Internet Connection400Disabling a Tech Support Tunnel400Disabling Remote Access400Checking the Status of the Support Connection401Running a Packet Capture401Remotely Resetting Appliance Power402IP Interfaces and Accessing the Appliance405IP Interfaces405Configuring IP Interfaces405Creating IP Interfaces Using the GUI406Accessing the Appliance via FTP407Secure Copy (scp) Access409Accessing via a Serial Connection410Pinout Details for the Serial Port in 80- and 90- Series Hardware410Pinout Details for the Serial Port in 70-Series Hardware410Assigning Network and IP Addresses413Ethernet Interfaces413Selecting IP Addresses and Netmasks413Sample Interface Configurations414IP Addresses, Interfaces, and Routing414Summary415Strategies for Connecting Your Content Security Appliance415Firewall Information417Web Security Management Examples419Web Security Appliance Examples419Example 1: Investigating a User419Related Topics420Example 2: Tracking a URL420Related Topics421Example 3: Investigating Top URL Categories Visited421Related Topics422Additional Resources427Cisco Notification Service427Documentation427Third Party Contributors428Training428Knowledge Base Articles (TechNotes)429Cisco Support Community429Customer Support429Registering for a Cisco Account429Cisco Welcomes Your Comments430End User License Agreement431Cisco Systems End User License Agreement431Supplemental End User License Agreement for Cisco Systems Content Security Software438Index441Tamaño: 3 MBPáginas: 450Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosContents3Introduction23What’s New in This Release23Cisco Content Security Management Overview25Setup, Installation, and Basic Configuration27Solution Deployment Overview27SMA Compatibility Matrix28Installation Planning28Network Planning28About Integrating a Security Management Appliance with Email Security Appliances29Deployments with Clustered Email Security Appliances29Preparing for Setup30Physically Setting Up and Connecting the Appliance30Determining Network and IP Address Assignments30Gathering the Setup Information31Accessing the Security Management Appliance32Browser Requirements32About Accessing the Web Interfaces32Accessing the Web Interface33Accessing the Command Line Interface33Supported Languages33Running the System Setup Wizard34Before You Begin34Overview of the System Setup Wizard35Launch the System Setup Wizard35Review the End User License Agreement35Configure the System Settings36Entering an Email Address for System Alerts36Setting the Time36Setting the Password36Enabling AutoSupport36Configure the Network Settings36Network Settings36Review Your Configuration37Proceeding to the Next Steps37About Adding Managed Appliances37Editing Managed Appliance Configurations38Removing an Appliance from the List of Managed Appliances39Configuring Services on the Security Management Appliance39Committing and Abandoning Configuration Changes39Working With Reports41Ways to View Reporting Data41How the Security Appliance Gathers Data for Reports42How Reporting Data is Stored42About Reporting and Upgrades43Customizing Your View of Report Data43Viewing Reporting Data for an Appliance or Reporting Group44Choosing a Time Range for Reports44(Web Reports Only) Choosing Which Data to Chart45Customizing Tables on Report Pages46Custom Reports46Modules That Cannot Be Added to Custom Reports47Creating Your Custom Report Page47Viewing Details of Messages or Transactions Included in Reports48Improving Performance of Email Reports49Printing and Exporting Reporting and Tracking Data50Exporting Report Data as a Comma-Separated Values (CSV) File51Subdomains vs. Second-Level Domains in Reporting and Tracking52Troubleshooting All Reports52Unable to View Report Data on Backup Security Management Appliance53Reporting Is Disabled53Email and Web Reports53Using Centralized Email Security Reporting55Centralized Email Reporting Overview55Setting Up Centralized Email Reporting56Enabling Centralized Email Reporting on the Security Management Appliance56Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance57Creating Email Reporting Groups58Enabling Centralized Email Reporting on Email Security Appliances58Working with Email Report Data58Searching and the Interactive Email Report Pages59Understanding the Email Reporting Pages60Table Column Descriptions for Email Reporting Pages63Email Reporting Overview Page65How Incoming Mail Messages are Counted66How Email Messages Are Categorized by the Appliances66Categorizing Email Messages on the Overview Page67Incoming Mail Page69Views Within the Incoming Mail Page70“No Domain Information” Link71Time Ranges in the Mail Trend Graphs71Incoming Mail Details Table71Sender Profile Pages72Sender Groups Report Page73Outgoing Destinations Page73Outgoing Senders Page74Internal Users Page75Internal User Details Page76Searching for a Specific Internal User77DLP Incidents77DLP Incidents Details Table78DLP Policy Detail Page78Message Filters78High Volume Mail79Content Filters Page79Content Filter Details Page79DMARC Verification80Virus Types Page80URL Filtering Page81Web Interaction Tracking Page81Forged Email Detection Page82Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages83Requirements for File Analysis Report Details83(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server83(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results83(On-Premises File Analysis) Activate the File Analysis Account84Additional Requirements84Identifying Files by SHA-256 Hash84File Reputation and File Analysis Report Pages85Viewing File Reputation Filtering Data in Other Reports86For Which Files Are Detailed File Analysis Results Visible in the Cloud?86Mailbox Auto Remediation87TLS Connections Page87Inbound SMTP Authentication Page89Rate Limits Page89Outbreak Filters Page90Reporting of Graymail92Reporting of Marketing Messages after Upgrade to AsyncOS 9.592System Capacity Page92How to Interpret the Data You See on System Capacity Page93System Capacity – Workqueue93System Capacity – Incoming Mail94System Capacity – Outgoing Mail94System Capacity – System Load94Overall CPU Usage95Memory Page Swapping95Resource Conservation Activity95System Capacity – All95Threshold Indicator in System Capacity Graphs96Reporting Data Availability Page96About Scheduled and On-Demand Email Reports96Additional Report Types97Domain-Based Executive Summary Report97Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering98Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports98Creating Domain-Based Executive Summary Reports99Executive Summary Report100Scheduling Email Reports100Adding Scheduled Reports100Editing Scheduled Reports101Discontinuing Scheduled Reports102Generating Email Reports On Demand102Viewing and Managing Archived Email Reports103Accessing Archived Reports104Deleting Archived Reports104Troubleshooting Email Reports104Outbreak Filters Reports Do Not Show Information Correctly105Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report105Advanced Malware Protection Verdict Updates Report Results Differ105Issues Viewing File Analysis Report Details105File Analysis Report Details Are Not Available105Error When Viewing File Analysis Report Details106Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance106Logging of File Analysis-Related Errors106Total Graymail or Marketing Messages Appears To Be Incorrect106Using Centralized Web Reporting and Tracking107Centralized Web Reporting and Tracking Overview107Setting Up Centralized Web Reporting and Tracking108Enabling Centralized Web Reporting on the Security Management Appliance109Enabling Centralized Web Reporting on Web Security Appliances109Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance109Anonymizing User Names in Web Reports110Working with Web Security Reports111Web Reporting Page Descriptions111About Time Spent114Web Reporting Overview114Users Report (Web)116User Details (Web Reporting)117Web Sites Report119URL Categories Report120Reducing Uncategorized URLs121URL Category Set Updates and Reports121Using The URL Categories Page in Conjunction with Other Reporting Pages122Reporting Misclassified and Uncategorized URLs122Application Visibility Report122Understanding the Difference between Application versus Application Types123Anti-Malware Report124Malware Category Report125Malware Threat Report126Malware Category Descriptions126Advanced Malware Protection (File Reputation and File Analysis) Reports127Requirements for File Analysis Report Details128(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server128(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results128(On-Premises File Analysis) Activate the File Analysis Account128Additional Requirements129Identifying Files by SHA-256 Hash129Advanced Malware Protection (File Reputation and File Analysis) Report Pages130Viewing File Reputation Filtering Data in Other Reports131For Which Files Are Detailed File Analysis Results Visible in the Cloud?131Client Malware Risk Report132Web Reputation Filters Report133What are Web Reputation Filters?133Adjusting Web Reputation Settings135L4 Traffic Monitor Report135SOCKS Proxy Report137Reports by User Location137System Capacity Page138Viewing the System Capacity Report138How to Interpret the Data You See on the System Capacity Page139System Capacity - System Load139System Capacity - Network Load139Note About Proxy Buffer Memory Swapping140Data Availability Page140About Scheduled and On-Demand Web Reports140Scheduling Web Reports141Storage of Scheduled Web Reports142Adding Scheduled Web Reports142Editing Scheduled Web Reports143Deleting Scheduled Web Reports143Additional Extended Web Reports143Top URL Categories—Extended143Top Application Types—Extended144Generating Web Reports on Demand145Viewing and Managing Archived Web Reports146Web Tracking146Searching for Transactions Processed by Web Proxy Services146Malware Category Descriptions149Searching for Transactions Processed by the L4 Traffic Monitor150Searching for Transactions Processed by the SOCKS Proxy151Working with Web Tracking Search Results151Displaying More Web Tracking Search Results151Understanding Web Tracking Search Results151Viewing Transaction Details for Web Tracking Search Results152About Web Tracking and Advanced Malware Protection Features152About Web Tracking and Upgrades153Troubleshooting Web Reporting and Tracking153Centralized Reporting Is Enabled Properly But Not Working153Advanced Malware Protection Verdict Updates Report Results Differ154Issues Viewing File Analysis Report Details154File Analysis Report Details Are Not Available154Error When Viewing File Analysis Report Details154Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance154Expected Data Is Missing from Reporting or Tracking Results154PDF Shows Only a Subset of Web Tracking Data155Troubleshooting L4 Traffic Monitor Reports155Exported .CSV file is Different From Web Interface Data155Tracking Email Messages157Tracking Service Overview157Setting Up Centralized Message Tracking158Enabling Centralized Email Tracking on a Security Management Appliance158Configuring Centralized Message Tracking on Email Security Appliances158Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance159Managing Access to Sensitive Information160Checking Message Tracking Data Availability160Searching for Email Messages160Narrowing the Result Set163About Message Tracking and Advanced Malware Protection Features163Understanding Tracking Query Results164Message Details164Envelope and Header Summary165Sending Host Summary165Processing Details165DLP Matched Content Tab165URL Details Tab166Troubleshooting Message Tracking166Expected Messages Are Missing from Search Results166Attachments Do Not Appear in Search Results166Spam Quarantine169Overview of the Spam Quarantine169Local Versus External Spam Quarantine169Setting Up the Centralized Spam Quarantine170Enabling and Configuring the Spam Quarantine170Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance172Configuring an Outbound IP Interface on the Security Management Appliance173Configuring the IP Interface for Browser Access to the Spam Quarantine174Configuring Administrative User Access to the Spam Quarantine174Limiting Which Recipients Have Mail Quarantined175Ensuring That Message Text Displays Correctly175Spam Quarantine Language175Using Safelists and Blocklists to Control Email Delivery Based on Sender176Message Processing of Safelists and Blocklists176Enabling Safelists and Blocklists177External Spam Quarantine and Safelist/Blocklists177Adding Senders and Domains to Safelists and Blocklists (Administrators)178Syntax for Safelists and Blocklist Entries179Clearing All Safelists and Blocklists180About End-User Access to Safelists and Blocklists180Adding Entries to Safelists (End Users)180Adding the Sender of a Quarantined Message to the Safelist180Adding Senders to the Safelist Without a Quarantined Message181Adding Senders to Blocklists (End Users)181Backing Up and Restoring the Safelist/Blocklist181Troubleshooting Safelists and Blocklists182Message from Safelisted Sender Was Not Delivered182Configuring Spam Management Features for End Users183Authentication Options for End Users Accessing Spam Management Features183LDAP Authentication Process184IMAP/POP Authentication Process185SAML 2.0 Authentication Process185Setting Up End-User Access to the Spam Quarantine via Web Browser186Configuring End-User Access to the Spam Quarantine186Determining the URL for End-User Access to the Spam Quarantine187Which Messages an End User Sees187Notifying End Users About Quarantined Messages188Recipient Email Mailing List Aliases and Spam Notifications189Testing Notifications190Troubleshooting Spam Notifications190User Receives Multiple Notifications190Recipient Does Not Receive Notifications191Managing Messages in the Spam Quarantine191Accessing the Spam Quarantine (Administrative Users)191Searching for Messages in the Spam Quarantine191Searching Very Large Message Collections192Viewing Messages in the Spam Quarantine192Delivering Messages in the Spam Quarantine193Deleting Messages from the Spam Quarantine193Disk Space for the Spam Quarantine193About Disabling the External Spam Quarantine193Troubleshooting Spam Quarantine Features194Centralized Policy, Virus, and Outbreak Quarantines195Overview of Centralized Quarantines195Quarantine Types196Centralizing Policy, Virus, and Outbreak Quarantines197Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance198Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance199Configuring Migration of Policy, Virus, and Outbreak Quarantines200Designating an Alternate Appliance to Process Released Messages201Configuring Centralized Quarantine Access for Custom User Roles202Disabling Centralized Policy, Virus, and Outbreak Quarantines202Releasing Messages When an Email Security Appliance Is Unavailable202Managing Policy, Virus, and Outbreak Quarantines202Disk Space Allocation for Policy, Virus, and Outbreak Quarantines203Retention Time for Messages in Quarantines203Default Actions for Automatically Processed Quarantined Messages205Checking the Settings of System-Created Quarantines205Configuring Policy, Virus, and Outbreak Quarantines205About Editing Policy, Virus, and Outbreak Quarantine Settings207Determining the Filters and Message Actions to Which a Policy Quarantine Is Assigned207About Deleting Policy Quarantines207Monitoring Quarantine Status, Capacity, and Activity208Alerts About Quarantine Disk-Space Usage209Policy Quarantines and Logging209About Distributing Message Processing Tasks to Other Users209Which User Groups Can Access Policy, Virus, and Outbreak Quarantines210Working with Messages in Policy, Virus, or Outbreak Quarantines210Viewing Messages in Quarantines211Quarantined Messages and International Character Sets211Finding Messages in Policy, Virus, and Outbreak Quarantines211Manually Processing Messages in a Quarantine212Sending a Copy of the Message213About Moving Messages Between Policy Quarantines213Messages in Multiple Quarantines213Message Details and Viewing Message Content214Viewing Matched Content215Downloading Attachments216About Rescanning of Quarantined Messages216The Outbreak Quarantine217Rescanning Messages in an Outbreak Quarantine217Manage by Rule Summary Link218Reporting False Positives or Suspicious Messages to Cisco Systems218Troubleshooting Centralized Policy Quarantines218Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions218Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned218Managing Web Security Appliances219About Centralized Configuration Management219Determining the Correct Configuration Publishing Method219Setting Up Configuration Masters to Centrally Manage Web Security Appliances220Important Notes About Using Configuration Masters221Determine the Configuration Master Versions to Use221Enabling Centralized Configuration Management on the Security Management Appliance222Initializing Configuration Masters222About Associating Web Security Appliances to Configuration Masters223Adding Web Security Appliances and Associating Them with Configuration Master Versions223Associating Configuration Master Versions to Web Security Appliances224Configuring Settings to Publish224Importing from an Existing Configuration Master225Importing Settings from a Web Security Appliance226Configuring Web Security Features Directly in Configuration Masters226SMA-Specific Differences when Configuring Features in Configuration Masters227Tip for Working with Identities/Identification Profiles in Configuration Masters228Ensuring that Features are Enabled Consistently228Comparing Enabled Features228Enabling Features to Publish229Disabling Unused Configuration Masters230Setting Up to Use Advanced File Publishing231Publishing Configurations to Web Security Appliances231Publishing a Configuration Master231Before You Publish a Configuration Master231Publishing a Configuration Master Now233Publishing a Configuration Master Later234Publishing a Configuration Master Using the Command Line Interface234Publishing Configurations Using Advanced File Publishing235Advanced File Publish: Publish Configuration Now235Advanced File Publish: Publish Later236Viewing Status and History of Publishing Jobs237Viewing Publish History237Viewing Web Security Appliance Status237Viewing a Summary of Status of Web Appliances237Viewing Status of Individual Web Security Appliances238Web Appliance Status Details238Preparing For and Managing URL Category Set Updates239Understand the Impacts of URL Category Set Updates239Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates239Specify Default Settings for New and Changed Categories240When the URL Category Set is Updated, Check Your Policy and Identity/Identification Profile Settings240Troubleshooting Configuration Management Issues240In Configuration Master > Identities/Identification Profiles, Groups Are Not Available240Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected241Troubleshooting Configuration Publishing Failures241Monitoring System Status243About Security Management Appliance Status243Monitoring Security Management Appliance Capacity244Monitoring the Processing Queue244Monitoring CPU Utilization244Monitoring Status of Data Transfer From Managed Appliances245Viewing the Configuration Status of Your Managed Appliances246Additional Status Information for Web Security Appliances246Monitoring Reporting Data Availability Status246Monitoring Email Security Reporting Data Availability247Monitoring Web Security Reporting Data Availability247Monitoring Email Tracking Data Status248Monitoring Capacity of Managed Appliances248Identifying Active TCP/IP Services248Integrating with LDAP251Overview251Configuring LDAP to Work with the Spam Quarantine251Creating the LDAP Server Profile252Testing LDAP Servers254Configuring LDAP Queries254LDAP Query Syntax254Tokens255Spam Quarantine End-User Authentication Queries255Sample Active Directory End-User Authentication Settings256Sample OpenLDAP End-User Authentication Settings256Spam Quarantine Alias Consolidation Queries256Sample Active Directory Alias Consolidation Settings257Sample OpenLDAP Alias Consolidation Settings257Testing LDAP Queries258Domain-Based Queries258Creating a Domain-Based Query259Chain Queries260Creating a Chain Query260Configuring AsyncOS to Work With Multiple LDAP Servers261Testing Servers and Queries262Failover262Configuring the Cisco Content Security Appliance for LDAP Failover262Load Balancing263Configuring the Cisco Content Security Appliance for Load Balancing263Configuring External Authentication of Administrative Users Using LDAP264User Accounts Query for Authenticating Administrative Users265Group Membership Queries for Authenticating Administrative Users265Enabling External Authentication of Administrative Users267Configuring SMTP Routing269SMTP Routes Overview269SMTP Routes, Mail Delivery, and Message Splintering270SMTP Routes and Outbound SMTP Authentication270Routing Email for Local Domains270Default SMTP Route270Managing SMTP Routes271Defining an SMTP Route271SMTP Routes Limits271Adding SMTP Routes271Exporting SMTP Routes272Importing SMTP Routes272SMTP Routes and DNS274Distributing Administrative Tasks275About Distributing Administrative Tasks275Assigning User Roles275Predefined User Roles275Custom User Roles278About Custom Email User Roles278Access to Email Reporting278Access to Message Tracking Data280Access to Quarantines for Custom User Role280Creating Custom Email User Roles280Using Custom Email User Roles281About Custom Web User Roles281Creating Custom Web User Roles282Editing Custom Web User Roles283Deleting Custom User Roles283User Roles with Access to the CLI283Using LDAP283Access to Quarantines284About Authenticating Administrative Users284Changing the Admin User’s Password284Managing Locally-Defined Administrative Users284Adding Locally-Defined Users285Editing Locally-Defined Users285Deleting Locally-Defined Users286Viewing the List of Locally-Defined Users286Setting and Changing Passwords286Setting Password and Login Requirements286Requiring Users to Change Passwords on Demand289Locking and Unlocking Local User Accounts290Locking User Accounts Manually290Unlocking User Accounts290External User Authentication291Configuring LDAP Authentication291Enabling RADIUS Authentication291Additional Controls on Access to the Security Management Appliance294Configuring IP-Based Network Access294Direct Connections294Connecting Through a Proxy294Creating the Access List294Configuring the Web UI Session Timeout296Controlling Access to Sensitive Information in Message Tracking297Displaying a Message for Administrative Users297Viewing Administrative User Activity297Viewing Active Sessions Using the Web297Viewing Your Recent Login Attempts298Viewing Administrative User Activity via the Command Line Interface298Troubleshooting Administrative User Access299Error: User Has No Access Privileges Assigned299User Has No Active Menus299Externally-Authenticated Users See Preferences Option299Common Administrative Tasks301Performing Administrative Tasks301Working with Feature Keys302Virtual Appliance Licensing and Feature Keys302Performing Maintenance Tasks Using CLI Commands302Shutting Down the Security Management Appliance303Rebooting the Security Management Appliance303Taking the Security Management Appliance Out of Service303CLI Examples: suspend and suspendtransfers Commands304Resuming from a Suspended State305CLI Examples: resume and resumetransfers Commands305Resetting the Configuration to Factory Defaults305The resetconfig Command306Displaying the Version Information for AsyncOS306Enabling Remote Power Cycling307Monitoring System Health Using SNMP308Example: snmpconfig Command308Backing Up Security Management Appliance Data310What Data Is Backed Up310Restrictions and Requirements for Backups311Backup Duration312Availability of Services During Backups312Interruption of a Backup Process313Prevent the Target Appliance From Pulling Data Directly from Managed Appliances313Receiving Alerts About Backup Status314Scheduling Single or Recurring Backups314Starting an Immediate Backup314Checking Backup Status315Backup Information in Log Files315Other Important Backup Tasks316Making a Backup Appliance the Primary Appliance316Disaster Recovery on the Security Management Appliance317Upgrading Appliance Hardware319Upgrading AsyncOS319Batch Commands for Upgrades319Determining Network Requirements for Upgrades and Updates320Choosing an Upgrade Method: Remote vs. Streaming320Streaming Upgrade Overview320Remote Upgrade Overview320Hardware and Software Requirements for Remote Upgrades321Hosting a Remote Upgrade Image322Important Differences in Remote Upgrading Method322Configuring Upgrade and Service Update Settings322Upgrade and Update Settings323Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies324Configuring the Update and Upgrade Settings from the GUI326Upgrade Notifications326Before You Upgrade: Important Steps327Upgrading AsyncOS327Viewing Status of, Canceling, or Deleting a Background Download329After Upgrading329About Reverting to an Earlier Version of AsyncOS330Important Note About Reversion Impact330Reverting AsyncOS330About Updates332About URL Category Set Updates for Web Usage Controls332Configuring the Return Address for Generated Messages332Managing Alerts333Alert Types and Severities333Alert Delivery333Viewing Recent Alerts334About Duplicate Alerts334Cisco AutoSupport335Hardware Alert Descriptions335System Alert Descriptions335Changing Network Settings338Changing the System Hostname338The sethostname Command338Configuring Domain Name System Settings339Specifying DNS Servers339Multiple Entries and Priority339Using the Internet Root Servers340Reverse DNS Lookup Timeout340DNS Alert340Clearing the DNS Cache340Configuring DNS Settings via the Graphical User Interface341Configuring TCP/IP Traffic Routes341Managing Static Routes in the GUI341Modifying the Default Gateway (GUI)341Configuring the Default Gateway342Specifying a Secure Communication Protocol342Configuring the System Time342Using a Network Time Protocol (NTP) Server343Selecting a GMT Offset343Updating Time Zone Files343Automatically Updating Time Zone Files344Manually Updating Time Zone Files344Saving and Importing Configuration Settings344Managing Configuration Files345Saving and Exporting the Current Configuration File345Loading a Configuration File345Empty Versus Omitted Tags346Note About Loading Passwords for Log Subscriptions347Note About Character Set Encoding347Resetting the Current Configuration347Rolling Back to a Previously Committed Configuration347CLI Commands for Configuration Files347The showconfig, mailconfig, and saveconfig Commands348The loadconfig Command349The rollbackconfig Command349The publishconfig Command349Uploading Configuration Changes Using the CLI349Managing Disk Space350(Virtual Appliances Only) Increasing Available Disk Space350Viewing Disk Space, Quotas, and Usage351About Disk Space Maximums and Allocations351Ensuring That You Receive Alerts About Disk Space352Managing Disk Space for the Miscellaneous Quota352Reallocating Disk Space Quotas352Adjusting the Reference Threshold in System Health Graphs for Email Security Appliances353SSO Using SAML 2.0354About SSO and SAML 2.0354SAML 2.0 SSO Workflow355Guidelines and Limitations for SAML 2.0356Logout356General356Spam Quarantine Access for Administrators356How to Configure SSO for Spam Quarantine356Prerequisites357Configure Cisco Content Security Management Appliance as a Service Provider357Configure the Identity Provider to Communicate with Cisco Content Security Management Appliance359Configure AD FS 2.0 to Communicate with Cisco Content Security Management Appliance359Configure PingFederate 7.2 to Communicate with Cisco Content Security Management Appliance360Configure Identity Provider Settings on Cisco Content Security Management Appliance360Enable SSO for Spam Quarantine361Customizing Your View362Using Favorite Pages362Setting Preferences363Improving Web Interface Rendering363Logging365Logging Overview365Logging Versus Reporting365Log Retrieval366Filename and Directory Structure366Log Rollover and Transfer Schedule366Timestamps in Log Files367Logs Enabled by Default367Log Types368Summary of Log Types368Log Type Comparison371Using Configuration History Logs371Using CLI Audit Logs372Using FTP Server Logs373Using HTTP Logs373Using Spam Quarantine Logs374Using Spam Quarantine GUI Logs374Using Text Mail Logs375Sample Text Mail Log375Examples of Text Mail Log Entries376Message Receiving377Successful Message Delivery Example377Unsuccessful Message Delivery (Hard Bounce)377Soft Bounce with Ultimately Successful Delivery Example377Message Scanning Results (scanconfig)378Message with Attachment378Generated or Rewritten Messages379Sending a Message to the Spam Quarantine379Using NTP Logs380Using Reporting Logs380Using Reporting Query Logs381Using Safelist/Blocklist Logs381Using SMA Logs382Using Status Logs383Using System Logs385Understanding Tracking Logs385Log Subscriptions385Configuring Log Subscriptions386Setting the Log Level386Creating a Log Subscription in the GUI387Editing Log Subscriptions388Configuring Global Settings for Logging388Logging Message Headers389Configuring Global Settings for Logging by Using the GUI389Rolling Over Log Subscriptions390Rolling Over Logs in Log Subscriptions390Rolling Over Logs Immediately Using the GUI390Rolling Over Logs Immediately via the CLI390Viewing the Most Recent Log Entries in the GUI390Viewing the Most Recent Entries in Logs (tail Command)390Configuring Host Keys391Troubleshooting395Collecting System Information395Troubleshooting Hardware Issues395Troubleshooting Feature Setup Issues396General Troubleshooting Resources396Troubleshooting Performance Issues on Managed Appliances396Troubleshooting Issues with Specific Functionality396Responding to Alerts397Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware397Additional Alert Descriptions397Working with Technical Support398Opening or Updating a Support Case from the Appliance398Getting Support for Virtual Appliances399Enabling Remote Access for Cisco Technical Support Personnel399Enabling Remote Access to Appliances With an Internet Connection399Enabling Remote Access to Appliances Without a Direct Internet Connection400Disabling a Tech Support Tunnel400Disabling Remote Access400Checking the Status of the Support Connection401Running a Packet Capture401Remotely Resetting Appliance Power402IP Interfaces and Accessing the Appliance405IP Interfaces405Configuring IP Interfaces405Creating IP Interfaces Using the GUI406Accessing the Appliance via FTP407Secure Copy (scp) Access409Accessing via a Serial Connection410Pinout Details for the Serial Port in 80- and 90- Series Hardware410Pinout Details for the Serial Port in 70-Series Hardware410Assigning Network and IP Addresses413Ethernet Interfaces413Selecting IP Addresses and Netmasks413Sample Interface Configurations414IP Addresses, Interfaces, and Routing414Summary415Strategies for Connecting Your Content Security Appliance415Firewall Information417Web Security Management Examples419Web Security Appliance Examples419Example 1: Investigating a User419Related Topics420Example 2: Tracking a URL421Related Topics421Example 3: Investigating Top URL Categories Visited421Related Topics422Additional Resources423Cisco Notification Service423Documentation423Third Party Contributors424Training424Knowledge Base Articles (TechNotes)425Cisco Support Community425Customer Support425Registering for a Cisco Account425Cisco Welcomes Your Comments426End User License Agreement427Cisco Systems End User License Agreement427Supplemental End User License Agreement for Cisco Systems Content Security Software434Index437Tamaño: 4 MBPáginas: 446Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosCisco IronPort AsyncOS 7.2.0 for Security Management User Guide1Contents3Preface23Setup and Installation39Installation Planning40Mail Flow When Using the Security Management Appliance as an External Spam Quarantine41Centralized Management and the Security Management Appliance42Physical Dimensions42Preparing for Setup43Understanding the System Setup Steps44Determining Network and IP Address Assignments44Gathering the Setup Information45Accessing the Graphical User Interface46Accessing the Web Interfaces of the Security Management Appliance47Security Management Appliance Command Line Interface47Understanding the System Setup Wizard47Browser Requirements48Support Languages49Running the System Setup Wizard49Step 1: Review the End User License Agreement50Step 2: Configure the System Settings51Configuring Email System Alerts52Setting the Time52Setting the Password52Enabling AutoSupport53Step 3: Configure the Network Settings53Network Settings54Step 4: Review Your Configuration54Proceeding to the Next Steps55Security Management Appliance User Interface56Tabs on the System Status Page58Commit Changes Button59Accessing Customer Support from the Security Management Appliance59Technical Support60Support Request60Remote Access62Working with Feature Keys63Feature Keys Page63Feature Key Settings Page64Expired Feature Keys65SMA Compatibility Matrix66Appliance Configuration69Appliance Configuration Overview69Enabling Services on the Security Management Appliance70Enabling and Disabling Centralized Email Reporting on a Security Management Appliance71Disabling Centralized Email Reporting72Enabling and Disabling Centralized Web Reporting on a Security Management Appliance73Disabling Centralized Web Reporting74Enabling and Disabling Centralized Email Tracking on a Security Management Appliance74Disabling Centralized Email Tracking75Enabling and Disabling the Cisco IronPort Spam Quarantine on a Security Management Appliance75Disabling the Cisco IronPort Spam Quarantine76Enabling and Disabling the Centralized Configuration Manager on a Security Management Appliance77Disabling the Cisco IronPort Centralized Configuration Manager77Adding Managed Appliances78Editing and Deleting Managed Appliances82Editing a Managed Appliance82Deleting a Managed Appliance82Understanding Common Tasks and Settings on the Appliances83Interactive Report Pages83Time Range Drop-down Menu84Printing and Exporting Reports from Report Pages84Exporting Report Data85Viewing Active Sessions86Using Centralized Email Reporting89Reporting Overview89How the Security Appliance Gathers Data for Reports90How Reporting Data is Stored91Searching and the Interactive Report Pages91Interactive Report Pages for the Email Security Appliance92Printing Reports from Report Pages92Overview Page92Counting Messages94Categorizing Email on Overview and Incoming Mail94How Messages Are Categorized95Incoming Mail96Incoming Mail Page96Time Ranges in the Mail Trend Graphs98Incoming Mail Details99“No Domain Information”100Querying for More Information100Sender Profile Pages101Sender Profile Search103Sender Groups Report106Outgoing Destinations Page107Outgoing Senders Page108Internal Users Page110Internal User Details111Searching for a Specific Internal User112DLP Incident Summary Page113DLP Incidents Details Interactive Table114DLP Policy Detail Page115Content Filters Page116Content Filter Details116Virus Types Page117Virus Outbreaks Page119Outbreak Summary119Quarantined Messages119Global Outbreak Details120TLS Connections Page121System Capacity Page123How to Interpret the Data You See on System Capacity Page124System Capacity - Workqueue125System Capacity - Incoming Mail126System Capacity - Outgoing Mail127System Capacity - System Load129Note About Memory Page Swapping130System Capacity - All131Managing Reports131Setting the Return Address for Reports132Creating Email Reporting Groups132Adding Email Reporting Groups132Editing and Deleting Email Reporting Groups133Managing Scheduled Reports for the Email Security Appliance134Adding a Scheduled Report135Editing Scheduled Reports138Deleting Scheduled Reports138Creating a Domain-Based Executive Summary Report139Domain-Based Executive Summary Report Configuration Files142Using the Generate Reports Now Option143Managing Archived Reports145Reporting Filters146Using Centralized Web Reporting149Reporting Overview149How the Security Appliance Gathers Data for Reports151How Reporting Data is Stored151Getting Started with Web Reporting152Configuring Centralized Web Reporting152Using the Web Reporting Tab154Interactive Report Pages for the Web Security Appliance159Interactive Columns on Report Pages159Configuring Column Settings on Report Pages163Printing Reports from Report Pages164Reporting Filters164Understanding the Web Reporting Pages165Web Reporting Overview Page165Users Page169User Details Page173Web Sites Page177URL Categories Page181Using The URL Categories Page in Conjunction with Other Reporting Pages185Custom URL Categories186Reporting Misclassified and Uncategorized URLs188Application Visibility Page189Understanding the Difference between Application versus Application Types189Anti-Malware Page194Malware Category Report Page195Malware Threat Report Page196Malware Category Descriptions198Configuring Anti-Malware199Client Malware Risk Page203Client Detail Page206Web Reputation Filters Page210What are Web Reputation Filters?210Configuring Web Reputation Scores214Configuring Web Reputation Filter Settings for Access Policies214L4 Traffic Monitor Data Page216Configuring the L4 Traffic Monitor218Reports by User Location Page219Web Tracking Page222Configuring Web Tracking224Default Web Tracking Results224Advanced Web Tracking Results226System Capacity Page227How to Interpret the Data You See on System Capacity Page228System Capacity-System Load229System Capacity-Network Load232Note About Memory Page Swapping232Data Availability Page233Scheduling Reports235Managing Scheduled Reports236Adding Scheduled Reports236Editing Scheduled Reports238Deleting Scheduled Reports238Additional Extended Reports238Top URL Categories-Extended238Top Application Types-Extended240Archiving Reports242‘Generate Report Now’ Option242Tracking Email Messages245Tracking Service Overview245Understanding Tracking Query Setup246Running a Search Query249Narrowing the Result Set250Understanding Tracking Query Results251Message Details252Envelope and Header Summary253Sending Host Summary254Processing Details254Managing the Cisco IronPort Spam Quarantine255Understanding the Cisco IronPort Spam Quarantine255Configuring Cisco IronPort Spam Quarantine Settings257Configuring Administrative Users for Cisco IronPort Spam Quarantines260Configuring End User Access and Notifications261Configuring End User Quarantine Access262Enabling Spam Notifications263Setting Up Email Security Appliances to Forward Spam266Configuring External Quarantine Settings267Adding and Updating Managed Appliances and Using the Quarantine Spam Option268Managing Messages in the Cisco IronPort Spam Quarantine269Searching for Messages in the Cisco IronPort Spam Quarantine270Searching Large Message Collections271Viewing Messages in the Cisco IronPort Spam Quarantine271Viewing HTML Messages272Viewing Encoded Messages272Delivering Messages in the Cisco IronPort Spam Quarantine272Deleting Messages from the Cisco IronPort Spam Quarantine272Enabling the End User Safelist/Blocklist Feature273Enabling and Configuring Safelist/Blocklist Settings274Backing Up and Restoring the Safelist/Blocklist Database275Synchronizing Safelist and Blocklist Settings and Databases276Message Delivery for Safelists and Blocklists276Troubleshooting Safelists and Blocklists277Using End User Safelists and Blocklists277Accessing Safelists and Blocklists278Adding Entries to Safelists and Blocklists278Working with Safelists279Working with Blocklists280Managing Web Security Appliances281Overview of Managing Web Security Appliances281Working with Configuration Masters282Editing Security Services Settings283Associating Web Security Appliances to Configuration Masters287Preconfiguring Configuration Masters288Configuring Web Security Features290Using Configuration Master 5.7290Using Configuration Master 6.3291Using Configuration Master 7.1292Publishing Configurations to the Web Security Appliances292Configuration Master Publish293Advanced File Publish294Publishing a Configuration Master294Using the publishconfig Command297Using Advanced File Publishing297Advanced File Publish: Publish Configuration Now298Advanced File Publish: Publish Later299Viewing Publish History300Viewing Web Security Appliance Status301Monitoring System Status307Monitoring Security Management Appliance Status307Centralized Services309Email Security309Web Security310Security Appliance Data Transfer Status311System Information313Viewing the Status of Your Managed Appliances314Monitoring Reporting Data Availability Status315Monitoring Data Availability on your Email Security Appliances315Monitoring Data Availability on your Web Security Appliances317Monitoring Tracking Data Status318Monitoring Email Tracking Data Status318Monitoring Web Tracking Data Status319LDAP Queries321Overview321Configuring LDAP to Work with the Cisco IronPort Spam Quarantine322Creating the LDAP Server Profile323Testing LDAP Servers326Configuring LDAP Queries326LDAP Query Syntax326Tokens327Spam Quarantine End-User Authentication Queries328Sample Active Directory End-User Authentication Settings328Sample OpenLDAP End-User Authentication Settings329Spam Quarantine Alias Consolidation Queries329Sample Active Directory Alias Consolidation Settings330Sample OpenLDAP Alias Consolidation Settings331Testing LDAP Queries331Domain-Based Queries332Creating a Domain-Based Query333Chain Queries334Creating a Chain Query335Configuring AsyncOS to Work With Multiple LDAP Servers336Testing Servers and Queries337Failover337Configuring the Cisco IronPort Appliance for LDAP Failover337Load Balancing339Configuring the Cisco IronPort Appliance for Load Balancing339Configuring External Authentication for Users340User Accounts Query341Group Membership Queries342Configuring SMTP Routing345Routing Email for Local Domains345SMTP Routes Overview346Default SMTP Route347Defining an SMTP Route347SMTP Routes Limits348SMTP Routes and DNS348SMTP Routes and Alerts348SMTP Routes, Mail Delivery, and Message Splintering348SMTP Routes and Outbound SMTP Authentication349Managing SMTP Routes on the Security Management Appliance349Adding SMTP Routes350Editing SMTP Routes350Deleting SMTP Routes351Exporting SMTP Routes351Importing SMTP Routes352Common Administrative Tasks355Performing Maintenance Tasks Using CLI Commands356Shutting Down the Security Management Appliance356Rebooting the Security Management Appliance357Placing the Security Management Appliance into a Maintenance State357The suspend and offline Commands359Resuming from an Offline State359The resume Command360Resetting to Factory Defaults360The resetconfig Command361Displaying the Version Information for AsyncOS362Backing Up Your Security Management Appliance362CLI Command Associated with Backup363Full versus Partial Backups364Scheduling a Backup364Periodic Backups365Instant Backups367Interruption of Backup Process369Upgrading to New Security Management Appliance Hardware370Software Upgrades on Your Security Management Appliance372Before You Upgrade372Remote vs. Streaming Upgrades373Upgrading Clustered Systems374Streaming Upgrade Overview374Remote Upgrade Overview374Hardware and Software Requirements for Remote Upgrades375Hosting a Remote Upgrade Image376Obtaining Upgrades Using the GUI377Editing Update Settings377Upgrading AsyncOS on the Security Management Appliance379Reverting to an Earlier Version of AsyncOS381Important Note About Reversion Impact381Performing the AsyncOS Reversion382Obtaining Upgrades Using the CLI385The updateconfig Command385The upgrade Command387Differences from Traditional Upgrading Method390Disaster Recovery on the Security Management Appliance391Updating Settings395The Update Settings Page395Editing Update Settings395Configuring the Update Server396Specify an HTTP Proxy Server (Optional)397Specify an HTTPS Proxy Server (Optional)397Adding User Accounts397Assigning User Roles398Delegating Administration405Creating Custom User Roles406Editing Custom User Roles407Managing Users with the GUI408Adding Users409Deleting Users410Editing Users411Changing Your Password411Secure Password Enforcement411Additional Commands to Support Multiple Users: who, whoami, and last411External Authentication413Enabling LDAP Authentication414Enabling RADIUS Authentication415Configuring the Return Address for Generated Messages417Managing Alerts418Overview of Alerts418Alerts: Alert Recipients, Alert Classifications, and Severities418Alert Classifications419Severities419Alert Settings419Sending Duplicate Alerts419Alert Delivery420SMTP Routes and Alerts420Cisco IronPort AutoSupport420Alert Messages421Alert From Address421Alert Subject421Example Alert Message421Managing Alert Recipients422Adding New Alert Recipients423Configuring Existing Alert Recipients424Deleting Alert Recipients424Configuring Alert Settings425Editing Alert Settings425Alert Listing426Hardware Alerts426System Alerts427Changing Network Settings430Changing the System Hostname431The sethostname Command431Configuring Domain Name System Settings432Specifying DNS Servers432Multiple Entries and Priority432Using the Internet Root Servers433Reverse DNS Lookup Timeout434DNS Alert434Clearing the DNS Cache434Configuring DNS Settings via the Graphical User Interface435Configuring TCP/IP Traffic Routes437Managing Static Routes in the GUI437Adding Static Routes437Deleting Static Routes438Editing Static Routes438Modifying the Default Gateway (GUI)438Configuring the Default Gateway439Changing the Admin User’s Password439Updating Services440The Update Settings Page440Editing Update Settings (GUI)440Configuring the Update Servers440Specifying an HTTP Proxy Server (Optional)441Configuring the System Time441Time Zone Page441Selecting a Time Zone441Selecting a GMT Offset442Editing Time Settings (GUI)443Editing the Network Time Protocol (NTP) Configuration (Time Keeping Method)443Setting System Time Without Using an NTP Server444Adding or Editing a Time Range444Managing the Configuration File445Managing Multiple Appliances with XML Configuration Files446Managing Configuration Files in the GUI447Saving and Exporting the Current Configuration File447Loading a Configuration File448Empty Versus Omitted Tags451Note About Loading Passwords for Log Subscriptions451Note About Character Set Encoding451Resetting the Current Configuration452CLI Commands for Configuration Files452The showconfig, mailconfig, and saveconfig Commands452The loadconfig Command455The publishconfig Command455The backupconfig Command455Uploading Configuration Changes Using the CLI456Managing Disk Usage458Maximum Disk Space Available458Editing Disk Quotas459Reallocating Monitoring Service Disk Quotas459Logging461Overview461Logging Versus Reporting462Log Types462Log Type Comparison464Log Retrieval466Filename and Directory Structure466Log Rollover and Transfer Schedule467Logs Enabled by Default467Log Characteristics468Timestamps in Log Files468Using Configuration History Logs469Configuration History Log Example469Using CLI Audit Logs470CLI Audit Log Example471Using FTP Server Logs471FTP Server Log Example472Using HTTP Logs472HTTP Log Example473Using Cisco IronPort Spam Quarantine Logs474Cisco IronPort Spam Quarantine Log Example474Using Cisco IronPort Spam Quarantine GUI Logs475Cisco IronPort Spam Quarantine GUI Log Example475Using Cisco IronPort Text Mail Logs475Sample476Examples of Text Mail Log Entries477Message Receiving478Successful Message Delivery Example479Unsuccessful Message Delivery (Hard Bounce)479Soft Bounce with Ultimately Successful Delivery Example480Message Scanning Results (scanconfig)480Generated or Rewritten Messages482Sending a Message to the Cisco IronPort Spam Quarantine483Using NTP Logs484NTP Log Example484Using Reporting Logs485Reporting Log Example485Using Reporting Query Logs486Reporting Query Log Example486Using Safelist/Blocklist Logs488Safelist/Blocklist Log Example488Using SMA Logs489Using Status Logs490Reading Status Logs491Status Log Example494Using System Logs494System Log Example494Understanding Tracking Logs495Log Subscriptions495Configuring Log Subscriptions496Setting the Log Level497Creating a Log Subscription in the GUI498Editing Log Subscriptions500Configuring Global Settings for Logging500Logging Message Headers502Configuring Global Settings for Logging by Using the GUI503Rolling Over Log Subscriptions504Rolling Over Log Subscriptions Using the GUI504Rolling Over Log Subscriptions via the CLI504Viewing the Most Recent Log Entries in the GUI505Viewing the Most Recent Entries in Logs (tail Command)505Example506Configuring Host Keys507Accessing the Appliance513IP Interfaces514Configuring IP Interfaces514Creating IP Interfaces Using the GUI516FTP Access517Secure Copy (scp) Access520Accessing via a Serial Connection521Assigning Network and IP Addresses523Ethernet Interfaces523Selecting IP Addresses and Netmasks524Sample Interface Configurations525Network 1:525Network 2:525IP Addresses, Interfaces, and Routing526Summary527Strategies for Connecting Your Cisco IronPort Appliance527Firewall Information529Examples533Web Security Appliance Examples533Example 1: Investigating a User534Related Topics538Example 2: Tracking a URL539Related Topics540Example 3: Investigating Top URL Categories Visited540Related Topics544Example 4: Privacy and Hiding User Names544Before Enabling Anonymized User Names544After Enabling the Anonymize Usernames in Reports546Related Topics547Example 5: Upgrading to a New Configuration Master on an Existing Security Management Appliance547Related Topics549Example 6: Importing a Configuration File from an Existing Web Security Appliance549Further Considerations551Related Topics552Example 7: Customizing Access Policies on Remote Web Security Appliances and Managing Them on a Central Security Management Appliance552Set Up the Access Rules555Decide Where the Access Rules Apply559Create the Identities560Create A Custom URL Category for Configuration Master 5.7562Create the Access Policies and Add Identites564Create the Delegated Administrators567Related Topics571IronPort End User License Agreement573Cisco IronPort Systems, LLC Software License Agreement573Index581Tamaño: 9 MBPáginas: 590Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosCisco IronPort AsyncOS 8.0 for Security Management User Guide1Contents3Getting Started19What’s New in This Release19Where to Find More Information20Documentation20Third Party Contributors21Training21Knowledge Base21Cisco Support Community22Customer Support22Cisco Welcomes Your Comments22Security Management Appliance Overview23Setup, Installation, and Basic Configuration24Solution Deployment Overview24SMA Compatibility Matrix25Installation Planning25Network Planning25About Integrating a Security Management Appliance with Email Security Appliances26Deployments with Centralized Management of Email Security Appliances26Preparing for Setup27Physically Setting Up and Connecting the Appliance27Determining Network and IP Address Assignments27Gathering the Setup Information28Accessing the Security Management Appliance29Browser Requirements29Accessing the Web Interface29About Accessing the Web Interfaces29Accessing the Security Management Appliance Command Line Interface30Supported Languages30Running the System Setup Wizard31Before You Begin31Overview of the System Setup Wizard31Launch the System Setup Wizard32Review the End User License Agreement32Configure the System Settings32Entering an Email Address for System Alerts32Setting the Time33Setting the Password33Enabling AutoSupport33Configure the Network Settings33Network Settings34Review Your Configuration34Proceeding to the Next Steps35About Adding Managed Appliances35Editing Managed Appliance Configurations36Removing an Appliance from the List of Managed Appliances37Configuring Services on the Security Management Appliance37Committing and Abandoning Configuration Changes37Working With Reports40Ways to View Reporting Data40How the Security Appliance Gathers Data for Reports41How Reporting Data is Stored41About Reporting and Upgrades42Customizing Your View of Report Data42Viewing Reporting Data for an Appliance or Reporting Group43Choosing a Time Range for Reports43(Web Reports Only) Choosing Which Data to Chart44Customizing Tables on Report Pages45Viewing Details of Transactions Included in Reports45Improving Performance of Email Reports46Printing and Exporting Reporting and Tracking Data47Exporting Report Data as a Comma-Separated Values (CSV) File48Subdomains vs. Second-Level Domains in Reporting and Tracking49Email and Web Reports49Using Centralized Email Security Reporting50Centralized Email Reporting Overview50Setting Up Centralized Email Reporting51Enabling Centralized Email Reporting on the Security Management Appliance51Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance52Creating Email Reporting Groups53Enabling Centralized Email Reporting on Email Security Appliances53Working with Email Report Data53Searching and the Interactive Email Report Pages54Understanding the Email Reporting Pages55Table Column Descriptions for Email Reporting Pages57Email Reporting Overview Page59How Incoming Mail Messages are Counted61How Email Messages Are Categorized by the Appliances61Categorizing Email Messages on Overview Page62Incoming Mail Page63Views Within the Incoming Mail Page63Categorizing Email Messages on Incoming Mail Page64“No Domain Information” Link67Time Ranges in the Mail Trend Graphs67Incoming Mail Details Table68Sender Profile Pages68Sender Groups Report Page72Outgoing Destinations Page73Outgoing Senders Page75Internal Users Page76Internal User Details Page78Searching for a Specific Internal User78DLP Incident Summary Page79DLP Incidents Details Table81DLP Policy Detail Page81Content Filters Page81Content Filter Details Page82Virus Types Page83TLS Connections Page85Inbound SMTP Authentication Page88Rate Limits Page89Outbreak Filters Page90System Capacity Page92How to Interpret the Data You See on System Capacity Page93System Capacity - Workqueue93System Capacity - Incoming Mail94System Capacity - Outgoing Mail95System Capacity - System Load96Note About Memory Page Swapping97System Capacity - All98Reporting Data Availability Page98About Scheduled and On-Demand Email Reports99Additional Report Types101Domain-Based Executive Summary Report101Domain-Based Executive Summary Report Configuration Files103Executive Summary Reports104Scheduling Email Reports104Adding Scheduled Reports104Editing Scheduled Reports105Discontinuing Scheduled Reports106Generating Email Reports On Demand106Viewing and Managing Archived Email Reports107Accessing Archived Reports107Deleting Archived Reports108Using Centralized Web Reporting and Tracking110Centralized Web Reporting Overview110Setting Up Centralized Web Reporting111Enabling Centralized Web Reporting on the Security Management Appliance112Enabling Centralized Web Reporting on Web Security Appliances112Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance112Anonymizing User Names in Web Reports113Working with Interactive Web Reporting Pages116Understanding the Web Reporting Pages116Table Column Descriptions for Web Reports119Web Reporting Overview121Users Report (Web)125User Details (Web Reporting)128Web Sites Report131URL Categories Report133URL Category Set Updates and Reports135Using The URL Categories Page in Conjunction with Other Reporting Pages136Reporting Misclassified and Uncategorized URLs136Application Visibility Report136Understanding the Difference between Application versus Application Types137Anti-Malware Report140Malware Category Report142Malware Threat Report143Malware Category Descriptions144Client Malware Risk Report146Web Reputation Filters Report148What are Web Reputation Filters?148Adjusting Web Reputation Settings151L4 Traffic Monitor Report151SOCKS Proxy Report155Reports by User Location157Web Tracking159Searching for Transactions Processed by Web Proxy Services160Understanding Web Tracking Search Results162Searching for Transactions Processed by the L4 Traffic Monitor163Searching for Transactions Processed by the SOCKS Proxy164About Web Tracking and Upgrades164System Capacity Page164How to Interpret the Data You See on the System Capacity Page165System Capacity - System Load166System Capacity - Network Load168Note About Proxy Buffer Memory Swapping168Data Availability Page169About Scheduled and On-Demand Web Reports170Scheduling Web Reports170Adding Scheduled Reports171Editing Scheduled Reports172Deleting Scheduled Reports172Additional Extended Reports172Top URL Categories-Extended172Top Application Types-Extended173Generating Web Reports on Demand174Viewing and Managing Archived Web Reports175Tracking Email Messages178Tracking Service Overview178Setting Up Centralized Message Tracking179Enabling Centralized Email Tracking on a Security Management Appliance179Configuring Centralized Message Tracking on Email Security Appliances179Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance180Managing Access to Sensitive Information181Searching for Email Messages181Narrowing the Result Set183Understanding Tracking Query Results184Message Details184Envelope and Header Summary185Sending Host Summary185Processing Details185DLP Matched Content Tab185Managing the Cisco IronPort Spam Quarantine188Understanding the Cisco IronPort Spam Quarantine188Setting Up the Centralized Spam Quarantine189Identifying Required IP Addresses189Configuring the Cisco IronPort Spam Quarantine Service on the Security Management Appliance189Configuring Interfaces on the Security Management Appliance191Configuring an Outbound IP Interface on the Security Management Appliance191Configuring the IP Interface for Spam Quarantine Access191Configuring Email Security Appliances for Centralized Spam Quarantine192Configuring the Email Security Appliance for Centralized Spam Quarantine192Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance193Configuring Administrative User Access to the Cisco IronPort Spam Quarantine194Configuring Spam Management Features for End Users195Configuring End User Quarantine Access195Configuring Spam Notifications for End Users196Configuring and Managing the End User Safelist/Blocklist Feature198Enabling and Configuring Safelist/Blocklists on the Security Management Appliance198Configuring Safelist/Blocklist Settings on the Email Security Appliance199Synchronizing Safelist and Blocklist Settings and Databases199Message Delivery for Safelists and Blocklists200Backing Up and Restoring the Safelist/Blocklist Database200Troubleshooting Safelists and Blocklists201Using End User Safelists and Blocklists201Accessing Safelists and Blocklists201Adding Entries to Safelists and Blocklists202Working with Safelists202Working with Blocklists203Managing Messages in the Cisco IronPort Spam Quarantine203Searching for Messages in the Cisco IronPort Spam Quarantine204Searching Large Message Collections204Viewing Messages in the Cisco IronPort Spam Quarantine205Viewing HTML Messages205Viewing Encoded Messages205Delivering Messages in the Cisco IronPort Spam Quarantine205Deleting Messages from the Cisco IronPort Spam Quarantine205Managing Web Security Appliances206About Centralized Configuration Management206Determining the Correct Configuration Publishing Method206Setting Up Configuration Masters207Overview of Setting Up Configuration Masters207Important Notes About Using Configuration Masters208Determine the Configuration Master Version(s) to Use208Enabling Centralized Configuration Management on the Security Management Appliance209Initializing Configuration Masters209About Associating Web Security Appliances to Configuration Masters210Adding Web Security Appliances and Associating Them with Configuration Master Versions210Associating Configuration Master Versions to Web Security Appliances211Configuring Settings to Publish211Importing from an Existing Configuration Master212Importing Settings from a Web Security Appliance212Configuring Web Security Features Directly in Configuration Masters213SMA-Specific Differences when Configuring Features in Configuration Masters214Tip for Working with Identities in Configuration Masters214Ensuring that Features are Enabled Consistently215Comparing Enabled Features215Enabling Features to Publish216Disabling Unused Configuration Masters217Setting Up to Use Advanced File Publishing217Publishing Configurations to Web Security Appliances218Publishing a Configuration Master218Before You Publish a Configuration Master218Publishing a Configuration Master Now219Publishing a Configuration Master Later220Publishing a Configuration Master Using the Command Line Interface221Publishing Configurations Using Advanced File Publishing221Advanced File Publish: Publish Configuration Now221Advanced File Publish: Publish Later222Viewing Status and History of Publishing Jobs223Viewing Scheduled Publishing Jobs223Viewing Status of the Current Publishing Job223Viewing Publish History223Viewing Web Security Appliance Status224Web Appliance Status Page224Appliance Status Page224URL Category Set Updates and Centralized Configuration Management227Understand the Impacts of URL Category Set Updates227Ensure that You Will Receive Alerts about URL Category Set Updates228Be Aware: Before You Set Up Configuration Master 7.5228Specify Default Settings for New and Changed Categories228When the URL Category Set is Updated, Check Your Policy and Identity Settings228Monitoring System Status230Monitoring Security Management Appliance Status230Centralized Services231Email Security232Web Security232Security Appliance Data Transfer Status233System Information234Viewing the Status of Your Managed Appliances235Additional Status Information for Web Security Appliances236Monitoring Capacity of Managed Appliances236Monitoring Reporting Data Availability Status236Monitoring Data Availability on your Email Security Appliances236Monitoring Data Availability on your Web Security Appliances237Monitoring Tracking Data Status237Monitoring Email Tracking Data Status238Monitoring Web Tracking Data Status238Identifying Active TCP/IP Services239Integrating with LDAP240Overview240Configuring LDAP to Work with the Cisco IronPort Spam Quarantine240Creating the LDAP Server Profile241Testing LDAP Servers243Configuring LDAP Queries243LDAP Query Syntax243Tokens244Spam Quarantine End-User Authentication Queries244Sample Active Directory End-User Authentication Settings245Sample OpenLDAP End-User Authentication Settings245Spam Quarantine Alias Consolidation Queries245Sample Active Directory Alias Consolidation Settings246Sample OpenLDAP Alias Consolidation Settings246Testing LDAP Queries247Domain-Based Queries247Creating a Domain-Based Query248Chain Queries249Creating a Chain Query249Configuring AsyncOS to Work With Multiple LDAP Servers250Testing Servers and Queries251Failover251Configuring the Cisco IronPort Appliance for LDAP Failover251Load Balancing252Configuring the Cisco IronPort Appliance for Load Balancing252Configuring External Authentication of Administrative Users Using LDAP253User Accounts Query for Authenticating Administrative Users254Group Membership Queries for Authenticating Administrative Users254Enabling External Authentication of Administrative Users256Configuring SMTP Routing258Routing Email for Local Domains258SMTP Routes Overview258Default SMTP Route259Defining an SMTP Route259SMTP Routes Limits260SMTP Routes and DNS260SMTP Routes, Mail Delivery, and Message Splintering260SMTP Routes and Outbound SMTP Authentication260Managing SMTP Routes on the Security Management Appliance260Adding SMTP Routes261Editing SMTP Routes261Deleting SMTP Routes261Exporting SMTP Routes261Importing SMTP Routes262Distributing Administrative Tasks264About Distributing Administrative Tasks264Assigning User Roles264Predefined User Roles265Custom User Roles267About Custom Email User Roles267Email Reporting267Message Tracking269Quarantines269Creating Custom Email User Roles269Using Custom Email User Roles270About Custom Web User Roles270Creating Custom Web User Roles271Editing Custom Web User Roles272Managing Authentication of Administrative Users272Managing Locally-Defined Administrative Users272Adding Locally-Defined Users273Editing Locally-Defined Users273Deleting Locally-Defined Users274Viewing the List of Locally-Defined Users274Setting and Changing Passwords275Configuring Restrictive User Account and Password Settings275Requiring Users to Change Passwords at Next Login277Locking and Unlocking Local User Accounts278Locking User Accounts Manually278Unlocking User Accounts278External User Authentication279Configuring LDAP Authentication279Enabling RADIUS Authentication279Additional Controls on Access to the Security Management Appliance281Configuring IP-Based Network Access281Direct Connections281Connecting Through a Proxy281Creating the Access List282Configuring the Web UI Session Timeout283Controlling Access to Sensitive DLP Information in Message Tracking284Viewing Administrative User Activity284Viewing Active Sessions Using the Web284Viewing Administrative User Activity via the Command Line Interface285Common Administrative Tasks286Working with Feature Keys287Feature Keys Page287Feature Key Settings Page288Expired Feature Keys288Performing Maintenance Tasks Using CLI Commands288Shutting Down the Security Management Appliance288Rebooting the Security Management Appliance288Placing the Security Management Appliance into a Maintenance State289The suspend and offline Commands289Resuming from an Offline State289The resume Command290Resetting to Factory Defaults290The resetconfig Command290Displaying the Version Information for AsyncOS291Backing Up Your Security Management Appliance291What Data Is Backed Up291Restrictions and Requirements for Backups291Backup Duration292Availability of Services During Backups293Interruption of a Backup Process293Scheduling Single or Recurring Backups294Starting an Immediate Backup295Checking Backup Status296Checking Log Files296Checking Scheduled Backups296Checking the Status of a Backup in Progress297Other Important Backup Tasks297Disaster Recovery on the Security Management Appliance297Restoring Other Data299Upgrading Appliance Hardware299Upgrading AsyncOS301Batch Commands for Upgrades301Determining Network Requirements301Choosing an Upgrade Method: Remote vs. Streaming301Streaming Upgrade Overview302Remote Upgrade Overview302Hardware and Software Requirements for Remote Upgrades303Hosting a Remote Upgrade Image303Important Differences in Remote Upgrading Method304Configuring Upgrade and Service Update Settings304Upgrade and Update Settings305Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies306Configuring the Update and Upgrade Settings from the GUI307Before You Upgrade: Important Steps309Upgrading AsyncOS309After Upgrading310About Reverting to an Earlier Version of AsyncOS310Important Note About Reversion Impact311Reverting AsyncOS311About Updates312About URL Category Set Updates for Cisco IronPort Web Usage Controls313Configuring the Return Address for Generated Messages313Managing Alerts313Overview of Alerts313Alerts: Alert Recipients, Alert Classifications, and Severities313Alert Classifications314Severities314Alert Settings314Sending Duplicate Alerts314Alert Delivery314Cisco IronPort AutoSupport315Alert Messages315Alert From Address315Alert Subject315Example Alert Message315Managing Alert Recipients316Adding New Alert Recipients316Configuring Existing Alert Recipients317Deleting Alert Recipients317Configuring Alert Settings317Editing Alert Settings317Alert Listing318Hardware Alerts318System Alerts318Changing Network Settings321Changing the System Hostname321The sethostname Command321Configuring Domain Name System Settings322Specifying DNS Servers322Multiple Entries and Priority322Using the Internet Root Servers323Reverse DNS Lookup Timeout323DNS Alert323Clearing the DNS Cache323Configuring DNS Settings via the Graphical User Interface324Configuring TCP/IP Traffic Routes324Managing Static Routes in the GUI324Adding Static Routes324Deleting Static Routes324Editing Static Routes325Modifying the Default Gateway (GUI)325Configuring the Default Gateway325Changing the Admin User’s Password325Configuring the System Time326Time Zone Page326Selecting a Time Zone326Selecting a GMT Offset326Updating Time Zone Files327Automatically Updating Time Zone Files327Manually Updating Time Zone Files327Editing Time Settings327Setting the System Time Using a Network Time Protocol (NTP) Server327Setting System Time Manually328Saving and Importing Configuration Settings328Managing Multiple Appliances with XML Configuration Files329Managing Configuration Files329Saving and Exporting the Current Configuration File330Loading a Configuration File330Empty Versus Omitted Tags331Note About Loading Passwords for Log Subscriptions332Note About Character Set Encoding332Resetting the Current Configuration332CLI Commands for Configuration Files332The showconfig, mailconfig, and saveconfig Commands333The loadconfig Command334The publishconfig Command334The backupconfig Command334Uploading Configuration Changes Using the CLI334Managing Disk Usage335Disk Space Maximums and Allocations335Reallocating Disk Space Quotas336Customizing Your View337Setting Preferences337Logging338Logging Overview338Logging Versus Reporting338Log Retrieval339Filename and Directory Structure339Log Rollover and Transfer Schedule339Timestamps in Log Files340Logs Enabled by Default340Log Types341Summary of Log Types341Log Type Comparison344Using Configuration History Logs344Configuration History Log Example345Using CLI Audit Logs345CLI Audit Log Example345Using FTP Server Logs346FTP Server Log Example346Using HTTP Logs346HTTP Log Example346Using Cisco IronPort Spam Quarantine Logs347Cisco IronPort Spam Quarantine Log Example347Using Cisco IronPort Spam Quarantine GUI Logs347Cisco IronPort Spam Quarantine GUI Log Example348Using Cisco IronPort Text Mail Logs348Sample348Examples of Text Mail Log Entries349Message Receiving350Successful Message Delivery Example350Unsuccessful Message Delivery (Hard Bounce)350Soft Bounce with Ultimately Successful Delivery Example350Message Scanning Results (scanconfig)351Message with Attachment351Generated or Rewritten Messages352Sending a Message to the Cisco IronPort Spam Quarantine352Using NTP Logs353NTP Log Example353Using Reporting Logs353Reporting Log Example353Using Reporting Query Logs354Reporting Query Log Example354Using Safelist/Blocklist Logs354Safelist/Blocklist Log Example355Using SMA Logs355Using Status Logs356Reading Status Logs356Status Log Example358Using System Logs358System Log Example358Understanding Tracking Logs358Log Subscriptions359Configuring Log Subscriptions359Setting the Log Level360Creating a Log Subscription in the GUI360Editing Log Subscriptions361Configuring Global Settings for Logging361Logging Message Headers362Configuring Global Settings for Logging by Using the GUI362Rolling Over Log Subscriptions363Rolling Over Logs in Log Subscriptions363Rolling Over Logs Immediately Using the GUI363Rolling Over Logs Immediately via the CLI363Viewing the Most Recent Log Entries in the GUI363Viewing the Most Recent Entries in Logs (tail Command)364Example364Configuring Host Keys365Troubleshooting368Accessing Customer Support from the Security Management Appliance368Technical Support368Creating a Support Request368About Remote Access for Customer Support369Enabling Remote Access for Customer Support369Packet Capture370Starting a Packet Capture370Starting a Packet Capture from the Command Line Prompt370Starting a Packet Capture from the GUI370Editing Packet Capture Settings371Editing a Packet Capture Settings from the Command Line Prompt371Editing Packet Capture Settings from the GUI371IP Interfaces and Accessing the Appliance374IP Interfaces374Configuring IP Interfaces375Creating IP Interfaces Using the GUI376Accessing the Appliance via FTP376Secure Copy (scp) Access379Accessing via a Serial Connection380Assigning Network and IP Addresses382Ethernet Interfaces382Selecting IP Addresses and Netmasks382Sample Interface Configurations383Network 1:383Network 2:383IP Addresses, Interfaces, and Routing384Summary384Strategies for Connecting Your Cisco IronPort Appliance384Firewall Information386Examples388Web Security Appliance Examples388Example 1: Investigating a User388Related Topics392Example 2: Tracking a URL392Related Topics393Example 3: Investigating Top URL Categories Visited393Related Topics395End User License Agreement396Cisco Systems End User License Agreement396Supplemental End User License Agreement for Cisco Systems Content Security Software403Index406Tamaño: 10 MBPáginas: 413Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 8.1 for Cisco Content Security Management User Guide1Contents3Getting Started19What’s New in This Release19Where to Find More Information21Cisco Notification Service21Documentation22Third Party Contributors23Training23Knowledge Base23Cisco Support Community23Customer Support24Registering for a Cisco Account24Cisco Welcomes Your Comments24Cisco Content Security Management Overview24Setup, Installation, and Basic Configuration27Solution Deployment Overview27SMA Compatibility Matrix28Installation Planning28Network Planning28About Integrating a Security Management Appliance with Email Security Appliances29Deployments with Centralized Management of Email Security Appliances29Preparing for Setup30Physically Setting Up and Connecting the Appliance30Determining Network and IP Address Assignments30Gathering the Setup Information31Accessing the Security Management Appliance32Browser Requirements32Accessing the Web Interface32About Accessing the Web Interfaces32Accessing the Security Management Appliance Command Line Interface33Supported Languages33Running the System Setup Wizard34Before You Begin34Overview of the System Setup Wizard34Launch the System Setup Wizard35Review the End User License Agreement35Configure the System Settings35Entering an Email Address for System Alerts35Setting the Time35Setting the Password36Enabling AutoSupport36Configure the Network Settings36Network Settings36Review Your Configuration37Proceeding to the Next Steps37About Adding Managed Appliances37Editing Managed Appliance Configurations38Removing an Appliance from the List of Managed Appliances38Configuring Services on the Security Management Appliance39Committing and Abandoning Configuration Changes39Working With Reports41Ways to View Reporting Data41How the Security Appliance Gathers Data for Reports42How Reporting Data is Stored42About Reporting and Upgrades43Customizing Your View of Report Data43Viewing Reporting Data for an Appliance or Reporting Group44Choosing a Time Range for Reports44(Web Reports Only) Choosing Which Data to Chart45Customizing Tables on Report Pages46Custom Reports46Viewing Details of Messages or Transactions Included in Reports48Improving Performance of Email Reports48Printing and Exporting Reporting and Tracking Data49Exporting Report Data as a Comma-Separated Values (CSV) File51Subdomains vs. Second-Level Domains in Reporting and Tracking52Email and Web Reports52Using Centralized Email Security Reporting53Centralized Email Reporting Overview53Setting Up Centralized Email Reporting54Enabling Centralized Email Reporting on the Security Management Appliance54Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance55Creating Email Reporting Groups56Enabling Centralized Email Reporting on Email Security Appliances56Working with Email Report Data56Searching and the Interactive Email Report Pages57Understanding the Email Reporting Pages58Table Column Descriptions for Email Reporting Pages60Email Reporting Overview Page62How Incoming Mail Messages are Counted64How Email Messages Are Categorized by the Appliances64Categorizing Email Messages on the Overview Page65Incoming Mail Page66Views Within the Incoming Mail Page67Categorizing Email Messages on Incoming Mail Page68“No Domain Information” Link70Time Ranges in the Mail Trend Graphs70Incoming Mail Details Table70Sender Profile Pages71Sender Groups Report Page73Outgoing Destinations Page74Outgoing Senders Page76Internal Users Page78Internal User Details Page80Searching for a Specific Internal User80DLP Incident Summary Page80DLP Incidents Details Table82DLP Policy Detail Page82Content Filters Page83Content Filter Details Page83Virus Types Page84TLS Connections Page86Inbound SMTP Authentication Page88Rate Limits Page89Outbreak Filters Page90System Capacity Page93How to Interpret the Data You See on System Capacity Page93System Capacity - Workqueue94System Capacity - Incoming Mail95System Capacity - Outgoing Mail96System Capacity - System Load97Note About Memory Page Swapping98System Capacity - All99Reporting Data Availability Page99About Scheduled and On-Demand Email Reports100Additional Report Types101Domain-Based Executive Summary Report102Domain-Based Executive Summary Reports and Messages Blocked by Reputation Filtering102Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports102Creating Domain-Based Executive Summary Reports103Executive Summary Report104Scheduling Email Reports104Adding Scheduled Reports105Editing Scheduled Reports106Discontinuing Scheduled Reports106Generating Email Reports On Demand106Viewing and Managing Archived Email Reports107Accessing Archived Reports108Deleting Archived Reports108Using Centralized Web Reporting and Tracking109Centralized Web Reporting Overview109Setting Up Centralized Web Reporting110Enabling Centralized Web Reporting on the Security Management Appliance111Enabling Centralized Web Reporting on Web Security Appliances111Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance111Anonymizing User Names in Web Reports112Working with Interactive Web Reporting Pages115Understanding the Web Reporting Pages115Table Column Descriptions for Web Reports118Web Reporting Overview120Users Report (Web)124User Details (Web Reporting)127Web Sites Report130URL Categories Report132URL Category Set Updates and Reports134Using The URL Categories Page in Conjunction with Other Reporting Pages135Reporting Misclassified and Uncategorized URLs135Application Visibility Report135Understanding the Difference between Application versus Application Types136Anti-Malware Report139Malware Category Report141Malware Threat Report142Malware Category Descriptions143Client Malware Risk Report145Web Reputation Filters Report147What are Web Reputation Filters?147Adjusting Web Reputation Settings150L4 Traffic Monitor Report150SOCKS Proxy Report154Reports by User Location156Web Tracking158Searching for Transactions Processed by Web Proxy Services159Understanding Web Tracking Search Results161Searching for Transactions Processed by the L4 Traffic Monitor162Searching for Transactions Processed by the SOCKS Proxy163About Web Tracking and Upgrades163System Capacity Page163How to Interpret the Data You See on the System Capacity Page164System Capacity - System Load165System Capacity - Network Load167Note About Proxy Buffer Memory Swapping167Data Availability Page168About Scheduled and On-Demand Web Reports169Scheduling Web Reports169Adding Scheduled Reports170Editing Scheduled Reports171Deleting Scheduled Reports171Additional Extended Reports171Top URL Categories-Extended171Top Application Types-Extended172Generating Web Reports on Demand173Viewing and Managing Archived Web Reports174Tracking Email Messages175Tracking Service Overview175Setting Up Centralized Message Tracking176Enabling Centralized Email Tracking on a Security Management Appliance176Configuring Centralized Message Tracking on Email Security Appliances176Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance177Managing Access to Sensitive Information178Checking Message Tracking Data Availability178Searching for Email Messages178Narrowing the Result Set181Understanding Tracking Query Results181Message Details182Envelope and Header Summary182Sending Host Summary182Processing Details183DLP Matched Content Tab183Managing the Cisco IronPort Spam Quarantine185Understanding the Cisco IronPort Spam Quarantine185Setting Up the Centralized Spam Quarantine186Identifying Required IP Addresses186Configuring the Cisco IronPort Spam Quarantine Service on the Security Management Appliance186Configuring Interfaces on the Security Management Appliance188Configuring an Outbound IP Interface on the Security Management Appliance188Configuring the IP Interface for Spam Quarantine Access188Configuring Email Security Appliances for Centralized Spam Quarantine189Configuring the Email Security Appliance for Centralized Spam Quarantine189Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance190Configuring Administrative User Access to the Cisco IronPort Spam Quarantine191Configuring Spam Management Features for End Users192Configuring End User Quarantine Access192Configuring Spam Notifications for End Users193Configuring and Managing the End User Safelist/Blocklist Feature195Enabling and Configuring Safelist/Blocklists on the Security Management Appliance195Configuring Safelist/Blocklist Settings on the Email Security Appliance196Synchronizing Safelist and Blocklist Settings and Databases196Message Delivery for Safelists and Blocklists197Backing Up and Restoring the Safelist/Blocklist Database197Troubleshooting Safelists and Blocklists198Using End User Safelists and Blocklists198Accessing Safelists and Blocklists198Adding Entries to Safelists and Blocklists199Working with Safelists199Working with Blocklists199Managing Messages in the Cisco IronPort Spam Quarantine200Searching for Messages in the Cisco IronPort Spam Quarantine200Searching Large Message Collections201Viewing Messages in the Cisco IronPort Spam Quarantine201Viewing HTML Messages201Viewing Encoded Messages201Delivering Messages in the Cisco IronPort Spam Quarantine201Deleting Messages from the Cisco IronPort Spam Quarantine201Centralized Policy, Virus, and Outbreak Quarantines203Overview of Centralized Quarantines203Quarantine Types204Centralizing Policy, Virus, and Outbreak Quarantines205Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance206Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance207Configuring Migration of Policy, Virus, and Outbreak Quarantines208Designating an Alternate Appliance to Process Released Messages209Configuring Centralized Quarantine Access for Custom User Roles210Disabling Centralized Policy, Virus, and Outbreak Quarantines210Releasing Messages When an Email Security Appliance Is Unavailable210Managing Policy, Virus, and Outbreak Quarantines210Disk Space Allocation for Policy, Virus, and Outbreak Quarantines211Retention Time for Messages in Quarantines211Default Actions for Automatically Processed Quarantined Messages212Checking the Settings of System-Created Quarantines213Creating Policy Quarantines213About Editing Policy, Virus, and Outbreak Quarantine Settings214Determining the Filters and Message Actions to Which a Quarantine Is Assigned215About Deleting Policy Quarantines215Monitoring Quarantine Status, Capacity, and Activity215Alerts About Quarantine Disk-Space Usage216Policy Quarantines and Logging216About Distributing Message Processing Tasks to Other Users217Which User Groups Can Access Quarantines217Working with Messages in Policy, Virus, or Outbreak Quarantines218Viewing Messages in Quarantines218Quarantined Messages and International Character Sets218Finding Messages in Policy, Virus, and Outbreak Quarantines219Manually Processing Messages in a Quarantine219Sending a Copy of the Message220About Moving Messages Between Policy Quarantines220Messages in Multiple Quarantines221Message Details and Viewing Message Content221Viewing Matched Content222Downloading Attachments223About Rescanning of Quarantined Messages223The Outbreak Quarantine224Rescanning Messages in an Outbreak Quarantine224Manage by Rule Summary Link224Reporting False Positives or Suspicious Messages to Cisco Systems224Managing Web Security Appliances227About Centralized Configuration Management227Determining the Correct Configuration Publishing Method227Setting Up Configuration Masters228Overview of Setting Up Configuration Masters228Important Notes About Using Configuration Masters229Determine the Configuration Master Version(s) to Use229Enabling Centralized Configuration Management on the Security Management Appliance230Initializing Configuration Masters230About Associating Web Security Appliances to Configuration Masters231Adding Web Security Appliances and Associating Them with Configuration Master Versions231Associating Configuration Master Versions to Web Security Appliances232Configuring Settings to Publish232Importing from an Existing Configuration Master233Importing Settings from a Web Security Appliance233Configuring Web Security Features Directly in Configuration Masters234SMA-Specific Differences when Configuring Features in Configuration Masters235Tip for Working with Identities in Configuration Masters235Ensuring that Features are Enabled Consistently236Comparing Enabled Features236Enabling Features to Publish237Disabling Unused Configuration Masters238Setting Up to Use Advanced File Publishing238Publishing Configurations to Web Security Appliances239Publishing a Configuration Master239Before You Publish a Configuration Master239Publishing a Configuration Master Now240Publishing a Configuration Master Later241Publishing a Configuration Master Using the Command Line Interface242Publishing Configurations Using Advanced File Publishing242Advanced File Publish: Publish Configuration Now242Advanced File Publish: Publish Later243Viewing Status and History of Publishing Jobs243Viewing Scheduled Publishing Jobs244Viewing Status of the Current Publishing Job244Viewing Publish History244Viewing Web Security Appliance Status244Web Appliance Status Page244Appliance Status Page245URL Category Set Updates and Centralized Configuration Management248Understand the Impacts of URL Category Set Updates248Ensure that You Will Receive Alerts about URL Category Set Updates249Be Aware: Before You Set Up Configuration Master 7.5249Specify Default Settings for New and Changed Categories249When the URL Category Set is Updated, Check Your Policy and Identity Settings249Monitoring System Status251About Security Management Appliance Status251Monitoring Security Management Appliance Capacity252Monitoring the Processing Queue252Monitoring CPU Utilization252Monitoring Status of Data Transfer From Managed Appliances253Viewing the Configuration Status of Your Managed Appliances254Additional Status Information for Web Security Appliances255Monitoring Reporting Data Availability Status255Monitoring Email Security Reporting Data Availability256Monitoring Web Security Reporting Data Availability256Monitoring Email Tracking Data Status257Monitoring Capacity of Managed Appliances258Identifying Active TCP/IP Services258Integrating with LDAP259Overview259Configuring LDAP to Work with the Cisco IronPort Spam Quarantine259Creating the LDAP Server Profile260Testing LDAP Servers262Configuring LDAP Queries262LDAP Query Syntax262Tokens263Spam Quarantine End-User Authentication Queries263Sample Active Directory End-User Authentication Settings264Sample OpenLDAP End-User Authentication Settings264Spam Quarantine Alias Consolidation Queries264Sample Active Directory Alias Consolidation Settings265Sample OpenLDAP Alias Consolidation Settings265Testing LDAP Queries266Domain-Based Queries266Creating a Domain-Based Query267Chain Queries268Creating a Chain Query268Configuring AsyncOS to Work With Multiple LDAP Servers269Testing Servers and Queries270Failover270Configuring the Cisco Content Security Appliance for LDAP Failover270Load Balancing271Configuring the Cisco Content Security Appliance for Load Balancing271Configuring External Authentication of Administrative Users Using LDAP272User Accounts Query for Authenticating Administrative Users273Group Membership Queries for Authenticating Administrative Users273Enabling External Authentication of Administrative Users275Configuring SMTP Routing277Routing Email for Local Domains277SMTP Routes Overview277Default SMTP Route278Defining an SMTP Route278SMTP Routes Limits279SMTP Routes and DNS279SMTP Routes, Mail Delivery, and Message Splintering279SMTP Routes and Outbound SMTP Authentication279Managing SMTP Routes on the Security Management Appliance279Adding SMTP Routes280Editing SMTP Routes280Deleting SMTP Routes280Exporting SMTP Routes280Importing SMTP Routes281Distributing Administrative Tasks283About Distributing Administrative Tasks283Assigning User Roles283Predefined User Roles283Custom User Roles286About Custom Email User Roles286Email Reporting287Message Tracking288Quarantines288Creating Custom Email User Roles288Using Custom Email User Roles289About Custom Web User Roles290Creating Custom Web User Roles290Editing Custom Web User Roles291Deleting Custom User Roles292Managing Authentication of Administrative Users292Changing the Admin User’s Password292Managing Locally-Defined Administrative Users292Adding Locally-Defined Users293Editing Locally-Defined Users293Deleting Locally-Defined Users294Viewing the List of Locally-Defined Users294Setting and Changing Passwords294Setting Password and Login Requirements294Requiring Users to Change Passwords at Next Login296Locking and Unlocking Local User Accounts297Locking User Accounts Manually297Unlocking User Accounts297External User Authentication298Configuring LDAP Authentication298Enabling RADIUS Authentication298Additional Controls on Access to the Security Management Appliance301Configuring IP-Based Network Access301Direct Connections301Connecting Through a Proxy301Creating the Access List301Configuring the Web UI Session Timeout303Controlling Access to Sensitive DLP Information in Message Tracking304Viewing Administrative User Activity304Viewing Active Sessions Using the Web304Viewing Administrative User Activity via the Command Line Interface305Common Administrative Tasks307Performing Administrative Tasks307Working with Feature Keys308Feature Keys Page308Feature Key Settings Page308Expired Feature Keys308Performing Maintenance Tasks Using CLI Commands309Shutting Down the Security Management Appliance309Rebooting the Security Management Appliance309Placing the Security Management Appliance into a Maintenance State309The suspend and offline Commands310Resuming from an Offline State310The resume Command310Resetting the Configuration to Factory Defaults310The resetconfig Command311Displaying the Version Information for AsyncOS311Backing Up Security Management Appliance Data312What Data Is Backed Up312Restrictions and Requirements for Backups312Backup Duration313Availability of Services During Backups314Interruption of a Backup Process314Scheduling Single or Recurring Backups315Starting an Immediate Backup316Checking Backup Status317Checking Log Files317Checking Scheduled Backups317Checking the Status of a Backup in Progress317Other Important Backup Tasks318Disaster Recovery on the Security Management Appliance318Upgrading Appliance Hardware320Upgrading AsyncOS322Batch Commands for Upgrades322Determining Network Requirements for Upgrades and Updates322Choosing an Upgrade Method: Remote vs. Streaming322Streaming Upgrade Overview322Remote Upgrade Overview323Hardware and Software Requirements for Remote Upgrades324Hosting a Remote Upgrade Image324Important Differences in Remote Upgrading Method325Configuring Upgrade and Service Update Settings325Upgrade and Update Settings325Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies326Configuring the Update and Upgrade Settings from the GUI328Before You Upgrade: Important Steps330Upgrading AsyncOS330Viewing Status of, Canceling, or Deleting a Background Download332After Upgrading332About Reverting to an Earlier Version of AsyncOS333Important Note About Reversion Impact333Reverting AsyncOS333About Updates335About URL Category Set Updates for Cisco IronPort Web Usage Controls335Configuring the Return Address for Generated Messages335Managing Alerts335Overview of Alerts336Alerts: Alert Recipients, Alert Classifications, and Severities336Alert Classifications336Severities336Alert Settings336Sending Duplicate Alerts337Alert Delivery337Viewing Recent Alerts337Alert Messages338Alert From Address338Alert Subject338Example Alert Message338Managing Alert Recipients338Configuring Alert Settings339Cisco IronPort AutoSupport339Alert Listing339Hardware Alerts340System Alerts340Changing Network Settings343Changing the System Hostname343The sethostname Command343Configuring Domain Name System Settings343Specifying DNS Servers344Multiple Entries and Priority344Using the Internet Root Servers344Reverse DNS Lookup Timeout345DNS Alert345Clearing the DNS Cache345Configuring DNS Settings via the Graphical User Interface345Configuring TCP/IP Traffic Routes346Managing Static Routes in the GUI346Adding Static Routes346Deleting Static Routes346Editing Static Routes346Modifying the Default Gateway (GUI)347Configuring the Default Gateway347Configuring the System Time347Time Zone Page347Selecting a Time Zone347Selecting a GMT Offset347Updating Time Zone Files348Automatically Updating Time Zone Files348Manually Updating Time Zone Files349Editing System Time Settings349Saving and Importing Configuration Settings349Managing Multiple Appliances with XML Configuration Files350Managing Configuration Files350Saving and Exporting the Current Configuration File351Loading a Configuration File351Empty Versus Omitted Tags352Note About Loading Passwords for Log Subscriptions353Note About Character Set Encoding353Resetting the Current Configuration353Rolling Back to a Previously Committed Configuration353CLI Commands for Configuration Files353The showconfig, mailconfig, and saveconfig Commands354The loadconfig Command355The rollbackconfig Command355The publishconfig Command355Uploading Configuration Changes Using the CLI355Managing Disk Usage356Disk Space Maximums and Allocations356Reallocating Disk Space Quotas357Customizing Your View358Using Favorite Pages358Setting Preferences359Logging361Logging Overview361Logging Versus Reporting361Log Retrieval362Filename and Directory Structure362Log Rollover and Transfer Schedule362Timestamps in Log Files363Logs Enabled by Default363Log Types364Summary of Log Types364Log Type Comparison367Using Configuration History Logs367Configuration History Log Example368Using CLI Audit Logs368CLI Audit Log Example368Using FTP Server Logs369FTP Server Log Example369Using HTTP Logs369HTTP Log Example369Using Cisco IronPort Spam Quarantine Logs370Cisco IronPort Spam Quarantine Log Example370Using Cisco IronPort Spam Quarantine GUI Logs370Cisco IronPort Spam Quarantine GUI Log Example371Using Cisco IronPort Text Mail Logs371Sample371Examples of Text Mail Log Entries372Message Receiving373Successful Message Delivery Example373Unsuccessful Message Delivery (Hard Bounce)373Soft Bounce with Ultimately Successful Delivery Example373Message Scanning Results (scanconfig)374Message with Attachment374Generated or Rewritten Messages375Sending a Message to the Cisco IronPort Spam Quarantine375Using NTP Logs376NTP Log Example376Using Reporting Logs376Reporting Log Example376Using Reporting Query Logs377Reporting Query Log Example377Using Safelist/Blocklist Logs377Safelist/Blocklist Log Example378Using SMA Logs378Using Status Logs379Reading Status Logs379Status Log Example381Using System Logs381System Log Example381Understanding Tracking Logs381Log Subscriptions382Configuring Log Subscriptions382Setting the Log Level383Creating a Log Subscription in the GUI383Editing Log Subscriptions384Configuring Global Settings for Logging384Logging Message Headers385Configuring Global Settings for Logging by Using the GUI385Rolling Over Log Subscriptions386Rolling Over Logs in Log Subscriptions386Rolling Over Logs Immediately Using the GUI386Rolling Over Logs Immediately via the CLI386Viewing the Most Recent Log Entries in the GUI386Viewing the Most Recent Entries in Logs (tail Command)387Example387Configuring Host Keys388Troubleshooting391Collecting System Information391Working with Technical Support391Opening or Updating a Support Case from the Appliance391Enabling Remote Access for Cisco Technical Support Personnel392Enabling Remote Access to Appliances With an Internet Connection392Enabling Remote Access to Appliances Without a Direct Internet Connection393Disabling a Tech Support Tunnel394Disabling Remote Access394Checking the Status of the Support Connection394Running a Packet Capture394IP Interfaces and Accessing the Appliance397IP Interfaces397Configuring IP Interfaces398Creating IP Interfaces Using the GUI399Accessing the Appliance via FTP399Secure Copy (scp) Access402Accessing via a Serial Connection403Assigning Network and IP Addresses405Ethernet Interfaces405Selecting IP Addresses and Netmasks405Sample Interface Configurations406Network 1:406Network 2:406IP Addresses, Interfaces, and Routing407Summary407Strategies for Connecting Your Content Security Appliance407Firewall Information409Examples411Web Security Appliance Examples411Example 1: Investigating a User411Related Topics415Example 2: Tracking a URL415Related Topics416Example 3: Investigating Top URL Categories Visited416Related Topics418End User License Agreement419Cisco Systems End User License Agreement419Supplemental End User License Agreement for Cisco Systems Content Security Software426Index429Tamaño: 10 MBPáginas: 437Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 8.3.6 for Cisco Content Security Management User Guide1Contents3Introduction21What’s New in This Release21What’s New in Release 8.3.622What’s New in Release 8.3.523What’s New in Release 8.3.023Cisco Content Security Management Overview24Setup, Installation, and Basic Configuration27Solution Deployment Overview27SMA Compatibility Matrix28Installation Planning28Network Planning28About Integrating a Security Management Appliance with Email Security Appliances29Deployments with Clustered Email Security Appliances29Preparing for Setup30Physically Setting Up and Connecting the Appliance30Determining Network and IP Address Assignments30Gathering the Setup Information31Accessing the Security Management Appliance32Browser Requirements32About Accessing the Web Interfaces32Accessing the Web Interface33Accessing the Command Line Interface33Supported Languages33Running the System Setup Wizard34Before You Begin34Overview of the System Setup Wizard35Launch the System Setup Wizard35Review the End User License Agreement35Configure the System Settings36Entering an Email Address for System Alerts36Setting the Time36Setting the Password36Enabling AutoSupport36Configure the Network Settings36Network Settings37Review Your Configuration37Proceeding to the Next Steps37About Adding Managed Appliances38Editing Managed Appliance Configurations38Removing an Appliance from the List of Managed Appliances39Configuring Services on the Security Management Appliance39Committing and Abandoning Configuration Changes39Working With Reports41Ways to View Reporting Data41How the Security Appliance Gathers Data for Reports42How Reporting Data is Stored42About Reporting and Upgrades43Customizing Your View of Report Data43Viewing Reporting Data for an Appliance or Reporting Group44Choosing a Time Range for Reports44(Web Reports Only) Choosing Which Data to Chart45Customizing Tables on Report Pages46Custom Reports46Modules That Cannot Be Added to Custom Reports47Creating Your Custom Report Page47Viewing Details of Messages or Transactions Included in Reports48Improving Performance of Email Reports48Printing and Exporting Reporting and Tracking Data50Exporting Report Data as a Comma-Separated Values (CSV) File51Subdomains vs. Second-Level Domains in Reporting and Tracking52Troubleshooting All Reports52Unable to View Report Data on Backup Security Management Appliance53Reporting Is Disabled53Email and Web Reports53Using Centralized Email Security Reporting55Centralized Email Reporting Overview55Setting Up Centralized Email Reporting56Enabling Centralized Email Reporting on the Security Management Appliance56Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance57Creating Email Reporting Groups58Enabling Centralized Email Reporting on Email Security Appliances58Working with Email Report Data58Searching and the Interactive Email Report Pages59Understanding the Email Reporting Pages60Table Column Descriptions for Email Reporting Pages63Email Reporting Overview Page65How Incoming Mail Messages are Counted66How Email Messages Are Categorized by the Appliances66Categorizing Email Messages on the Overview Page66Incoming Mail Page68Views Within the Incoming Mail Page68Categorizing Email Messages on Incoming Mail Page69“No Domain Information” Link71Time Ranges in the Mail Trend Graphs71Incoming Mail Details Table71Sender Profile Pages71Sender Groups Report Page73Outgoing Destinations Page73Outgoing Senders Page74Internal Users Page75Internal User Details Page76Searching for a Specific Internal User77DLP Incidents77DLP Incidents Details Table78DLP Policy Detail Page78Message Filters78High Volume Mail79Content Filters Page79Content Filter Details Page79DMARC Verification80Virus Types Page80URL Filtering Page81Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages81Requirements for File Analysis Report Details82Identifying Files by SHA-256 Hash82File Reputation and File Analysis Report Pages82Viewing File Reputation Filtering Data in Other Reports83TLS Connections Page83Inbound SMTP Authentication Page84Rate Limits Page85Outbreak Filters Page86System Capacity Page87How to Interpret the Data You See on System Capacity Page88System Capacity – Workqueue88System Capacity – Incoming Mail89System Capacity – Outgoing Mail89System Capacity – System Load89Note About Memory Page Swapping89System Capacity – All90Reporting Data Availability Page90About Scheduled and On-Demand Email Reports90Additional Report Types91Domain-Based Executive Summary Report92Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering92Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports92Creating Domain-Based Executive Summary Reports93Executive Summary Report94Scheduling Email Reports94Adding Scheduled Reports95Editing Scheduled Reports96Discontinuing Scheduled Reports96Generating Email Reports On Demand96Viewing and Managing Archived Email Reports97Accessing Archived Reports98Deleting Archived Reports98Troubleshooting Email Reports98Outbreak Filters Reports Do Not Show Information Correctly99Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report99Advanced Malware Protection Verdict Updates Report Results Differ99Issues Viewing File Analysis Report Details99File Analysis Report Details Are Not Available99Error When Viewing File Analysis Report Details99Using Centralized Web Reporting and Tracking101Centralized Web Reporting and Tracking Overview101Setting Up Centralized Web Reporting and Tracking102Enabling Centralized Web Reporting on the Security Management Appliance103Enabling Centralized Web Reporting on Web Security Appliances103Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance103Anonymizing User Names in Web Reports104Working with Web Security Reports105Web Reporting Page Descriptions105About Time Spent108Web Reporting Overview108Users Report (Web)110User Details (Web Reporting)111Web Sites Report113URL Categories Report114Reducing Uncategorized URLs115URL Category Set Updates and Reports115Using The URL Categories Page in Conjunction with Other Reporting Pages116Reporting Misclassified and Uncategorized URLs116Application Visibility Report116Understanding the Difference between Application versus Application Types117Anti-Malware Report118Malware Category Report119Malware Threat Report120Malware Category Descriptions120Advanced Malware Protection (File Reputation and File Analysis) Reports121Requirements for File Analysis Report Details121Identifying Files by SHA-256 Hash122Advanced Malware Protection (File Reputation and File Analysis) Report Pages122Viewing File Reputation Filtering Data in Other Reports123Client Malware Risk Report123Web Reputation Filters Report124What are Web Reputation Filters?124Adjusting Web Reputation Settings126L4 Traffic Monitor Report126SOCKS Proxy Report128Reports by User Location129System Capacity Page130Viewing the System Capacity Report130How to Interpret the Data You See on the System Capacity Page130System Capacity - System Load131System Capacity - Network Load131Note About Proxy Buffer Memory Swapping131Data Availability Page131About Scheduled and On-Demand Web Reports132Scheduling Web Reports133Adding Scheduled Reports133Editing Scheduled Reports134Deleting Scheduled Reports134Additional Extended Reports134Top URL Categories—Extended134Top Application Types—Extended135Generating Web Reports on Demand136Viewing and Managing Archived Web Reports137Web Tracking137Searching for Transactions Processed by Web Proxy Services138Malware Category Descriptions140Searching for Transactions Processed by the L4 Traffic Monitor141Searching for Transactions Processed by the SOCKS Proxy142Working with Web Tracking Search Results142Displaying More Web Tracking Search Results142Understanding Web Tracking Search Results143Viewing Transaction Details for Web Tracking Search Results143About Web Tracking and Advanced Malware Protection Features143About Web Tracking and Upgrades144Troubleshooting Web Reporting and Tracking144Centralized Reporting Is Enabled Properly But Not Working145Advanced Malware Protection Verdict Updates Report Results Differ145Issues Viewing File Analysis Report Details145File Analysis Report Details Are Not Available145Error When Viewing File Analysis Report Details145Expected Data Is Missing from Reporting or Tracking Results145PDF Shows Only a Subset of Web Tracking Data146Troubleshooting L4 Traffic Monitor Reports146Tracking Email Messages147Tracking Service Overview147Setting Up Centralized Message Tracking148Enabling Centralized Email Tracking on a Security Management Appliance148Configuring Centralized Message Tracking on Email Security Appliances148Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance149Managing Access to Sensitive Information150Checking Message Tracking Data Availability150Searching for Email Messages150Narrowing the Result Set153About Message Tracking and Advanced Malware Protection Features153Understanding Tracking Query Results154Message Details154Envelope and Header Summary155Sending Host Summary155Processing Details155DLP Matched Content Tab155Troubleshooting Message Tracking156Expected Messages Are Missing from Search Results156Attachments Do Not Appear in Search Results156Spam Quarantine157Overview of the Spam Quarantine157Local Versus External Spam Quarantine157Setting Up the Centralized Spam Quarantine158Enabling and Configuring the Spam Quarantine158Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance160Configuring an Outbound IP Interface on the Security Management Appliance161Configuring the IP Interface for Browser Access to the Spam Quarantine161Configuring Administrative User Access to the Spam Quarantine162Limiting Which Recipients Have Mail Quarantined163Ensuring That Message Text Displays Correctly163Spam Quarantine Language163Using Safelists and Blocklists to Control Email Delivery Based on Sender163Message Processing of Safelists and Blocklists163Enabling Safelists and Blocklists164External Spam Quarantine and Safelist/Blocklists165Adding Senders and Domains to Safelists and Blocklists (Administrators)165Syntax for Safelists and Blocklist Entries166Clearing All Safelists and Blocklists167About End-User Access to Safelists and Blocklists167Adding Entries to Safelists (End Users)167Adding the Sender of a Quarantined Message to the Safelist167Adding Senders to the Safelist Without a Quarantined Message168Adding Senders to Blocklists (End Users)168Backing Up and Restoring the Safelist/Blocklist168Troubleshooting Safelists and Blocklists169Message from Safelisted Sender Was Not Delivered169Configuring Spam Management Features for End Users170Authentication Options for End Users Accessing Spam Management Features170LDAP Authentication Process171IMAP/POP Authentication Process171Setting Up End-User Access to the Spam Quarantine via Web Browser172Configuring End-User Access to the Spam Quarantine172Determining the URL for End-User Access to the Spam Quarantine173Which Messages an End User Sees173Notifying End Users About Quarantined Messages174Recipient Email Aliases and Spam Notifications175Testing Notifications176Troubleshooting Spam Notifications176User Receives Multiple Notifications176Recipient Does Not Receive Notifications177Managing Messages in the Spam Quarantine177Accessing the Spam Quarantine (Administrative Users)177Searching for Messages in the Spam Quarantine177Searching Very Large Message Collections178Viewing Messages in the Spam Quarantine178Delivering Messages in the Spam Quarantine178Deleting Messages from the Spam Quarantine178Disk Space for the Spam Quarantine179About Disabling the External Spam Quarantine179Troubleshooting Spam Quarantine Features179Centralized Policy, Virus, and Outbreak Quarantines181Overview of Centralized Quarantines181Quarantine Types182Centralizing Policy, Virus, and Outbreak Quarantines183Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance184Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance185Configuring Migration of Policy, Virus, and Outbreak Quarantines186Designating an Alternate Appliance to Process Released Messages187Configuring Centralized Quarantine Access for Custom User Roles188Disabling Centralized Policy, Virus, and Outbreak Quarantines188Releasing Messages When an Email Security Appliance Is Unavailable188Managing Policy, Virus, and Outbreak Quarantines188Disk Space Allocation for Policy, Virus, and Outbreak Quarantines189Retention Time for Messages in Quarantines189Default Actions for Automatically Processed Quarantined Messages190Checking the Settings of System-Created Quarantines191Creating Policy Quarantines191About Editing Policy, Virus, and Outbreak Quarantine Settings193Determining the Filters and Message Actions to Which a Quarantine Is Assigned193About Deleting Policy Quarantines193Monitoring Quarantine Status, Capacity, and Activity194Alerts About Quarantine Disk-Space Usage194Policy Quarantines and Logging195About Distributing Message Processing Tasks to Other Users195Which User Groups Can Access Policy, Virus, and Outbreak Quarantines195Working with Messages in Policy, Virus, or Outbreak Quarantines196Viewing Messages in Quarantines196Quarantined Messages and International Character Sets197Finding Messages in Policy, Virus, and Outbreak Quarantines197Manually Processing Messages in a Quarantine198Sending a Copy of the Message198About Moving Messages Between Policy Quarantines199Messages in Multiple Quarantines199Message Details and Viewing Message Content200Viewing Matched Content200Downloading Attachments201About Rescanning of Quarantined Messages201The Outbreak Quarantine202Rescanning Messages in an Outbreak Quarantine202Manage by Rule Summary Link202Reporting False Positives or Suspicious Messages to Cisco Systems203Troubleshooting Centralized Policy Quarantines203Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions203Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned203Managing Web Security Appliances205About Centralized Configuration Management205Determining the Correct Configuration Publishing Method205Setting Up Configuration Masters to Centrally Manage Web Security Appliances206Important Notes About Using Configuration Masters207Determine the Configuration Master Versions to Use207Enabling Centralized Configuration Management on the Security Management Appliance208Initializing Configuration Masters208About Associating Web Security Appliances to Configuration Masters208Adding Web Security Appliances and Associating Them with Configuration Master Versions209Associating Configuration Master Versions to Web Security Appliances210Configuring Settings to Publish210Importing from an Existing Configuration Master211Importing Settings from a Web Security Appliance212Configuring Web Security Features Directly in Configuration Masters212SMA-Specific Differences when Configuring Features in Configuration Masters213Tip for Working with Identities in Configuration Masters214Ensuring that Features are Enabled Consistently215Comparing Enabled Features215Enabling Features to Publish216Disabling Unused Configuration Masters217Setting Up to Use Advanced File Publishing217Publishing Configurations to Web Security Appliances217Publishing a Configuration Master217Before You Publish a Configuration Master218Publishing a Configuration Master Now219Publishing a Configuration Master Later220Publishing a Configuration Master Using the Command Line Interface221Publishing Configurations Using Advanced File Publishing221Advanced File Publish: Publish Configuration Now222Advanced File Publish: Publish Later222Viewing Status and History of Publishing Jobs223Viewing Publish History223Viewing Web Security Appliance Status224Viewing a Summary of Status of Web Appliances224Viewing Status of Individual Web Security Appliances224Web Appliance Status Details224Preparing For and Managing URL Category Set Updates225Understand the Impacts of URL Category Set Updates225Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates226Specify Default Settings for New and Changed Categories226When the URL Category Set is Updated, Check Your Policy and Identity Settings226Troubleshooting Configuration Management Issues226In Configuration Master > Identities, Groups Are Not Available227Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected227Troubleshooting Configuration Publishing Failures227Monitoring System Status229About Security Management Appliance Status229Monitoring Security Management Appliance Capacity230Monitoring the Processing Queue230Monitoring CPU Utilization230Monitoring Status of Data Transfer From Managed Appliances231Viewing the Configuration Status of Your Managed Appliances232Additional Status Information for Web Security Appliances232Monitoring Reporting Data Availability Status232Monitoring Email Security Reporting Data Availability233Monitoring Web Security Reporting Data Availability233Monitoring Email Tracking Data Status234Monitoring Capacity of Managed Appliances234Identifying Active TCP/IP Services234Integrating with LDAP237Overview237Configuring LDAP to Work with the Spam Quarantine237Creating the LDAP Server Profile238Testing LDAP Servers240Configuring LDAP Queries240LDAP Query Syntax240Tokens241Spam Quarantine End-User Authentication Queries241Sample Active Directory End-User Authentication Settings242Sample OpenLDAP End-User Authentication Settings242Spam Quarantine Alias Consolidation Queries242Sample Active Directory Alias Consolidation Settings243Sample OpenLDAP Alias Consolidation Settings243Testing LDAP Queries244Domain-Based Queries244Creating a Domain-Based Query245Chain Queries246Creating a Chain Query246Configuring AsyncOS to Work With Multiple LDAP Servers247Testing Servers and Queries248Failover248Configuring the Cisco Content Security Appliance for LDAP Failover248Load Balancing249Configuring the Cisco Content Security Appliance for Load Balancing249Configuring External Authentication of Administrative Users Using LDAP250User Accounts Query for Authenticating Administrative Users251Group Membership Queries for Authenticating Administrative Users251Enabling External Authentication of Administrative Users253Configuring SMTP Routing255SMTP Routes Overview255SMTP Routes, Mail Delivery, and Message Splintering256SMTP Routes and Outbound SMTP Authentication256Routing Email for Local Domains256Default SMTP Route256Managing SMTP Routes257Defining an SMTP Route257SMTP Routes Limits257Adding SMTP Routes257Exporting SMTP Routes258Importing SMTP Routes258SMTP Routes and DNS260Distributing Administrative Tasks261About Distributing Administrative Tasks261Assigning User Roles261Predefined User Roles261Custom User Roles264About Custom Email User Roles264Email Reporting265Message Tracking266Quarantines266Creating Custom Email User Roles266Using Custom Email User Roles267About Custom Web User Roles268Creating Custom Web User Roles268Editing Custom Web User Roles269Deleting Custom User Roles270About Authenticating Administrative Users270Changing the Admin User’s Password270Managing Locally-Defined Administrative Users270Adding Locally-Defined Users271Editing Locally-Defined Users271Deleting Locally-Defined Users272Viewing the List of Locally-Defined Users272Setting and Changing Passwords272Setting Password and Login Requirements272Requiring Users to Change Passwords at Next Login275Locking and Unlocking Local User Accounts276Locking User Accounts Manually276Unlocking User Accounts276External User Authentication277Configuring LDAP Authentication277Enabling RADIUS Authentication277Additional Controls on Access to the Security Management Appliance280Configuring IP-Based Network Access280Direct Connections280Connecting Through a Proxy280Creating the Access List280Configuring the Web UI Session Timeout282Controlling Access to Sensitive DLP Information in Message Tracking283Viewing Administrative User Activity283Viewing Active Sessions Using the Web283Viewing Administrative User Activity via the Command Line Interface284Troubleshooting Administrative User Access285Error: User Has No Access Privileges Assigned285User Has No Active Menus285Externally-Authenticated Users See Preferences Option285Common Administrative Tasks287Performing Administrative Tasks287Working with Feature Keys288Performing Maintenance Tasks Using CLI Commands288Shutting Down the Security Management Appliance288Rebooting the Security Management Appliance289Placing the Security Management Appliance into a Maintenance State289The suspend and offline Commands289Resuming from an Offline State290The resume Command290Resetting the Configuration to Factory Defaults290The resetconfig Command291Displaying the Version Information for AsyncOS291Enabling Remote Power Management292Backing Up Security Management Appliance Data293What Data Is Backed Up293Restrictions and Requirements for Backups293Backup Duration294Availability of Services During Backups294Interruption of a Backup Process295Scheduling Single or Recurring Backups295Starting an Immediate Backup296Checking Backup Status298Backup Information in Log Files298Other Important Backup Tasks298Disaster Recovery on the Security Management Appliance298Upgrading Appliance Hardware300Upgrading AsyncOS302Batch Commands for Upgrades302Determining Network Requirements for Upgrades and Updates302Choosing an Upgrade Method: Remote vs. Streaming303Streaming Upgrade Overview303Remote Upgrade Overview303Hardware and Software Requirements for Remote Upgrades304Hosting a Remote Upgrade Image305Important Differences in Remote Upgrading Method305Configuring Upgrade and Service Update Settings305Upgrade and Update Settings306Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies307Configuring the Update and Upgrade Settings from the GUI308Upgrade Notifications309Before You Upgrade: Important Steps309Upgrading AsyncOS310Viewing Status of, Canceling, or Deleting a Background Download312After Upgrading312About Reverting to an Earlier Version of AsyncOS312Important Note About Reversion Impact313Reverting AsyncOS313About Updates315About URL Category Set Updates for Web Usage Controls315Configuring the Return Address for Generated Messages315Managing Alerts315Alert Types and Severities316Alert Delivery316Viewing Recent Alerts317About Duplicate Alerts317Cisco AutoSupport317Hardware Alert Descriptions318System Alert Descriptions318Changing Network Settings321Changing the System Hostname321The sethostname Command321Configuring Domain Name System Settings322Specifying DNS Servers322Multiple Entries and Priority322Using the Internet Root Servers323Reverse DNS Lookup Timeout323DNS Alert323Clearing the DNS Cache323Configuring DNS Settings via the Graphical User Interface324Configuring TCP/IP Traffic Routes324Managing Static Routes in the GUI324Modifying the Default Gateway (GUI)324Configuring the Default Gateway325Configuring the System Time325Using a Network Time Protocol (NTP) Server325Selecting a GMT Offset326Updating Time Zone Files326Automatically Updating Time Zone Files326Manually Updating Time Zone Files326Saving and Importing Configuration Settings327Managing Multiple Appliances with XML Configuration Files327Managing Configuration Files328Saving and Exporting the Current Configuration File328Loading a Configuration File328Empty Versus Omitted Tags330Note About Loading Passwords for Log Subscriptions330Note About Character Set Encoding330Resetting the Current Configuration330Rolling Back to a Previously Committed Configuration330CLI Commands for Configuration Files331The showconfig, mailconfig, and saveconfig Commands331The loadconfig Command332The rollbackconfig Command332The publishconfig Command332Uploading Configuration Changes Using the CLI333Managing Disk Usage334Disk Space Maximums and Allocations334Reallocating Disk Space Quotas335Customizing Your View335Using Favorite Pages335Setting Preferences336Logging337Logging Overview337Logging Versus Reporting337Log Retrieval338Filename and Directory Structure338Log Rollover and Transfer Schedule338Timestamps in Log Files339Logs Enabled by Default339Log Types340Summary of Log Types340Log Type Comparison343Using Configuration History Logs343Using CLI Audit Logs344Using FTP Server Logs345Using HTTP Logs345Using Spam Quarantine Logs346Using Spam Quarantine GUI Logs346Using Text Mail Logs347Sample Text Mail Log347Examples of Text Mail Log Entries348Message Receiving349Successful Message Delivery Example349Unsuccessful Message Delivery (Hard Bounce)349Soft Bounce with Ultimately Successful Delivery Example349Message Scanning Results (scanconfig)350Message with Attachment350Generated or Rewritten Messages351Sending a Message to the Spam Quarantine351Using NTP Logs352Using Reporting Logs352Using Reporting Query Logs353Using Safelist/Blocklist Logs353Using SMA Logs354Using Status Logs355Using System Logs357Understanding Tracking Logs357Log Subscriptions357Configuring Log Subscriptions358Setting the Log Level358Creating a Log Subscription in the GUI359Editing Log Subscriptions360Configuring Global Settings for Logging360Logging Message Headers361Configuring Global Settings for Logging by Using the GUI361Rolling Over Log Subscriptions362Rolling Over Logs in Log Subscriptions362Rolling Over Logs Immediately Using the GUI362Rolling Over Logs Immediately via the CLI362Viewing the Most Recent Log Entries in the GUI362Viewing the Most Recent Entries in Logs (tail Command)362Configuring Host Keys363Troubleshooting367Collecting System Information367Troubleshooting Feature Setup Issues367General Troubleshooting Resources367Troubleshooting Performance Issues on Managed Appliances368Troubleshooting Issues with Specific Features368Working with Technical Support369Opening or Updating a Support Case from the Appliance369Enabling Remote Access for Cisco Technical Support Personnel370Enabling Remote Access to Appliances With an Internet Connection370Enabling Remote Access to Appliances Without a Direct Internet Connection371Disabling a Tech Support Tunnel371Disabling Remote Access371Checking the Status of the Support Connection372Running a Packet Capture372Remotely Resetting Appliance Power373IP Interfaces and Accessing the Appliance375IP Interfaces375Configuring IP Interfaces375Creating IP Interfaces Using the GUI376Accessing the Appliance via FTP377Secure Copy (scp) Access379Accessing via a Serial Connection380Assigning Network and IP Addresses381Ethernet Interfaces381Selecting IP Addresses and Netmasks381Sample Interface Configurations382IP Addresses, Interfaces, and Routing382Summary383Strategies for Connecting Your Content Security Appliance383Firewall Information385Web Security Management Examples387Web Security Appliance Examples387Example 1: Investigating a User387Related Topics388Example 2: Tracking a URL389Related Topics389Example 3: Investigating Top URL Categories Visited389Related Topics390Additional Resources391Cisco Notification Service391Documentation391Third Party Contributors392Training393Knowledge Base393Cisco Support Community393Customer Support393Registering for a Cisco Account394Cisco Welcomes Your Comments394End User License Agreement395Cisco Systems End User License Agreement395Supplemental End User License Agreement for Cisco Systems Content Security Software402Index405Tamaño: 4 MBPáginas: 414Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 8.3 for Cisco Content Security Management User Guide1Contents3Introduction21What’s New in This Release21Cisco Content Security Management Overview22Setup, Installation, and Basic Configuration25Solution Deployment Overview25SMA Compatibility Matrix26Installation Planning26Network Planning26About Integrating a Security Management Appliance with Email Security Appliances27Deployments with Clustered Email Security Appliances27Preparing for Setup28Physically Setting Up and Connecting the Appliance28Determining Network and IP Address Assignments28Gathering the Setup Information29Accessing the Security Management Appliance30Browser Requirements30About Accessing the Web Interfaces30Accessing the Web Interface31Accessing the Command Line Interface31Supported Languages31Running the System Setup Wizard32Before You Begin32Overview of the System Setup Wizard33Launch the System Setup Wizard33Review the End User License Agreement33Configure the System Settings34Entering an Email Address for System Alerts34Setting the Time34Setting the Password34Enabling AutoSupport34Configure the Network Settings34Network Settings35Review Your Configuration35Proceeding to the Next Steps35About Adding Managed Appliances36Editing Managed Appliance Configurations36Removing an Appliance from the List of Managed Appliances37Configuring Services on the Security Management Appliance37Committing and Abandoning Configuration Changes37Working With Reports39Ways to View Reporting Data39How the Security Appliance Gathers Data for Reports40How Reporting Data is Stored40About Reporting and Upgrades41Customizing Your View of Report Data41Viewing Reporting Data for an Appliance or Reporting Group42Choosing a Time Range for Reports42(Web Reports Only) Choosing Which Data to Chart43Customizing Tables on Report Pages44Custom Reports44Modules That Cannot Be Added to Custom Reports45Creating Your Custom Report Page45Viewing Details of Messages or Transactions Included in Reports46Improving Performance of Email Reports46Printing and Exporting Reporting and Tracking Data48Exporting Report Data as a Comma-Separated Values (CSV) File49Subdomains vs. Second-Level Domains in Reporting and Tracking50Troubleshooting All Reports50Unable to View Report Data on Backup Security Management Appliance51Reporting Is Disabled51Email and Web Reports51Using Centralized Email Security Reporting53Centralized Email Reporting Overview53Setting Up Centralized Email Reporting54Enabling Centralized Email Reporting on the Security Management Appliance54Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance55Creating Email Reporting Groups56Enabling Centralized Email Reporting on Email Security Appliances56Working with Email Report Data56Searching and the Interactive Email Report Pages57Understanding the Email Reporting Pages58Table Column Descriptions for Email Reporting Pages61Email Reporting Overview Page62How Incoming Mail Messages are Counted63How Email Messages Are Categorized by the Appliances63Categorizing Email Messages on the Overview Page64Incoming Mail Page65Views Within the Incoming Mail Page66Categorizing Email Messages on Incoming Mail Page67“No Domain Information” Link68Time Ranges in the Mail Trend Graphs69Incoming Mail Details Table69Sender Profile Pages69Sender Groups Report Page70Outgoing Destinations Page71Outgoing Senders Page72Internal Users Page73Internal User Details Page74Searching for a Specific Internal User74DLP Incidents74DLP Incidents Details Table75DLP Policy Detail Page75Message Filters76High Volume Mail76Content Filters Page76Content Filter Details Page77DMARC Verification77Virus Types Page77URL Filtering Page78TLS Connections Page79Inbound SMTP Authentication Page80Rate Limits Page81Outbreak Filters Page81System Capacity Page83How to Interpret the Data You See on System Capacity Page83System Capacity – Workqueue84System Capacity – Incoming Mail84System Capacity – Outgoing Mail84System Capacity – System Load84Note About Memory Page Swapping85System Capacity – All85Reporting Data Availability Page85About Scheduled and On-Demand Email Reports85Additional Report Types87Domain-Based Executive Summary Report87Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering87Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports88Creating Domain-Based Executive Summary Reports88Executive Summary Report89Scheduling Email Reports90Adding Scheduled Reports90Editing Scheduled Reports91Discontinuing Scheduled Reports91Generating Email Reports On Demand92Viewing and Managing Archived Email Reports93Accessing Archived Reports93Deleting Archived Reports93Troubleshooting Email Reports94Outbreak Filters Reports Do Not Show Information Correctly94Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report94Using Centralized Web Reporting and Tracking95Centralized Web Reporting and Tracking Overview95Setting Up Centralized Web Reporting and Tracking96Enabling Centralized Web Reporting on the Security Management Appliance97Enabling Centralized Web Reporting on Web Security Appliances97Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance97Anonymizing User Names in Web Reports98Working with Web Security Reports99Web Reporting Page Descriptions99About Time Spent102Web Reporting Overview102Users Report (Web)104User Details (Web Reporting)105Web Sites Report107URL Categories Report108Reducing Uncategorized URLs109URL Category Set Updates and Reports109Using The URL Categories Page in Conjunction with Other Reporting Pages110Reporting Misclassified and Uncategorized URLs110Application Visibility Report110Understanding the Difference between Application versus Application Types111Anti-Malware Report112Malware Category Report113Malware Threat Report114Malware Category Descriptions114Client Malware Risk Report115Web Reputation Filters Report116What are Web Reputation Filters?116Adjusting Web Reputation Settings118L4 Traffic Monitor Report118SOCKS Proxy Report120Reports by User Location121System Capacity Page122Viewing the System Capacity Report122How to Interpret the Data You See on the System Capacity Page122System Capacity - System Load123System Capacity - Network Load123Note About Proxy Buffer Memory Swapping123Data Availability Page123About Scheduled and On-Demand Web Reports124Scheduling Web Reports125Adding Scheduled Reports125Editing Scheduled Reports126Deleting Scheduled Reports126Additional Extended Reports126Top URL Categories—Extended126Top Application Types—Extended127Generating Web Reports on Demand128Viewing and Managing Archived Web Reports129Web Tracking129Searching for Transactions Processed by Web Proxy Services130Searching for Transactions Processed by the L4 Traffic Monitor134Searching for Transactions Processed by the SOCKS Proxy135Working with Web Tracking Search Results135Displaying More Web Tracking Search Results135Understanding Web Tracking Search Results136Viewing Transaction Details for Web Tracking Search Results136About Web Tracking and Upgrades136Troubleshooting Web Reporting and Tracking136Centralized Reporting Is Enabled Properly But Not Working137Expected Data Is Missing from Reporting or Tracking Results137PDF Shows Only a Subset of Web Tracking Data137Troubleshooting L4 Traffic Monitor Reports137Tracking Email Messages139Tracking Service Overview139Setting Up Centralized Message Tracking140Enabling Centralized Email Tracking on a Security Management Appliance140Configuring Centralized Message Tracking on Email Security Appliances140Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance141Managing Access to Sensitive Information142Checking Message Tracking Data Availability142Searching for Email Messages142Narrowing the Result Set145Understanding Tracking Query Results145Message Details146Envelope and Header Summary146Sending Host Summary146Processing Details147DLP Matched Content Tab147Troubleshooting Message Tracking147Expected Messages Are Missing from Search Results147Attachments Do Not Appear in Search Results148Spam Quarantine149Overview of the Spam Quarantine149Local Versus External Spam Quarantine149Setting Up the Centralized Spam Quarantine150Enabling and Configuring the Spam Quarantine150Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance152Configuring an Outbound IP Interface on the Security Management Appliance153Configuring the IP Interface for Browser Access to the Spam Quarantine153Configuring Administrative User Access to the Spam Quarantine154Limiting Which Recipients Have Mail Quarantined155Ensuring That Message Text Displays Correctly155Spam Quarantine Language155Using Safelists and Blocklists to Control Email Delivery Based on Sender155Message Processing of Safelists and Blocklists155Enabling Safelists and Blocklists156External Spam Quarantine and Safelist/Blocklists157Adding Senders and Domains to Safelists and Blocklists (Administrators)157Syntax for Safelists and Blocklist Entries158Clearing All Safelists and Blocklists159About End-User Access to Safelists and Blocklists159Adding Entries to Safelists (End Users)159Adding the Sender of a Quarantined Message to the Safelist159Adding Senders to the Safelist Without a Quarantined Message160Adding Senders to Blocklists (End Users)160Backing Up and Restoring the Safelist/Blocklist160Troubleshooting Safelists and Blocklists161Message from Safelisted Sender Was Not Delivered161Configuring Spam Management Features for End Users162Authentication Options for End Users Accessing Spam Management Features162LDAP Authentication Process163IMAP/POP Authentication Process163Setting Up End-User Access to the Spam Quarantine via Web Browser164Configuring End-User Access to the Spam Quarantine164Determining the URL for End-User Access to the Spam Quarantine165Which Messages an End User Sees165Notifying End Users About Quarantined Messages166Recipient Email Aliases and Spam Notifications167Testing Notifications168Troubleshooting Spam Notifications168User Receives Multiple Notifications168Recipient Does Not Receive Notifications169Managing Messages in the Spam Quarantine169Accessing the Spam Quarantine (Administrative Users)169Searching for Messages in the Spam Quarantine169Searching Very Large Message Collections170Viewing Messages in the Spam Quarantine170Delivering Messages in the Spam Quarantine170Deleting Messages from the Spam Quarantine170Disk Space for the Spam Quarantine171About Disabling the External Spam Quarantine171Troubleshooting Spam Quarantine Features171Centralized Policy, Virus, and Outbreak Quarantines173Overview of Centralized Quarantines173Quarantine Types174Centralizing Policy, Virus, and Outbreak Quarantines175Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance176Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance177Configuring Migration of Policy, Virus, and Outbreak Quarantines178Designating an Alternate Appliance to Process Released Messages179Configuring Centralized Quarantine Access for Custom User Roles180Disabling Centralized Policy, Virus, and Outbreak Quarantines180Releasing Messages When an Email Security Appliance Is Unavailable180Managing Policy, Virus, and Outbreak Quarantines180Disk Space Allocation for Policy, Virus, and Outbreak Quarantines181Retention Time for Messages in Quarantines181Default Actions for Automatically Processed Quarantined Messages182Checking the Settings of System-Created Quarantines183Creating Policy Quarantines183About Editing Policy, Virus, and Outbreak Quarantine Settings185Determining the Filters and Message Actions to Which a Quarantine Is Assigned185About Deleting Policy Quarantines185Monitoring Quarantine Status, Capacity, and Activity186Alerts About Quarantine Disk-Space Usage186Policy Quarantines and Logging187About Distributing Message Processing Tasks to Other Users187Which User Groups Can Access Policy, Virus, and Outbreak Quarantines187Working with Messages in Policy, Virus, or Outbreak Quarantines188Viewing Messages in Quarantines188Quarantined Messages and International Character Sets189Finding Messages in Policy, Virus, and Outbreak Quarantines189Manually Processing Messages in a Quarantine190Sending a Copy of the Message190About Moving Messages Between Policy Quarantines191Messages in Multiple Quarantines191Message Details and Viewing Message Content192Viewing Matched Content192Downloading Attachments193About Rescanning of Quarantined Messages193The Outbreak Quarantine194Rescanning Messages in an Outbreak Quarantine194Manage by Rule Summary Link194Reporting False Positives or Suspicious Messages to Cisco Systems194Troubleshooting Centralized Policy Quarantines195Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions195Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned195Managing Web Security Appliances197About Centralized Configuration Management197Determining the Correct Configuration Publishing Method197Setting Up Configuration Masters to Centrally Manage Web Security Appliances198Important Notes About Using Configuration Masters199Determine the Configuration Master Versions to Use199Enabling Centralized Configuration Management on the Security Management Appliance199Initializing Configuration Masters200About Associating Web Security Appliances to Configuration Masters200Adding Web Security Appliances and Associating Them with Configuration Master Versions201Associating Configuration Master Versions to Web Security Appliances201Configuring Settings to Publish202Importing from an Existing Configuration Master203Importing Settings from a Web Security Appliance203Configuring Web Security Features Directly in Configuration Masters204SMA-Specific Differences when Configuring Features in Configuration Masters204Tip for Working with Identities in Configuration Masters205Ensuring that Features are Enabled Consistently206Comparing Enabled Features206Enabling Features to Publish207Disabling Unused Configuration Masters208Setting Up to Use Advanced File Publishing208Publishing Configurations to Web Security Appliances208Publishing a Configuration Master208Before You Publish a Configuration Master209Publishing a Configuration Master Now210Publishing a Configuration Master Later211Publishing a Configuration Master Using the Command Line Interface212Publishing Configurations Using Advanced File Publishing212Advanced File Publish: Publish Configuration Now213Advanced File Publish: Publish Later213Viewing Status and History of Publishing Jobs214Viewing Publish History214Viewing Web Security Appliance Status215Viewing a Summary of Status of Web Appliances215Viewing Status of Individual Web Security Appliances215Web Appliance Status Details215Preparing For and Managing URL Category Set Updates216Understand the Impacts of URL Category Set Updates216Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates217Specify Default Settings for New and Changed Categories217When the URL Category Set is Updated, Check Your Policy and Identity Settings217Troubleshooting Configuration Management Issues217In Configuration Master > Identities, Groups Are Not Available218Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected218Troubleshooting Configuration Publishing Failures218Monitoring System Status219About Security Management Appliance Status219Monitoring Security Management Appliance Capacity220Monitoring the Processing Queue220Monitoring CPU Utilization220Monitoring Status of Data Transfer From Managed Appliances221Viewing the Configuration Status of Your Managed Appliances222Additional Status Information for Web Security Appliances222Monitoring Reporting Data Availability Status222Monitoring Email Security Reporting Data Availability223Monitoring Web Security Reporting Data Availability223Monitoring Email Tracking Data Status224Monitoring Capacity of Managed Appliances224Identifying Active TCP/IP Services224Integrating with LDAP225Overview225Configuring LDAP to Work with the Spam Quarantine225Creating the LDAP Server Profile226Testing LDAP Servers228Configuring LDAP Queries228LDAP Query Syntax228Tokens229Spam Quarantine End-User Authentication Queries229Sample Active Directory End-User Authentication Settings230Sample OpenLDAP End-User Authentication Settings230Spam Quarantine Alias Consolidation Queries230Sample Active Directory Alias Consolidation Settings231Sample OpenLDAP Alias Consolidation Settings231Testing LDAP Queries232Domain-Based Queries232Creating a Domain-Based Query233Chain Queries234Creating a Chain Query234Configuring AsyncOS to Work With Multiple LDAP Servers235Testing Servers and Queries236Failover236Configuring the Cisco Content Security Appliance for LDAP Failover236Load Balancing237Configuring the Cisco Content Security Appliance for Load Balancing237Configuring External Authentication of Administrative Users Using LDAP238User Accounts Query for Authenticating Administrative Users239Group Membership Queries for Authenticating Administrative Users239Enabling External Authentication of Administrative Users241Configuring SMTP Routing243SMTP Routes Overview243SMTP Routes, Mail Delivery, and Message Splintering244SMTP Routes and Outbound SMTP Authentication244Routing Email for Local Domains244Default SMTP Route244Managing SMTP Routes245Defining an SMTP Route245SMTP Routes Limits245Adding SMTP Routes245Exporting SMTP Routes246Importing SMTP Routes246SMTP Routes and DNS248Distributing Administrative Tasks249About Distributing Administrative Tasks249Assigning User Roles249Predefined User Roles249Custom User Roles252About Custom Email User Roles252Email Reporting253Message Tracking254Quarantines254Creating Custom Email User Roles254Using Custom Email User Roles255About Custom Web User Roles256Creating Custom Web User Roles256Editing Custom Web User Roles257Deleting Custom User Roles258About Authenticating Administrative Users258Changing the Admin User’s Password258Managing Locally-Defined Administrative Users258Adding Locally-Defined Users259Editing Locally-Defined Users259Deleting Locally-Defined Users260Viewing the List of Locally-Defined Users260Setting and Changing Passwords260Setting Password and Login Requirements260Requiring Users to Change Passwords at Next Login263Locking and Unlocking Local User Accounts264Locking User Accounts Manually264Unlocking User Accounts264External User Authentication265Configuring LDAP Authentication265Enabling RADIUS Authentication265Additional Controls on Access to the Security Management Appliance268Configuring IP-Based Network Access268Direct Connections268Connecting Through a Proxy268Creating the Access List268Configuring the Web UI Session Timeout270Controlling Access to Sensitive DLP Information in Message Tracking271Viewing Administrative User Activity271Viewing Active Sessions Using the Web271Viewing Administrative User Activity via the Command Line Interface272Troubleshooting Administrative User Access273Error: User Has No Access Privileges Assigned273User Has No Active Menus273Externally-Authenticated Users See Preferences Option273Common Administrative Tasks275Performing Administrative Tasks275Working with Feature Keys276Performing Maintenance Tasks Using CLI Commands276Shutting Down the Security Management Appliance276Rebooting the Security Management Appliance277Placing the Security Management Appliance into a Maintenance State277The suspend and offline Commands277Resuming from an Offline State278The resume Command278Resetting the Configuration to Factory Defaults278The resetconfig Command279Displaying the Version Information for AsyncOS279Enabling Remote Power Management280Backing Up Security Management Appliance Data281What Data Is Backed Up281Restrictions and Requirements for Backups281Backup Duration282Availability of Services During Backups282Interruption of a Backup Process283Scheduling Single or Recurring Backups283Starting an Immediate Backup284Checking Backup Status286Backup Information in Log Files286Other Important Backup Tasks286Disaster Recovery on the Security Management Appliance286Upgrading Appliance Hardware288Upgrading AsyncOS290Batch Commands for Upgrades290Determining Network Requirements for Upgrades and Updates290Choosing an Upgrade Method: Remote vs. Streaming291Streaming Upgrade Overview291Remote Upgrade Overview291Hardware and Software Requirements for Remote Upgrades292Hosting a Remote Upgrade Image293Important Differences in Remote Upgrading Method293Configuring Upgrade and Service Update Settings293Upgrade and Update Settings294Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies295Configuring the Update and Upgrade Settings from the GUI296Upgrade Notifications297Before You Upgrade: Important Steps297Upgrading AsyncOS298Viewing Status of, Canceling, or Deleting a Background Download300After Upgrading300About Reverting to an Earlier Version of AsyncOS300Important Note About Reversion Impact301Reverting AsyncOS301About Updates303About URL Category Set Updates for Web Usage Controls303Configuring the Return Address for Generated Messages303Managing Alerts303Alert Types and Severities304Alert Delivery304Viewing Recent Alerts305About Duplicate Alerts305Cisco AutoSupport305Hardware Alert Descriptions306System Alert Descriptions306Changing Network Settings309Changing the System Hostname309The sethostname Command309Configuring Domain Name System Settings310Specifying DNS Servers310Multiple Entries and Priority310Using the Internet Root Servers311Reverse DNS Lookup Timeout311DNS Alert311Clearing the DNS Cache311Configuring DNS Settings via the Graphical User Interface312Configuring TCP/IP Traffic Routes312Managing Static Routes in the GUI312Modifying the Default Gateway (GUI)312Configuring the Default Gateway313Configuring the System Time313Using a Network Time Protocol (NTP) Server313Selecting a GMT Offset314Updating Time Zone Files314Automatically Updating Time Zone Files314Manually Updating Time Zone Files314Saving and Importing Configuration Settings315Managing Multiple Appliances with XML Configuration Files315Managing Configuration Files316Saving and Exporting the Current Configuration File316Loading a Configuration File316Empty Versus Omitted Tags318Note About Loading Passwords for Log Subscriptions318Note About Character Set Encoding318Resetting the Current Configuration318Rolling Back to a Previously Committed Configuration318CLI Commands for Configuration Files319The showconfig, mailconfig, and saveconfig Commands319The loadconfig Command320The rollbackconfig Command320The publishconfig Command320Uploading Configuration Changes Using the CLI321Managing Disk Usage322Disk Space Maximums and Allocations322Reallocating Disk Space Quotas323Customizing Your View323Using Favorite Pages323Setting Preferences324Logging325Logging Overview325Logging Versus Reporting325Log Retrieval326Filename and Directory Structure326Log Rollover and Transfer Schedule326Timestamps in Log Files327Logs Enabled by Default327Log Types328Summary of Log Types328Log Type Comparison331Using Configuration History Logs331Using CLI Audit Logs332Using FTP Server Logs333Using HTTP Logs333Using Spam Quarantine Logs334Using Spam Quarantine GUI Logs334Using Text Mail Logs335Sample Text Mail Log335Examples of Text Mail Log Entries336Message Receiving337Successful Message Delivery Example337Unsuccessful Message Delivery (Hard Bounce)337Soft Bounce with Ultimately Successful Delivery Example337Message Scanning Results (scanconfig)338Message with Attachment338Generated or Rewritten Messages339Sending a Message to the Spam Quarantine339Using NTP Logs340Using Reporting Logs340Using Reporting Query Logs341Using Safelist/Blocklist Logs341Using SMA Logs342Using Status Logs343Using System Logs345Understanding Tracking Logs345Log Subscriptions345Configuring Log Subscriptions346Setting the Log Level346Creating a Log Subscription in the GUI347Editing Log Subscriptions348Configuring Global Settings for Logging348Logging Message Headers349Configuring Global Settings for Logging by Using the GUI349Rolling Over Log Subscriptions350Rolling Over Logs in Log Subscriptions350Rolling Over Logs Immediately Using the GUI350Rolling Over Logs Immediately via the CLI350Viewing the Most Recent Log Entries in the GUI350Viewing the Most Recent Entries in Logs (tail Command)350Configuring Host Keys351Troubleshooting355Collecting System Information355Troubleshooting Feature Setup Issues355General Troubleshooting Resources355Troubleshooting Performance Issues on Managed Appliances356Troubleshooting Issues with Specific Features356Working with Technical Support357Opening or Updating a Support Case from the Appliance357Enabling Remote Access for Cisco Technical Support Personnel358Enabling Remote Access to Appliances With an Internet Connection358Enabling Remote Access to Appliances Without a Direct Internet Connection359Disabling a Tech Support Tunnel359Disabling Remote Access359Checking the Status of the Support Connection360Running a Packet Capture360Remotely Resetting Appliance Power361IP Interfaces and Accessing the Appliance363IP Interfaces363Configuring IP Interfaces363Creating IP Interfaces Using the GUI364Accessing the Appliance via FTP365Secure Copy (scp) Access367Accessing via a Serial Connection368Assigning Network and IP Addresses369Ethernet Interfaces369Selecting IP Addresses and Netmasks369Sample Interface Configurations370IP Addresses, Interfaces, and Routing370Summary371Strategies for Connecting Your Content Security Appliance371Firewall Information373Web Security Management Examples375Web Security Appliance Examples375Example 1: Investigating a User375Related Topics376Example 2: Tracking a URL377Related Topics377Example 3: Investigating Top URL Categories Visited377Related Topics378Additional Resources379Cisco Notification Service379Documentation379Third Party Contributors380Training381Knowledge Base381Cisco Support Community381Customer Support381Registering for a Cisco Account382Cisco Welcomes Your Comments382End User License Agreement383Cisco Systems End User License Agreement383Supplemental End User License Agreement for Cisco Systems Content Security Software390Index393Tamaño: 4 MBPáginas: 402Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 9.0 for Cisco Content Security Management Appliances User Guide1Contents3Introduction23What’s New in This Release23Cisco Content Security Management Overview24Setup, Installation, and Basic Configuration27Solution Deployment Overview27SMA Compatibility Matrix28Installation Planning28Network Planning28About Integrating a Security Management Appliance with Email Security Appliances29Deployments with Clustered Email Security Appliances29Preparing for Setup30Physically Setting Up and Connecting the Appliance30Determining Network and IP Address Assignments30Gathering the Setup Information31Accessing the Security Management Appliance32Browser Requirements32About Accessing the Web Interfaces32Accessing the Web Interface33Accessing the Command Line Interface33Supported Languages34Running the System Setup Wizard34Before You Begin34Overview of the System Setup Wizard35Launch the System Setup Wizard36Review the End User License Agreement36Configure the System Settings36Entering an Email Address for System Alerts36Setting the Time36Setting the Password36Enabling AutoSupport37Configure the Network Settings37Network Settings37Review Your Configuration37Proceeding to the Next Steps37About Adding Managed Appliances38Editing Managed Appliance Configurations38Removing an Appliance from the List of Managed Appliances39Security Appliances Page39Configuring Services on the Security Management Appliance39Committing and Abandoning Configuration Changes40Working With Reports41Ways to View Reporting Data41How the Security Appliance Gathers Data for Reports42How Reporting Data is Stored42About Reporting and Upgrades43Customizing Your View of Report Data43Viewing Reporting Data for an Appliance or Reporting Group44Choosing a Time Range for Reports44(Web Reports Only) Choosing Which Data to Chart45Customizing Tables on Report Pages46Custom Reports46Modules That Cannot Be Added to Custom Reports47Creating Your Custom Report Page47Viewing Details of Messages or Transactions Included in Reports48Improving Performance of Email Reports48Printing and Exporting Reporting and Tracking Data50Exporting Report Data as a Comma-Separated Values (CSV) File51Subdomains vs. Second-Level Domains in Reporting and Tracking52Troubleshooting All Reports52Unable to View Report Data on Backup Security Management Appliance53Reporting Is Disabled53Email and Web Reports53Using Centralized Email Security Reporting55Centralized Email Reporting Overview55Setting Up Centralized Email Reporting56Enabling Centralized Email Reporting on the Security Management Appliance56Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance57Creating Email Reporting Groups58Enabling Centralized Email Reporting on Email Security Appliances58Working with Email Report Data58Searching and the Interactive Email Report Pages59Understanding the Email Reporting Pages60Table Column Descriptions for Email Reporting Pages63Email Reporting Overview Page65How Incoming Mail Messages are Counted66How Email Messages Are Categorized by the Appliances66Categorizing Email Messages on the Overview Page66Incoming Mail Page68Views Within the Incoming Mail Page68Categorizing Email Messages on Incoming Mail Page69“No Domain Information” Link71Time Ranges in the Mail Trend Graphs71Incoming Mail Details Table71Sender Profile Pages71Sender Groups Report Page73Outgoing Destinations Page73Outgoing Senders Page74Internal Users Page75Internal User Details Page76Searching for a Specific Internal User77DLP Incidents77DLP Incidents Details Table78DLP Policy Detail Page78Message Filters78High Volume Mail79Content Filters Page79Content Filter Details Page79DMARC Verification80Virus Types Page80URL Filtering Page81Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages81Requirements for File Analysis Report Details82Identifying Files by SHA-256 Hash82File Reputation and File Analysis Report Pages82Viewing File Reputation Filtering Data in Other Reports83TLS Connections Page83Inbound SMTP Authentication Page84Rate Limits Page85Outbreak Filters Page86System Capacity Page87How to Interpret the Data You See on System Capacity Page88System Capacity – Workqueue88System Capacity – Incoming Mail89System Capacity – Outgoing Mail89System Capacity – System Load89Note About Memory Page Swapping89System Capacity – All90Reporting Data Availability Page90About Scheduled and On-Demand Email Reports90Additional Report Types91Domain-Based Executive Summary Report92Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering92Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports92Creating Domain-Based Executive Summary Reports93Executive Summary Report94Scheduled Reports Page94Scheduling Email Reports94Adding Scheduled Reports95Editing Scheduled Reports96Discontinuing Scheduled Reports96Generating Email Reports On Demand96Archived Email Reports Page97Viewing and Managing Archived Email Reports98Accessing Archived Reports98Deleting Archived Reports98Troubleshooting Email Reports99Outbreak Filters Reports Do Not Show Information Correctly99Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report99Advanced Malware Protection Verdict Updates Report Results Differ99Issues Viewing File Analysis Report Details99File Analysis Report Details Are Not Available100Error When Viewing File Analysis Report Details100Using Centralized Web Reporting and Tracking101Centralized Web Reporting and Tracking Overview101Setting Up Centralized Web Reporting and Tracking102Enabling Centralized Web Reporting on the Security Management Appliance103Enabling Centralized Web Reporting on Web Security Appliances103Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance103Anonymizing User Names in Web Reports104Working with Web Security Reports105Web Reporting Page Descriptions105About Time Spent108Web Reporting Overview108Users Report (Web)110User Details (Web Reporting)111Web Sites Report113URL Categories Report114Reducing Uncategorized URLs115URL Category Set Updates and Reports115Using The URL Categories Page in Conjunction with Other Reporting Pages116Reporting Misclassified and Uncategorized URLs116Application Visibility Report116Understanding the Difference between Application versus Application Types117Anti-Malware Report118Malware Category Report119Malware Threat Report120Malware Category Descriptions120Advanced Malware Protection (File Reputation and File Analysis) Reports121Requirements for File Analysis Report Details121Identifying Files by SHA-256 Hash122Advanced Malware Protection (File Reputation and File Analysis) Report Pages123Viewing File Reputation Filtering Data in Other Reports124Client Malware Risk Report124Web Reputation Filters Report125What are Web Reputation Filters?125Adjusting Web Reputation Settings127L4 Traffic Monitor Report127SOCKS Proxy Report129Reports by User Location129System Capacity Page130Viewing the System Capacity Report130How to Interpret the Data You See on the System Capacity Page131System Capacity - System Load131System Capacity - Network Load131Note About Proxy Buffer Memory Swapping132Data Availability Page132About Scheduled and On-Demand Web Reports132Scheduling Web Reports133Storage of Scheduled Web Reports134Adding Scheduled Web Reports134Editing Scheduled Web Reports135Deleting Scheduled Web Reports135Additional Extended Web Reports135Top URL Categories—Extended135Top Application Types—Extended136Generating Web Reports on Demand137Archived Web Reports Page138Viewing and Managing Archived Web Reports138Web Tracking138Searching for Transactions Processed by Web Proxy Services139Malware Category Descriptions141Searching for Transactions Processed by the L4 Traffic Monitor142Searching for Transactions Processed by the SOCKS Proxy143Working with Web Tracking Search Results143Displaying More Web Tracking Search Results143Understanding Web Tracking Search Results143Viewing Transaction Details for Web Tracking Search Results144About Web Tracking and Advanced Malware Protection Features144About Web Tracking and Upgrades145Troubleshooting Web Reporting and Tracking145Centralized Reporting Is Enabled Properly But Not Working145Advanced Malware Protection Verdict Updates Report Results Differ146Issues Viewing File Analysis Report Details146File Analysis Report Details Are Not Available146Error When Viewing File Analysis Report Details146Expected Data Is Missing from Reporting or Tracking Results146PDF Shows Only a Subset of Web Tracking Data147Troubleshooting L4 Traffic Monitor Reports147Tracking Email Messages149Tracking Service Overview149Setting Up Centralized Message Tracking150Enabling Centralized Email Tracking on a Security Management Appliance150Configuring Centralized Message Tracking on Email Security Appliances150Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance151Managing Access to Sensitive Information152Checking Message Tracking Data Availability152Searching for Email Messages152Narrowing the Result Set155About Message Tracking and Advanced Malware Protection Features155Understanding Tracking Query Results156Message Details157Envelope and Header Summary157Sending Host Summary157Processing Details157DLP Matched Content Tab158Troubleshooting Message Tracking158Expected Messages Are Missing from Search Results158Attachments Do Not Appear in Search Results158Spam Quarantine159Overview of the Spam Quarantine159Local Versus External Spam Quarantine159Setting Up the Centralized Spam Quarantine160Enabling and Configuring the Spam Quarantine160Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance162Configuring an Outbound IP Interface on the Security Management Appliance163Configuring the IP Interface for Browser Access to the Spam Quarantine164Configuring Administrative User Access to the Spam Quarantine164Limiting Which Recipients Have Mail Quarantined165Ensuring That Message Text Displays Correctly165Spam Quarantine Language165Edit Spam Quarantine Page166Using Safelists and Blocklists to Control Email Delivery Based on Sender166Message Processing of Safelists and Blocklists166Enabling Safelists and Blocklists167External Spam Quarantine and Safelist/Blocklists168Adding Senders and Domains to Safelists and Blocklists (Administrators)168Syntax for Safelists and Blocklist Entries169Clearing All Safelists and Blocklists170About End-User Access to Safelists and Blocklists170Adding Entries to Safelists (End Users)170Adding the Sender of a Quarantined Message to the Safelist170Adding Senders to the Safelist Without a Quarantined Message171Adding Senders to Blocklists (End Users)171Backing Up and Restoring the Safelist/Blocklist171Troubleshooting Safelists and Blocklists172Message from Safelisted Sender Was Not Delivered172Configuring Spam Management Features for End Users173Authentication Options for End Users Accessing Spam Management Features173LDAP Authentication Process174IMAP/POP Authentication Process175Setting Up End-User Access to the Spam Quarantine via Web Browser175Configuring End-User Access to the Spam Quarantine176Determining the URL for End-User Access to the Spam Quarantine177Which Messages an End User Sees177Notifying End Users About Quarantined Messages177Recipient Email Mailing List Aliases and Spam Notifications179Testing Notifications179Troubleshooting Spam Notifications180User Receives Multiple Notifications180Recipient Does Not Receive Notifications180Managing Messages in the Spam Quarantine180Accessing the Spam Quarantine (Administrative Users)181Searching for Messages in the Spam Quarantine181Searching Very Large Message Collections181Viewing Messages in the Spam Quarantine181Delivering Messages in the Spam Quarantine182Deleting Messages from the Spam Quarantine182Disk Space for the Spam Quarantine182About Disabling the External Spam Quarantine183Troubleshooting Spam Quarantine Features183Centralized Policy, Virus, and Outbreak Quarantines185Overview of Centralized Quarantines185Quarantine Types186Centralizing Policy, Virus, and Outbreak Quarantines187Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance188Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance189Configuring Migration of Policy, Virus, and Outbreak Quarantines190Designating an Alternate Appliance to Process Released Messages191Configuring Centralized Quarantine Access for Custom User Roles192Disabling Centralized Policy, Virus, and Outbreak Quarantines192Releasing Messages When an Email Security Appliance Is Unavailable192Managing Policy, Virus, and Outbreak Quarantines193Disk Space Allocation for Policy, Virus, and Outbreak Quarantines193Retention Time for Messages in Quarantines193Default Actions for Automatically Processed Quarantined Messages195Checking the Settings of System-Created Quarantines195Creating Policy Quarantines195About Editing Policy, Virus, and Outbreak Quarantine Settings197Determining the Filters and Message Actions to Which a Quarantine Is Assigned197About Deleting Policy Quarantines197Monitoring Quarantine Status, Capacity, and Activity198Alerts About Quarantine Disk-Space Usage198Policy Quarantines and Logging199About Distributing Message Processing Tasks to Other Users199Which User Groups Can Access Policy, Virus, and Outbreak Quarantines199About the Centralized File Analysis Quarantine200Working with Messages in Policy, Virus, or Outbreak Quarantines200Viewing Messages in Quarantines201Quarantined Messages and International Character Sets201Finding Messages in Policy, Virus, and Outbreak Quarantines201Manually Processing Messages in a Quarantine202Sending a Copy of the Message203About Moving Messages Between Policy Quarantines203Messages in Multiple Quarantines203Message Details and Viewing Message Content204Viewing Matched Content205Downloading Attachments206About Rescanning of Quarantined Messages206The Outbreak Quarantine207Rescanning Messages in an Outbreak Quarantine207Manage by Rule Summary Link207Reporting False Positives or Suspicious Messages to Cisco Systems208Troubleshooting Centralized Policy Quarantines208Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions208Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned208Managing Web Security Appliances209About Centralized Configuration Management209Determining the Correct Configuration Publishing Method209Setting Up Configuration Masters to Centrally Manage Web Security Appliances210Important Notes About Using Configuration Masters211Determine the Configuration Master Versions to Use211Enabling Centralized Configuration Management on the Security Management Appliance212Initializing and Configuring Configuration Masters212Initializing Configuration Masters212About Associating Web Security Appliances to Configuration Masters213Adding Web Security Appliances and Associating Them with Configuration Master Versions213Associating Configuration Master Versions to Web Security Appliances214Configuring Settings to Publish214Importing from an Existing Configuration Master215Importing Settings from a Web Security Appliance216Configuring Web Security Features Directly in Configuration Masters216SMA-Specific Differences when Configuring Features in Configuration Masters217Tip for Working with Identities in Configuration Masters218Ensuring that Features are Enabled Consistently218Comparing Enabled Features218Enabling Features to Publish219Disabling Unused Configuration Masters220Setting Up to Use Advanced File Publishing220Publishing Configurations to Web Security Appliances221Publishing a Configuration Master221Before You Publish a Configuration Master221Publishing a Configuration Master Now223Publishing a Configuration Master Later223Publishing a Configuration Master Using the Command Line Interface224Publishing Configurations Using Advanced File Publishing224Advanced File Publish: Publish Configuration Now225Advanced File Publish: Publish Later225Viewing Status and History of Publishing Jobs226Viewing Publish History226Viewing Web Security Appliance Status227Viewing a Summary of Status of Web Appliances227Viewing Status of Individual Web Security Appliances227Web Appliance Status Details228Preparing For and Managing URL Category Set Updates228Understand the Impacts of URL Category Set Updates228Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates229Specify Default Settings for New and Changed Categories229When the URL Category Set is Updated, Check Your Policy and Identity Settings229Troubleshooting Configuration Management Issues229In Configuration Master > Identities, Groups Are Not Available230Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected230Troubleshooting Configuration Publishing Failures230Monitoring System Status231About Security Management Appliance Status231Monitoring Security Management Appliance Capacity232Monitoring the Processing Queue232Monitoring CPU Utilization232Monitoring Status of Data Transfer From Managed Appliances233Viewing the Configuration Status of Your Managed Appliances234Additional Status Information for Web Security Appliances234Monitoring Reporting Data Availability Status234Monitoring Email Security Reporting Data Availability235Monitoring Web Security Reporting Data Availability235Monitoring Email Tracking Data Status236Monitoring Capacity of Managed Appliances236Identifying Active TCP/IP Services236Integrating with LDAP237Overview237Configuring LDAP to Work with the Spam Quarantine237Creating the LDAP Server Profile238Testing LDAP Servers240Configuring LDAP Queries240LDAP Query Syntax240Tokens241Spam Quarantine End-User Authentication Queries241Sample Active Directory End-User Authentication Settings242Sample OpenLDAP End-User Authentication Settings242Spam Quarantine Alias Consolidation Queries242Sample Active Directory Alias Consolidation Settings243Sample OpenLDAP Alias Consolidation Settings243Testing LDAP Queries244Domain-Based Queries244Creating a Domain-Based Query245Chain Queries246Creating a Chain Query246Configuring AsyncOS to Work With Multiple LDAP Servers247Testing Servers and Queries248Failover248Configuring the Cisco Content Security Appliance for LDAP Failover248Load Balancing249Configuring the Cisco Content Security Appliance for Load Balancing249Configuring External Authentication of Administrative Users Using LDAP250User Accounts Query for Authenticating Administrative Users251Group Membership Queries for Authenticating Administrative Users251Enabling External Authentication of Administrative Users253Configuring SMTP Routing255SMTP Routes Overview255SMTP Routes, Mail Delivery, and Message Splintering256SMTP Routes and Outbound SMTP Authentication256Routing Email for Local Domains256Default SMTP Route256Managing SMTP Routes257Defining an SMTP Route257SMTP Routes Limits257Adding SMTP Routes257Exporting SMTP Routes258Importing SMTP Routes258SMTP Routes and DNS260Distributing Administrative Tasks261About Distributing Administrative Tasks261Assigning User Roles261Predefined User Roles261Custom User Roles264About Custom Email User Roles264Access to Email Reporting264Access to Message Tracking Data266Access to Quarantines for Custom User Role266Creating Custom Email User Roles266Using Custom Email User Roles267About Custom Web User Roles267Creating Custom Web User Roles268Editing Custom Web User Roles269Deleting Custom User Roles269User Roles with Access to the CLI269Using LDAP269Access to Quarantines270Users Page270About Authenticating Administrative Users270Changing the Admin User’s Password270Managing Locally-Defined Administrative Users271Adding Locally-Defined Users271Editing Locally-Defined Users272Deleting Locally-Defined Users272Viewing the List of Locally-Defined Users272Setting and Changing Passwords272Setting Password and Login Requirements273Requiring Users to Change Passwords on Demand276Locking and Unlocking Local User Accounts276Locking User Accounts Manually276Unlocking User Accounts277External User Authentication277Configuring LDAP Authentication277Enabling RADIUS Authentication277Additional Controls on Access to the Security Management Appliance280Configuring IP-Based Network Access280Direct Connections280Connecting Through a Proxy280Creating the Access List281Configuring the Web UI Session Timeout282Controlling Access to Sensitive DLP Information in Message Tracking283Displaying a Message for Administrative Users283Viewing Administrative User Activity283Viewing Active Sessions Using the Web284Viewing Your Recent Login Attempts284Viewing Administrative User Activity via the Command Line Interface284Troubleshooting Administrative User Access285Error: User Has No Access Privileges Assigned285User Has No Active Menus285Externally-Authenticated Users See Preferences Option286Common Administrative Tasks287Performing Administrative Tasks287Working with Feature Keys288Virtual Appliance Licensing and Feature Keys288Performing Maintenance Tasks Using CLI Commands288Shutting Down the Security Management Appliance289Rebooting the Security Management Appliance289Taking the Security Management Appliance Out of Service289CLI Examples: suspend and suspendtransfers Commands290Resuming from a Suspended State290CLI Examples: resume and resumetransfers Commands290Resetting the Configuration to Factory Defaults291The resetconfig Command291Displaying the Version Information for AsyncOS292Enabling Remote Power Management292Backing Up Security Management Appliance Data293What Data Is Backed Up293Restrictions and Requirements for Backups294Backup Duration295Availability of Services During Backups295Interruption of a Backup Process295Prevent the Target Appliance From Pulling Data Directly from Managed Appliances296Receiving Alerts About Backup Status296Scheduling Single or Recurring Backups296Starting an Immediate Backup297Checking Backup Status297Backup Information in Log Files298Other Important Backup Tasks298Making a Backup Appliance the Primary Appliance298Disaster Recovery on the Security Management Appliance299Upgrading Appliance Hardware301Upgrading AsyncOS301Batch Commands for Upgrades302Determining Network Requirements for Upgrades and Updates302Choosing an Upgrade Method: Remote vs. Streaming302Streaming Upgrade Overview302Remote Upgrade Overview303Hardware and Software Requirements for Remote Upgrades304Hosting a Remote Upgrade Image304Important Differences in Remote Upgrading Method305Configuring Upgrade and Service Update Settings305Upgrade and Update Settings306Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies307Configuring the Update and Upgrade Settings from the GUI309Upgrade Notifications309Before You Upgrade: Important Steps310Upgrading AsyncOS310Viewing Status of, Canceling, or Deleting a Background Download312After Upgrading312About Reverting to an Earlier Version of AsyncOS313Important Note About Reversion Impact313Reverting AsyncOS313About Updates315About URL Category Set Updates for Web Usage Controls315Configuring the Return Address for Generated Messages315Managing Alerts316Alert Types and Severities316Alert Delivery316Viewing Recent Alerts317About Duplicate Alerts317Cisco AutoSupport318Hardware Alert Descriptions318System Alert Descriptions318Changing Network Settings321Changing the System Hostname321The sethostname Command321Configuring Domain Name System Settings322Specifying DNS Servers322Multiple Entries and Priority322Using the Internet Root Servers323Reverse DNS Lookup Timeout323DNS Alert324Clearing the DNS Cache324Configuring DNS Settings via the Graphical User Interface324Configuring TCP/IP Traffic Routes324Managing Static Routes in the GUI324Modifying the Default Gateway (GUI)325Configuring the Default Gateway325Configuring the System Time325Using a Network Time Protocol (NTP) Server326Selecting a GMT Offset326Updating Time Zone Files326Automatically Updating Time Zone Files327Manually Updating Time Zone Files327Configuration File Page327Saving and Importing Configuration Settings327Managing Configuration Files328Saving and Exporting the Current Configuration File328Loading a Configuration File328Empty Versus Omitted Tags330Note About Loading Passwords for Log Subscriptions330Note About Character Set Encoding330Resetting the Current Configuration330Rolling Back to a Previously Committed Configuration330CLI Commands for Configuration Files331The showconfig, mailconfig, and saveconfig Commands331The loadconfig Command332The rollbackconfig Command332The publishconfig Command332Uploading Configuration Changes Using the CLI333Managing Disk Space333(Virtual Appliances Only) Increasing Available Disk Space334Viewing Disk Quotas and Usage334Disk Space Maximums and Allocations335Ensuring That You Receive Alerts About Disk Space335Managing Disk Space for the Miscellaneous Quota335Reallocating Disk Space Quotas336Customizing Your View337Using Favorite Pages337Setting Preferences337Logging339Logging Overview339Logging Versus Reporting339Log Retrieval340Filename and Directory Structure340Log Rollover and Transfer Schedule340Timestamps in Log Files341Logs Enabled by Default341Log Types342Summary of Log Types342Log Type Comparison345Using Configuration History Logs345Using CLI Audit Logs346Using FTP Server Logs347Using HTTP Logs347Using Spam Quarantine Logs348Using Spam Quarantine GUI Logs348Using Text Mail Logs349Sample Text Mail Log349Examples of Text Mail Log Entries350Message Receiving351Successful Message Delivery Example351Unsuccessful Message Delivery (Hard Bounce)351Soft Bounce with Ultimately Successful Delivery Example351Message Scanning Results (scanconfig)352Message with Attachment352Generated or Rewritten Messages353Sending a Message to the Spam Quarantine353Using NTP Logs354Using Reporting Logs354Using Reporting Query Logs355Using Safelist/Blocklist Logs355Using SMA Logs356Using Status Logs357Using System Logs359Understanding Tracking Logs359Log Subscriptions359Configuring Log Subscriptions360Setting the Log Level360Creating a Log Subscription in the GUI361Editing Log Subscriptions362Configuring Global Settings for Logging362Logging Message Headers363Configuring Global Settings for Logging by Using the GUI363Rolling Over Log Subscriptions364Rolling Over Logs in Log Subscriptions364Rolling Over Logs Immediately Using the GUI364Rolling Over Logs Immediately via the CLI364Viewing the Most Recent Log Entries in the GUI364Viewing the Most Recent Entries in Logs (tail Command)365Configuring Host Keys365Troubleshooting369Collecting System Information369Troubleshooting Feature Setup Issues369General Troubleshooting Resources369Troubleshooting Performance Issues on Managed Appliances370Troubleshooting Issues with Specific Features370Working with Technical Support371Opening or Updating a Support Case from the Appliance371Getting Support for Virtual Appliances372Enabling Remote Access for Cisco Technical Support Personnel372Enabling Remote Access to Appliances With an Internet Connection372Enabling Remote Access to Appliances Without a Direct Internet Connection373Disabling a Tech Support Tunnel373Disabling Remote Access373Checking the Status of the Support Connection374Running a Packet Capture374Remotely Resetting Appliance Power375IP Interfaces and Accessing the Appliance377IP Interfaces377Configuring IP Interfaces377Creating IP Interfaces Using the GUI378Accessing the Appliance via FTP379Secure Copy (scp) Access381Accessing via a Serial Connection382Assigning Network and IP Addresses383Ethernet Interfaces383Selecting IP Addresses and Netmasks383Sample Interface Configurations384IP Addresses, Interfaces, and Routing384Summary385Strategies for Connecting Your Content Security Appliance385Firewall Information387Web Security Management Examples389Web Security Appliance Examples389Example 1: Investigating a User389Related Topics390Example 2: Tracking a URL391Related Topics391Example 3: Investigating Top URL Categories Visited391Related Topics392Additional Resources393Cisco Notification Service393Documentation393Third Party Contributors394Training395Knowledge Base Articles (TechNotes)395Cisco Support Community395Customer Support395Registering for a Cisco Account396Cisco Welcomes Your Comments396End User License Agreement397Cisco Systems End User License Agreement397Supplemental End User License Agreement for Cisco Systems Content Security Software404Index407Tamaño: 4 MBPáginas: 416Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 9.1 for Cisco Content Security Management Appliances User Guide1Contents3Introduction21What’s New in This Release21New in Release 9.121New in Release 9.022Cisco Content Security Management Overview23Setup, Installation, and Basic Configuration25Solution Deployment Overview25SMA Compatibility Matrix26Installation Planning26Network Planning26About Integrating a Security Management Appliance with Email Security Appliances27Deployments with Clustered Email Security Appliances27Preparing for Setup28Physically Setting Up and Connecting the Appliance28Determining Network and IP Address Assignments28Gathering the Setup Information29Accessing the Security Management Appliance30Browser Requirements30About Accessing the Web Interfaces30Accessing the Web Interface31Accessing the Command Line Interface31Supported Languages31Running the System Setup Wizard32Before You Begin32Overview of the System Setup Wizard33Launch the System Setup Wizard33Review the End User License Agreement33Configure the System Settings34Entering an Email Address for System Alerts34Setting the Time34Setting the Password34Enabling AutoSupport34Configure the Network Settings34Network Settings35Review Your Configuration35Proceeding to the Next Steps35About Adding Managed Appliances35Editing Managed Appliance Configurations36Removing an Appliance from the List of Managed Appliances37Configuring Services on the Security Management Appliance37Committing and Abandoning Configuration Changes37Working With Reports39Ways to View Reporting Data39How the Security Appliance Gathers Data for Reports40How Reporting Data is Stored40About Reporting and Upgrades41Customizing Your View of Report Data41Viewing Reporting Data for an Appliance or Reporting Group42Choosing a Time Range for Reports42(Web Reports Only) Choosing Which Data to Chart43Customizing Tables on Report Pages44Custom Reports44Modules That Cannot Be Added to Custom Reports45Creating Your Custom Report Page45Viewing Details of Messages or Transactions Included in Reports46Improving Performance of Email Reports46Printing and Exporting Reporting and Tracking Data48Exporting Report Data as a Comma-Separated Values (CSV) File49Subdomains vs. Second-Level Domains in Reporting and Tracking50Troubleshooting All Reports50Unable to View Report Data on Backup Security Management Appliance51Reporting Is Disabled51Email and Web Reports51Using Centralized Email Security Reporting53Centralized Email Reporting Overview53Setting Up Centralized Email Reporting54Enabling Centralized Email Reporting on the Security Management Appliance54Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance55Creating Email Reporting Groups56Enabling Centralized Email Reporting on Email Security Appliances56Working with Email Report Data56Searching and the Interactive Email Report Pages57Understanding the Email Reporting Pages58Table Column Descriptions for Email Reporting Pages61Email Reporting Overview Page63How Incoming Mail Messages are Counted64How Email Messages Are Categorized by the Appliances64Categorizing Email Messages on the Overview Page64Incoming Mail Page66Views Within the Incoming Mail Page66Categorizing Email Messages on Incoming Mail Page67“No Domain Information” Link69Time Ranges in the Mail Trend Graphs69Incoming Mail Details Table69Sender Profile Pages69Sender Groups Report Page71Outgoing Destinations Page71Outgoing Senders Page72Internal Users Page73Internal User Details Page74Searching for a Specific Internal User75DLP Incidents75DLP Incidents Details Table76DLP Policy Detail Page76Message Filters76High Volume Mail77Content Filters Page77Content Filter Details Page77DMARC Verification78Virus Types Page78URL Filtering Page79Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages79Requirements for File Analysis Report Details80Identifying Files by SHA-256 Hash80File Reputation and File Analysis Report Pages80Viewing File Reputation Filtering Data in Other Reports81TLS Connections Page81Inbound SMTP Authentication Page82Rate Limits Page83Outbreak Filters Page84System Capacity Page85How to Interpret the Data You See on System Capacity Page86System Capacity – Workqueue86System Capacity – Incoming Mail87System Capacity – Outgoing Mail87System Capacity – System Load87Note About Memory Page Swapping87System Capacity – All88Reporting Data Availability Page88About Scheduled and On-Demand Email Reports88Additional Report Types89Domain-Based Executive Summary Report90Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering90Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports90Creating Domain-Based Executive Summary Reports91Executive Summary Report92Scheduling Email Reports92Adding Scheduled Reports93Editing Scheduled Reports94Discontinuing Scheduled Reports94Generating Email Reports On Demand94Viewing and Managing Archived Email Reports95Accessing Archived Reports96Deleting Archived Reports96Troubleshooting Email Reports96Outbreak Filters Reports Do Not Show Information Correctly97Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report97Advanced Malware Protection Verdict Updates Report Results Differ97Issues Viewing File Analysis Report Details97File Analysis Report Details Are Not Available97Error When Viewing File Analysis Report Details97Using Centralized Web Reporting and Tracking99Centralized Web Reporting and Tracking Overview99Setting Up Centralized Web Reporting and Tracking100Enabling Centralized Web Reporting on the Security Management Appliance101Enabling Centralized Web Reporting on Web Security Appliances101Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance101Anonymizing User Names in Web Reports102Working with Web Security Reports103Web Reporting Page Descriptions103About Time Spent106Web Reporting Overview106Users Report (Web)108User Details (Web Reporting)109Web Sites Report111URL Categories Report112Reducing Uncategorized URLs113URL Category Set Updates and Reports113Using The URL Categories Page in Conjunction with Other Reporting Pages114Reporting Misclassified and Uncategorized URLs114Application Visibility Report114Understanding the Difference between Application versus Application Types115Anti-Malware Report116Malware Category Report117Malware Threat Report118Malware Category Descriptions118Advanced Malware Protection (File Reputation and File Analysis) Reports119Requirements for File Analysis Report Details119Identifying Files by SHA-256 Hash120Advanced Malware Protection (File Reputation and File Analysis) Report Pages121Viewing File Reputation Filtering Data in Other Reports122Client Malware Risk Report122Web Reputation Filters Report123What are Web Reputation Filters?123Adjusting Web Reputation Settings125L4 Traffic Monitor Report125SOCKS Proxy Report127Reports by User Location127System Capacity Page128Viewing the System Capacity Report128How to Interpret the Data You See on the System Capacity Page129System Capacity - System Load129System Capacity - Network Load129Note About Proxy Buffer Memory Swapping130Data Availability Page130About Scheduled and On-Demand Web Reports130Scheduling Web Reports131Storage of Scheduled Web Reports132Adding Scheduled Web Reports132Editing Scheduled Web Reports133Deleting Scheduled Web Reports133Additional Extended Web Reports133Top URL Categories—Extended133Top Application Types—Extended134Generating Web Reports on Demand135Viewing and Managing Archived Web Reports136Web Tracking136Searching for Transactions Processed by Web Proxy Services136Malware Category Descriptions139Searching for Transactions Processed by the L4 Traffic Monitor140Searching for Transactions Processed by the SOCKS Proxy141Working with Web Tracking Search Results141Displaying More Web Tracking Search Results141Understanding Web Tracking Search Results141Viewing Transaction Details for Web Tracking Search Results142About Web Tracking and Advanced Malware Protection Features142About Web Tracking and Upgrades143Troubleshooting Web Reporting and Tracking143Centralized Reporting Is Enabled Properly But Not Working143Advanced Malware Protection Verdict Updates Report Results Differ144Issues Viewing File Analysis Report Details144File Analysis Report Details Are Not Available144Error When Viewing File Analysis Report Details144Expected Data Is Missing from Reporting or Tracking Results144PDF Shows Only a Subset of Web Tracking Data145Troubleshooting L4 Traffic Monitor Reports145Tracking Email Messages147Tracking Service Overview147Setting Up Centralized Message Tracking148Enabling Centralized Email Tracking on a Security Management Appliance148Configuring Centralized Message Tracking on Email Security Appliances148Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance149Managing Access to Sensitive Information150Checking Message Tracking Data Availability150Searching for Email Messages150Narrowing the Result Set153About Message Tracking and Advanced Malware Protection Features153Understanding Tracking Query Results154Message Details154Envelope and Header Summary155Sending Host Summary155Processing Details155DLP Matched Content Tab155Troubleshooting Message Tracking156Expected Messages Are Missing from Search Results156Attachments Do Not Appear in Search Results156Spam Quarantine157Overview of the Spam Quarantine157Local Versus External Spam Quarantine157Setting Up the Centralized Spam Quarantine158Enabling and Configuring the Spam Quarantine158Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance160Configuring an Outbound IP Interface on the Security Management Appliance161Configuring the IP Interface for Browser Access to the Spam Quarantine162Configuring Administrative User Access to the Spam Quarantine162Limiting Which Recipients Have Mail Quarantined163Ensuring That Message Text Displays Correctly163Spam Quarantine Language163Using Safelists and Blocklists to Control Email Delivery Based on Sender164Message Processing of Safelists and Blocklists164Enabling Safelists and Blocklists165External Spam Quarantine and Safelist/Blocklists165Adding Senders and Domains to Safelists and Blocklists (Administrators)166Syntax for Safelists and Blocklist Entries167Clearing All Safelists and Blocklists168About End-User Access to Safelists and Blocklists168Adding Entries to Safelists (End Users)168Adding the Sender of a Quarantined Message to the Safelist168Adding Senders to the Safelist Without a Quarantined Message169Adding Senders to Blocklists (End Users)169Backing Up and Restoring the Safelist/Blocklist169Troubleshooting Safelists and Blocklists170Message from Safelisted Sender Was Not Delivered170Configuring Spam Management Features for End Users171Authentication Options for End Users Accessing Spam Management Features171LDAP Authentication Process172IMAP/POP Authentication Process173Setting Up End-User Access to the Spam Quarantine via Web Browser173Configuring End-User Access to the Spam Quarantine174Determining the URL for End-User Access to the Spam Quarantine175Which Messages an End User Sees175Notifying End Users About Quarantined Messages175Recipient Email Mailing List Aliases and Spam Notifications177Testing Notifications177Troubleshooting Spam Notifications178User Receives Multiple Notifications178Recipient Does Not Receive Notifications178Managing Messages in the Spam Quarantine178Accessing the Spam Quarantine (Administrative Users)178Searching for Messages in the Spam Quarantine179Searching Very Large Message Collections179Viewing Messages in the Spam Quarantine179Delivering Messages in the Spam Quarantine180Deleting Messages from the Spam Quarantine180Disk Space for the Spam Quarantine180About Disabling the External Spam Quarantine180Troubleshooting Spam Quarantine Features181Centralized Policy, Virus, and Outbreak Quarantines183Overview of Centralized Quarantines183Quarantine Types184Centralizing Policy, Virus, and Outbreak Quarantines185Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance186Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance187Configuring Migration of Policy, Virus, and Outbreak Quarantines188Designating an Alternate Appliance to Process Released Messages189Configuring Centralized Quarantine Access for Custom User Roles190Disabling Centralized Policy, Virus, and Outbreak Quarantines190Releasing Messages When an Email Security Appliance Is Unavailable190Managing Policy, Virus, and Outbreak Quarantines190Disk Space Allocation for Policy, Virus, and Outbreak Quarantines191Retention Time for Messages in Quarantines191Default Actions for Automatically Processed Quarantined Messages193Checking the Settings of System-Created Quarantines193Configuring Policy, Virus, and Outbreak Quarantines193About Editing Policy, Virus, and Outbreak Quarantine Settings195Determining the Filters and Message Actions to Which a Policy Quarantine Is Assigned195About Deleting Policy Quarantines195Monitoring Quarantine Status, Capacity, and Activity196Alerts About Quarantine Disk-Space Usage197Policy Quarantines and Logging197About Distributing Message Processing Tasks to Other Users197Which User Groups Can Access Policy, Virus, and Outbreak Quarantines198Working with Messages in Policy, Virus, or Outbreak Quarantines198Viewing Messages in Quarantines199Quarantined Messages and International Character Sets199Finding Messages in Policy, Virus, and Outbreak Quarantines199Manually Processing Messages in a Quarantine200Sending a Copy of the Message201About Moving Messages Between Policy Quarantines201Messages in Multiple Quarantines201Message Details and Viewing Message Content202Viewing Matched Content203Downloading Attachments204About Rescanning of Quarantined Messages204The Outbreak Quarantine205Rescanning Messages in an Outbreak Quarantine205Manage by Rule Summary Link206Reporting False Positives or Suspicious Messages to Cisco Systems206Troubleshooting Centralized Policy Quarantines206Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions206Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned206Managing Web Security Appliances207About Centralized Configuration Management207Determining the Correct Configuration Publishing Method207Setting Up Configuration Masters to Centrally Manage Web Security Appliances208Important Notes About Using Configuration Masters209Determine the Configuration Master Versions to Use209Enabling Centralized Configuration Management on the Security Management Appliance210Initializing Configuration Masters210About Associating Web Security Appliances to Configuration Masters210Adding Web Security Appliances and Associating Them with Configuration Master Versions211Associating Configuration Master Versions to Web Security Appliances212Configuring Settings to Publish212Importing from an Existing Configuration Master213Importing Settings from a Web Security Appliance214Configuring Web Security Features Directly in Configuration Masters214SMA-Specific Differences when Configuring Features in Configuration Masters215Tip for Working with Identities/Identification Profiles in Configuration Masters216Ensuring that Features are Enabled Consistently216Comparing Enabled Features216Enabling Features to Publish217Disabling Unused Configuration Masters218Setting Up to Use Advanced File Publishing219Publishing Configurations to Web Security Appliances219Publishing a Configuration Master219Before You Publish a Configuration Master219Publishing a Configuration Master Now221Publishing a Configuration Master Later222Publishing a Configuration Master Using the Command Line Interface222Publishing Configurations Using Advanced File Publishing223Advanced File Publish: Publish Configuration Now223Advanced File Publish: Publish Later224Viewing Status and History of Publishing Jobs224Viewing Publish History225Viewing Web Security Appliance Status225Viewing a Summary of Status of Web Appliances225Viewing Status of Individual Web Security Appliances225Web Appliance Status Details226Preparing For and Managing URL Category Set Updates226Understand the Impacts of URL Category Set Updates227Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates227Specify Default Settings for New and Changed Categories227When the URL Category Set is Updated, Check Your Policy and Identity/Identification Profile Settings227Troubleshooting Configuration Management Issues228In Configuration Master > Identities/Identification Profiles, Groups Are Not Available228Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected228Troubleshooting Configuration Publishing Failures228Monitoring System Status231About Security Management Appliance Status231Monitoring Security Management Appliance Capacity232Monitoring the Processing Queue232Monitoring CPU Utilization232Monitoring Status of Data Transfer From Managed Appliances233Viewing the Configuration Status of Your Managed Appliances234Additional Status Information for Web Security Appliances234Monitoring Reporting Data Availability Status234Monitoring Email Security Reporting Data Availability235Monitoring Web Security Reporting Data Availability235Monitoring Email Tracking Data Status236Monitoring Capacity of Managed Appliances236Identifying Active TCP/IP Services236Integrating with LDAP237Overview237Configuring LDAP to Work with the Spam Quarantine237Creating the LDAP Server Profile238Testing LDAP Servers240Configuring LDAP Queries240LDAP Query Syntax240Tokens241Spam Quarantine End-User Authentication Queries241Sample Active Directory End-User Authentication Settings242Sample OpenLDAP End-User Authentication Settings242Spam Quarantine Alias Consolidation Queries242Sample Active Directory Alias Consolidation Settings243Sample OpenLDAP Alias Consolidation Settings243Testing LDAP Queries244Domain-Based Queries244Creating a Domain-Based Query245Chain Queries246Creating a Chain Query246Configuring AsyncOS to Work With Multiple LDAP Servers247Testing Servers and Queries248Failover248Configuring the Cisco Content Security Appliance for LDAP Failover248Load Balancing249Configuring the Cisco Content Security Appliance for Load Balancing249Configuring External Authentication of Administrative Users Using LDAP250User Accounts Query for Authenticating Administrative Users251Group Membership Queries for Authenticating Administrative Users251Enabling External Authentication of Administrative Users253Configuring SMTP Routing255SMTP Routes Overview255SMTP Routes, Mail Delivery, and Message Splintering256SMTP Routes and Outbound SMTP Authentication256Routing Email for Local Domains256Default SMTP Route256Managing SMTP Routes257Defining an SMTP Route257SMTP Routes Limits257Adding SMTP Routes257Exporting SMTP Routes258Importing SMTP Routes258SMTP Routes and DNS260Distributing Administrative Tasks261About Distributing Administrative Tasks261Assigning User Roles261Predefined User Roles262Custom User Roles264About Custom Email User Roles265Email Reporting265Message Tracking266Quarantines267Creating Custom Email User Roles267Using Custom Email User Roles268About Custom Web User Roles268Creating Custom Web User Roles269Editing Custom Web User Roles270Deleting Custom User Roles270About Authenticating Administrative Users270Changing the Admin User’s Password270Managing Locally-Defined Administrative Users271Adding Locally-Defined Users271Editing Locally-Defined Users272Deleting Locally-Defined Users272Viewing the List of Locally-Defined Users272Setting and Changing Passwords272Setting Password and Login Requirements273Requiring Users to Change Passwords on Demand276Locking and Unlocking Local User Accounts276Locking User Accounts Manually276Unlocking User Accounts277External User Authentication277Configuring LDAP Authentication277Enabling RADIUS Authentication277Additional Controls on Access to the Security Management Appliance280Configuring IP-Based Network Access280Direct Connections280Connecting Through a Proxy280Creating the Access List280Configuring the Web UI Session Timeout282Controlling Access to Sensitive DLP Information in Message Tracking283Displaying a Message for Administrative Users283Viewing Administrative User Activity283Viewing Active Sessions Using the Web284Viewing Your Recent Login Attempts284Viewing Administrative User Activity via the Command Line Interface284Troubleshooting Administrative User Access285Error: User Has No Access Privileges Assigned285User Has No Active Menus285Externally-Authenticated Users See Preferences Option286Common Administrative Tasks287Performing Administrative Tasks287Working with Feature Keys288Virtual Appliance Licensing and Feature Keys288Performing Maintenance Tasks Using CLI Commands288Shutting Down the Security Management Appliance289Rebooting the Security Management Appliance289Taking the Security Management Appliance Out of Service289CLI Examples: suspend and suspendtransfers Commands290Resuming from a Suspended State290CLI Examples: resume and resumetransfers Commands290Resetting the Configuration to Factory Defaults291The resetconfig Command291Displaying the Version Information for AsyncOS292Enabling Remote Power Management292Backing Up Security Management Appliance Data293What Data Is Backed Up293Restrictions and Requirements for Backups294Backup Duration295Availability of Services During Backups295Interruption of a Backup Process295Prevent the Target Appliance From Pulling Data Directly from Managed Appliances296Receiving Alerts About Backup Status296Scheduling Single or Recurring Backups296Starting an Immediate Backup297Checking Backup Status298Backup Information in Log Files298Other Important Backup Tasks298Making a Backup Appliance the Primary Appliance298Disaster Recovery on the Security Management Appliance299Upgrading Appliance Hardware301Upgrading AsyncOS301Batch Commands for Upgrades302Determining Network Requirements for Upgrades and Updates302Choosing an Upgrade Method: Remote vs. Streaming302Streaming Upgrade Overview302Remote Upgrade Overview303Hardware and Software Requirements for Remote Upgrades304Hosting a Remote Upgrade Image304Important Differences in Remote Upgrading Method305Configuring Upgrade and Service Update Settings305Upgrade and Update Settings306Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies307Configuring the Update and Upgrade Settings from the GUI308Upgrade Notifications309Before You Upgrade: Important Steps309Upgrading AsyncOS310Viewing Status of, Canceling, or Deleting a Background Download312After Upgrading312About Reverting to an Earlier Version of AsyncOS312Important Note About Reversion Impact313Reverting AsyncOS313About Updates315About URL Category Set Updates for Web Usage Controls315Configuring the Return Address for Generated Messages315Managing Alerts316Alert Types and Severities316Alert Delivery316Viewing Recent Alerts317About Duplicate Alerts317Cisco AutoSupport318Hardware Alert Descriptions318System Alert Descriptions318Changing Network Settings321Changing the System Hostname321The sethostname Command321Configuring Domain Name System Settings322Specifying DNS Servers322Multiple Entries and Priority322Using the Internet Root Servers323Reverse DNS Lookup Timeout323DNS Alert324Clearing the DNS Cache324Configuring DNS Settings via the Graphical User Interface324Configuring TCP/IP Traffic Routes324Managing Static Routes in the GUI324Modifying the Default Gateway (GUI)325Configuring the Default Gateway325Configuring the System Time325Using a Network Time Protocol (NTP) Server326Selecting a GMT Offset326Updating Time Zone Files326Automatically Updating Time Zone Files327Manually Updating Time Zone Files327Saving and Importing Configuration Settings327Managing Configuration Files328Saving and Exporting the Current Configuration File328Loading a Configuration File328Empty Versus Omitted Tags329Note About Loading Passwords for Log Subscriptions330Note About Character Set Encoding330Resetting the Current Configuration330Rolling Back to a Previously Committed Configuration330CLI Commands for Configuration Files330The showconfig, mailconfig, and saveconfig Commands331The loadconfig Command332The rollbackconfig Command332The publishconfig Command332Uploading Configuration Changes Using the CLI332Managing Disk Space333(Virtual Appliances Only) Increasing Available Disk Space333Viewing Disk Quotas and Usage334Disk Space Maximums and Allocations334Ensuring That You Receive Alerts About Disk Space335Managing Disk Space for the Miscellaneous Quota335Reallocating Disk Space Quotas336Customizing Your View336Using Favorite Pages336Setting Preferences337Logging339Logging Overview339Logging Versus Reporting339Log Retrieval340Filename and Directory Structure340Log Rollover and Transfer Schedule340Timestamps in Log Files341Logs Enabled by Default341Log Types342Summary of Log Types342Log Type Comparison345Using Configuration History Logs345Using CLI Audit Logs346Using FTP Server Logs347Using HTTP Logs347Using Spam Quarantine Logs348Using Spam Quarantine GUI Logs348Using Text Mail Logs349Sample Text Mail Log349Examples of Text Mail Log Entries350Message Receiving351Successful Message Delivery Example351Unsuccessful Message Delivery (Hard Bounce)351Soft Bounce with Ultimately Successful Delivery Example351Message Scanning Results (scanconfig)352Message with Attachment352Generated or Rewritten Messages353Sending a Message to the Spam Quarantine353Using NTP Logs354Using Reporting Logs354Using Reporting Query Logs355Using Safelist/Blocklist Logs355Using SMA Logs356Using Status Logs357Using System Logs359Understanding Tracking Logs359Log Subscriptions359Configuring Log Subscriptions360Setting the Log Level360Creating a Log Subscription in the GUI361Editing Log Subscriptions362Configuring Global Settings for Logging362Logging Message Headers363Configuring Global Settings for Logging by Using the GUI363Rolling Over Log Subscriptions364Rolling Over Logs in Log Subscriptions364Rolling Over Logs Immediately Using the GUI364Rolling Over Logs Immediately via the CLI364Viewing the Most Recent Log Entries in the GUI364Viewing the Most Recent Entries in Logs (tail Command)364Configuring Host Keys365Troubleshooting369Collecting System Information369Troubleshooting Feature Setup Issues369General Troubleshooting Resources369Troubleshooting Performance Issues on Managed Appliances370Troubleshooting Issues with Specific Functionality370Working with Technical Support371Opening or Updating a Support Case from the Appliance371Getting Support for Virtual Appliances372Enabling Remote Access for Cisco Technical Support Personnel372Enabling Remote Access to Appliances With an Internet Connection372Enabling Remote Access to Appliances Without a Direct Internet Connection373Disabling a Tech Support Tunnel373Disabling Remote Access373Checking the Status of the Support Connection374Running a Packet Capture374Remotely Resetting Appliance Power375IP Interfaces and Accessing the Appliance377IP Interfaces377Configuring IP Interfaces377Creating IP Interfaces Using the GUI378Accessing the Appliance via FTP379Secure Copy (scp) Access381Accessing via a Serial Connection382Pinout Details for the Serial Port in 80- Series Hardware382Pinout Details for the Serial Port in 60- and 70-Series Hardware382Assigning Network and IP Addresses385Ethernet Interfaces385Selecting IP Addresses and Netmasks385Sample Interface Configurations386IP Addresses, Interfaces, and Routing386Summary387Strategies for Connecting Your Content Security Appliance387Firewall Information389Web Security Management Examples391Web Security Appliance Examples391Example 1: Investigating a User391Related Topics392Example 2: Tracking a URL393Related Topics393Example 3: Investigating Top URL Categories Visited393Related Topics394Additional Resources395Cisco Notification Service395Documentation395Third Party Contributors396Training397Knowledge Base397Cisco Support Community397Customer Support397Registering for a Cisco Account398Cisco Welcomes Your Comments398End User License Agreement399Cisco Systems End User License Agreement399Supplemental End User License Agreement for Cisco Systems Content Security Software406Index409Tamaño: 4 MBPáginas: 418Language: EnglishManuales abiertas
Guía Del UsuarioTabla de contenidosAsyncOS 9.5.2 for Cisco Content Security Management Appliances User Guide1Contents3Introduction23What’s New in This Release23Cisco Content Security Management Overview23Setup, Installation, and Basic Configuration25Solution Deployment Overview25SMA Compatibility Matrix26Installation Planning26Network Planning26About Integrating a Security Management Appliance with Email Security Appliances27Deployments with Clustered Email Security Appliances27Preparing for Setup28Physically Setting Up and Connecting the Appliance28Determining Network and IP Address Assignments28Gathering the Setup Information29Accessing the Security Management Appliance30Browser Requirements30About Accessing the Web Interfaces30Accessing the Web Interface31Accessing the Command Line Interface31Supported Languages31Running the System Setup Wizard32Before You Begin32Overview of the System Setup Wizard33Launch the System Setup Wizard33Review the End User License Agreement33Configure the System Settings33Entering an Email Address for System Alerts33Setting the Time34Setting the Password34Enabling AutoSupport34Configure the Network Settings34Network Settings34Review Your Configuration35Proceeding to the Next Steps35About Adding Managed Appliances35Editing Managed Appliance Configurations36Removing an Appliance from the List of Managed Appliances36Configuring Services on the Security Management Appliance37Committing and Abandoning Configuration Changes37Working With Reports39Ways to View Reporting Data39How the Security Appliance Gathers Data for Reports40How Reporting Data is Stored40About Reporting and Upgrades41Customizing Your View of Report Data41Viewing Reporting Data for an Appliance or Reporting Group42Choosing a Time Range for Reports42(Web Reports Only) Choosing Which Data to Chart43Customizing Tables on Report Pages44Custom Reports44Modules That Cannot Be Added to Custom Reports45Creating Your Custom Report Page45Viewing Details of Messages or Transactions Included in Reports46Improving Performance of Email Reports47Printing and Exporting Reporting and Tracking Data48Exporting Report Data as a Comma-Separated Values (CSV) File49Subdomains vs. Second-Level Domains in Reporting and Tracking50Troubleshooting All Reports50Unable to View Report Data on Backup Security Management Appliance51Reporting Is Disabled51Email and Web Reports51Using Centralized Email Security Reporting53Centralized Email Reporting Overview53Setting Up Centralized Email Reporting54Enabling Centralized Email Reporting on the Security Management Appliance54Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance55Creating Email Reporting Groups56Enabling Centralized Email Reporting on Email Security Appliances56Working with Email Report Data56Searching and the Interactive Email Report Pages57Understanding the Email Reporting Pages58Table Column Descriptions for Email Reporting Pages61Email Reporting Overview Page63How Incoming Mail Messages are Counted64How Email Messages Are Categorized by the Appliances64Categorizing Email Messages on the Overview Page65Incoming Mail Page67Views Within the Incoming Mail Page68“No Domain Information” Link69Time Ranges in the Mail Trend Graphs69Incoming Mail Details Table69Sender Profile Pages70Sender Groups Report Page71Outgoing Destinations Page71Outgoing Senders Page72Internal Users Page73Internal User Details Page74Searching for a Specific Internal User75DLP Incidents75DLP Incidents Details Table76DLP Policy Detail Page76Message Filters76High Volume Mail77Content Filters Page77Content Filter Details Page77DMARC Verification78Virus Types Page78URL Filtering Page79Web Interaction Tracking Page79Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages80Requirements for File Analysis Report Details80(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server80(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results81(On-Premises File Analysis) Activate the File Analysis Account81Additional Requirements82Identifying Files by SHA-256 Hash82File Reputation and File Analysis Report Pages82Viewing File Reputation Filtering Data in Other Reports83For Which Files Are Detailed File Analysis Results Visible in the Cloud?83TLS Connections Page84Inbound SMTP Authentication Page85Rate Limits Page86Outbreak Filters Page87Reporting of Graymail88Reporting of Marketing Messages after Upgrade to AsyncOS 9.589System Capacity Page89How to Interpret the Data You See on System Capacity Page90System Capacity – Workqueue90System Capacity – Incoming Mail91System Capacity – Outgoing Mail91System Capacity – System Load91Overall CPU Usage91Memory Page Swapping92Resource Conservation Activity92System Capacity – All92Threshold Indicator in System Capacity Graphs92Reporting Data Availability Page92About Scheduled and On-Demand Email Reports93Additional Report Types94Domain-Based Executive Summary Report94Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering95Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports95Creating Domain-Based Executive Summary Reports96Executive Summary Report97Scheduling Email Reports97Adding Scheduled Reports97Editing Scheduled Reports98Discontinuing Scheduled Reports98Generating Email Reports On Demand99Viewing and Managing Archived Email Reports100Accessing Archived Reports100Deleting Archived Reports101Troubleshooting Email Reports101Outbreak Filters Reports Do Not Show Information Correctly101Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report102Advanced Malware Protection Verdict Updates Report Results Differ102Issues Viewing File Analysis Report Details102File Analysis Report Details Are Not Available102Error When Viewing File Analysis Report Details102Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance103Logging of File Analysis-Related Errors103Total Graymail or Marketing Messages Appears To Be Incorrect103Using Centralized Web Reporting and Tracking105Centralized Web Reporting and Tracking Overview105Setting Up Centralized Web Reporting and Tracking106Enabling Centralized Web Reporting on the Security Management Appliance107Enabling Centralized Web Reporting on Web Security Appliances107Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance107Anonymizing User Names in Web Reports108Working with Web Security Reports109Web Reporting Page Descriptions109About Time Spent112Web Reporting Overview112Users Report (Web)114User Details (Web Reporting)115Web Sites Report117URL Categories Report118Reducing Uncategorized URLs119URL Category Set Updates and Reports119Using The URL Categories Page in Conjunction with Other Reporting Pages120Reporting Misclassified and Uncategorized URLs120Application Visibility Report120Understanding the Difference between Application versus Application Types121Anti-Malware Report122Malware Category Report123Malware Threat Report124Malware Category Descriptions124Advanced Malware Protection (File Reputation and File Analysis) Reports125Requirements for File Analysis Report Details126(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server126(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results126(On-Premises File Analysis) Activate the File Analysis Account126Additional Requirements127Identifying Files by SHA-256 Hash127Advanced Malware Protection (File Reputation and File Analysis) Report Pages128Viewing File Reputation Filtering Data in Other Reports129For Which Files Are Detailed File Analysis Results Visible in the Cloud?129Client Malware Risk Report130Web Reputation Filters Report131What are Web Reputation Filters?131Adjusting Web Reputation Settings133L4 Traffic Monitor Report133SOCKS Proxy Report135Reports by User Location135System Capacity Page136Viewing the System Capacity Report136How to Interpret the Data You See on the System Capacity Page137System Capacity - System Load137System Capacity - Network Load137Note About Proxy Buffer Memory Swapping138Data Availability Page138About Scheduled and On-Demand Web Reports138Scheduling Web Reports139Storage of Scheduled Web Reports140Adding Scheduled Web Reports140Editing Scheduled Web Reports141Deleting Scheduled Web Reports141Additional Extended Web Reports141Top URL Categories—Extended141Top Application Types—Extended142Generating Web Reports on Demand143Viewing and Managing Archived Web Reports144Web Tracking144Searching for Transactions Processed by Web Proxy Services144Malware Category Descriptions147Searching for Transactions Processed by the L4 Traffic Monitor148Searching for Transactions Processed by the SOCKS Proxy149Working with Web Tracking Search Results149Displaying More Web Tracking Search Results149Understanding Web Tracking Search Results149Viewing Transaction Details for Web Tracking Search Results150About Web Tracking and Advanced Malware Protection Features150About Web Tracking and Upgrades151Troubleshooting Web Reporting and Tracking151Centralized Reporting Is Enabled Properly But Not Working151Advanced Malware Protection Verdict Updates Report Results Differ152Issues Viewing File Analysis Report Details152File Analysis Report Details Are Not Available152Error When Viewing File Analysis Report Details152Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance152Expected Data Is Missing from Reporting or Tracking Results152PDF Shows Only a Subset of Web Tracking Data153Troubleshooting L4 Traffic Monitor Reports153Exported .CSV file is Different From Web Interface Data153Tracking Email Messages155Tracking Service Overview155Setting Up Centralized Message Tracking156Enabling Centralized Email Tracking on a Security Management Appliance156Configuring Centralized Message Tracking on Email Security Appliances156Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance157Managing Access to Sensitive Information158Checking Message Tracking Data Availability158Searching for Email Messages158Narrowing the Result Set161About Message Tracking and Advanced Malware Protection Features161Understanding Tracking Query Results162Message Details162Envelope and Header Summary163Sending Host Summary163Processing Details163DLP Matched Content Tab163Troubleshooting Message Tracking164Expected Messages Are Missing from Search Results164Attachments Do Not Appear in Search Results164Spam Quarantine165Overview of the Spam Quarantine165Local Versus External Spam Quarantine165Setting Up the Centralized Spam Quarantine166Enabling and Configuring the Spam Quarantine166Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance168Configuring an Outbound IP Interface on the Security Management Appliance169Configuring the IP Interface for Browser Access to the Spam Quarantine170Configuring Administrative User Access to the Spam Quarantine170Limiting Which Recipients Have Mail Quarantined171Ensuring That Message Text Displays Correctly171Spam Quarantine Language171Using Safelists and Blocklists to Control Email Delivery Based on Sender172Message Processing of Safelists and Blocklists172Enabling Safelists and Blocklists173External Spam Quarantine and Safelist/Blocklists173Adding Senders and Domains to Safelists and Blocklists (Administrators)174Syntax for Safelists and Blocklist Entries175Clearing All Safelists and Blocklists176About End-User Access to Safelists and Blocklists176Adding Entries to Safelists (End Users)176Adding the Sender of a Quarantined Message to the Safelist176Adding Senders to the Safelist Without a Quarantined Message177Adding Senders to Blocklists (End Users)177Backing Up and Restoring the Safelist/Blocklist177Troubleshooting Safelists and Blocklists178Message from Safelisted Sender Was Not Delivered178Configuring Spam Management Features for End Users179Authentication Options for End Users Accessing Spam Management Features179LDAP Authentication Process180IMAP/POP Authentication Process181Setting Up End-User Access to the Spam Quarantine via Web Browser181Configuring End-User Access to the Spam Quarantine182Determining the URL for End-User Access to the Spam Quarantine183Which Messages an End User Sees183Notifying End Users About Quarantined Messages183Recipient Email Mailing List Aliases and Spam Notifications185Testing Notifications185Troubleshooting Spam Notifications186User Receives Multiple Notifications186Recipient Does Not Receive Notifications186Managing Messages in the Spam Quarantine186Accessing the Spam Quarantine (Administrative Users)186Searching for Messages in the Spam Quarantine187Searching Very Large Message Collections187Viewing Messages in the Spam Quarantine187Delivering Messages in the Spam Quarantine188Deleting Messages from the Spam Quarantine188Disk Space for the Spam Quarantine188About Disabling the External Spam Quarantine188Troubleshooting Spam Quarantine Features189Centralized Policy, Virus, and Outbreak Quarantines191Overview of Centralized Quarantines191Quarantine Types192Centralizing Policy, Virus, and Outbreak Quarantines193Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance194Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance195Configuring Migration of Policy, Virus, and Outbreak Quarantines196Designating an Alternate Appliance to Process Released Messages197Configuring Centralized Quarantine Access for Custom User Roles198Disabling Centralized Policy, Virus, and Outbreak Quarantines198Releasing Messages When an Email Security Appliance Is Unavailable198Managing Policy, Virus, and Outbreak Quarantines198Disk Space Allocation for Policy, Virus, and Outbreak Quarantines199Retention Time for Messages in Quarantines199Default Actions for Automatically Processed Quarantined Messages201Checking the Settings of System-Created Quarantines201Configuring Policy, Virus, and Outbreak Quarantines201About Editing Policy, Virus, and Outbreak Quarantine Settings203Determining the Filters and Message Actions to Which a Policy Quarantine Is Assigned203About Deleting Policy Quarantines203Monitoring Quarantine Status, Capacity, and Activity204Alerts About Quarantine Disk-Space Usage205Policy Quarantines and Logging205About Distributing Message Processing Tasks to Other Users205Which User Groups Can Access Policy, Virus, and Outbreak Quarantines206Working with Messages in Policy, Virus, or Outbreak Quarantines206Viewing Messages in Quarantines207Quarantined Messages and International Character Sets207Finding Messages in Policy, Virus, and Outbreak Quarantines207Manually Processing Messages in a Quarantine208Sending a Copy of the Message209About Moving Messages Between Policy Quarantines209Messages in Multiple Quarantines209Message Details and Viewing Message Content210Viewing Matched Content211Downloading Attachments212About Rescanning of Quarantined Messages212The Outbreak Quarantine213Rescanning Messages in an Outbreak Quarantine213Manage by Rule Summary Link214Reporting False Positives or Suspicious Messages to Cisco Systems214Troubleshooting Centralized Policy Quarantines214Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions214Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned214Managing Web Security Appliances215About Centralized Configuration Management215Determining the Correct Configuration Publishing Method215Setting Up Configuration Masters to Centrally Manage Web Security Appliances216Important Notes About Using Configuration Masters217Determine the Configuration Master Versions to Use217Enabling Centralized Configuration Management on the Security Management Appliance218Initializing Configuration Masters218About Associating Web Security Appliances to Configuration Masters219Adding Web Security Appliances and Associating Them with Configuration Master Versions219Associating Configuration Master Versions to Web Security Appliances220Configuring Settings to Publish220Importing from an Existing Configuration Master221Importing Settings from a Web Security Appliance222Configuring Web Security Features Directly in Configuration Masters222SMA-Specific Differences when Configuring Features in Configuration Masters223Tip for Working with Identities/Identification Profiles in Configuration Masters224Ensuring that Features are Enabled Consistently224Comparing Enabled Features224Enabling Features to Publish225Disabling Unused Configuration Masters226Setting Up to Use Advanced File Publishing227Publishing Configurations to Web Security Appliances227Publishing a Configuration Master227Before You Publish a Configuration Master227Publishing a Configuration Master Now229Publishing a Configuration Master Later230Publishing a Configuration Master Using the Command Line Interface230Publishing Configurations Using Advanced File Publishing231Advanced File Publish: Publish Configuration Now231Advanced File Publish: Publish Later232Viewing Status and History of Publishing Jobs233Viewing Publish History233Viewing Web Security Appliance Status233Viewing a Summary of Status of Web Appliances233Viewing Status of Individual Web Security Appliances234Web Appliance Status Details234Preparing For and Managing URL Category Set Updates235Understand the Impacts of URL Category Set Updates235Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates235Specify Default Settings for New and Changed Categories236When the URL Category Set is Updated, Check Your Policy and Identity/Identification Profile Settings236Troubleshooting Configuration Management Issues236In Configuration Master > Identities/Identification Profiles, Groups Are Not Available236Configuration Master > Access Policies > Web Reputation and Anti-Malware Settings Page Settings are Not as Expected237Troubleshooting Configuration Publishing Failures237Monitoring System Status239About Security Management Appliance Status239Monitoring Security Management Appliance Capacity240Monitoring the Processing Queue240Monitoring CPU Utilization240Monitoring Status of Data Transfer From Managed Appliances241Viewing the Configuration Status of Your Managed Appliances242Additional Status Information for Web Security Appliances242Monitoring Reporting Data Availability Status242Monitoring Email Security Reporting Data Availability243Monitoring Web Security Reporting Data Availability243Monitoring Email Tracking Data Status244Monitoring Capacity of Managed Appliances244Identifying Active TCP/IP Services244Integrating with LDAP245Overview245Configuring LDAP to Work with the Spam Quarantine245Creating the LDAP Server Profile246Testing LDAP Servers248Configuring LDAP Queries248LDAP Query Syntax248Tokens249Spam Quarantine End-User Authentication Queries249Sample Active Directory End-User Authentication Settings250Sample OpenLDAP End-User Authentication Settings250Spam Quarantine Alias Consolidation Queries250Sample Active Directory Alias Consolidation Settings251Sample OpenLDAP Alias Consolidation Settings251Testing LDAP Queries252Domain-Based Queries252Creating a Domain-Based Query253Chain Queries254Creating a Chain Query254Configuring AsyncOS to Work With Multiple LDAP Servers255Testing Servers and Queries256Failover256Configuring the Cisco Content Security Appliance for LDAP Failover256Load Balancing257Configuring the Cisco Content Security Appliance for Load Balancing257Configuring External Authentication of Administrative Users Using LDAP258User Accounts Query for Authenticating Administrative Users259Group Membership Queries for Authenticating Administrative Users259Enabling External Authentication of Administrative Users261Configuring SMTP Routing263SMTP Routes Overview263SMTP Routes, Mail Delivery, and Message Splintering264SMTP Routes and Outbound SMTP Authentication264Routing Email for Local Domains264Default SMTP Route264Managing SMTP Routes265Defining an SMTP Route265SMTP Routes Limits265Adding SMTP Routes265Exporting SMTP Routes266Importing SMTP Routes266SMTP Routes and DNS268Distributing Administrative Tasks269About Distributing Administrative Tasks269Assigning User Roles269Predefined User Roles269Custom User Roles272About Custom Email User Roles272Access to Email Reporting272Access to Message Tracking Data274Access to Quarantines for Custom User Role274Creating Custom Email User Roles274Using Custom Email User Roles275About Custom Web User Roles275Creating Custom Web User Roles276Editing Custom Web User Roles277Deleting Custom User Roles277User Roles with Access to the CLI277Using LDAP277Access to Quarantines278About Authenticating Administrative Users278Changing the Admin User’s Password278Managing Locally-Defined Administrative Users278Adding Locally-Defined Users279Editing Locally-Defined Users279Deleting Locally-Defined Users280Viewing the List of Locally-Defined Users280Setting and Changing Passwords280Setting Password and Login Requirements280Requiring Users to Change Passwords on Demand283Locking and Unlocking Local User Accounts284Locking User Accounts Manually284Unlocking User Accounts284External User Authentication285Configuring LDAP Authentication285Enabling RADIUS Authentication285Additional Controls on Access to the Security Management Appliance288Configuring IP-Based Network Access288Direct Connections288Connecting Through a Proxy288Creating the Access List288Configuring the Web UI Session Timeout290Controlling Access to Sensitive Information in Message Tracking291Displaying a Message for Administrative Users291Viewing Administrative User Activity291Viewing Active Sessions Using the Web292Viewing Your Recent Login Attempts292Viewing Administrative User Activity via the Command Line Interface292Troubleshooting Administrative User Access293Error: User Has No Access Privileges Assigned293User Has No Active Menus293Externally-Authenticated Users See Preferences Option294Common Administrative Tasks295Performing Administrative Tasks295Working with Feature Keys296Virtual Appliance Licensing and Feature Keys296Performing Maintenance Tasks Using CLI Commands296Shutting Down the Security Management Appliance297Rebooting the Security Management Appliance297Taking the Security Management Appliance Out of Service297CLI Examples: suspend and suspendtransfers Commands298Resuming from a Suspended State299CLI Examples: resume and resumetransfers Commands299Resetting the Configuration to Factory Defaults299The resetconfig Command300Displaying the Version Information for AsyncOS300Enabling Remote Power Management301Monitoring System Health Using SNMP302Example: snmpconfig Command302Backing Up Security Management Appliance Data304What Data Is Backed Up304Restrictions and Requirements for Backups305Backup Duration306Availability of Services During Backups306Interruption of a Backup Process307Prevent the Target Appliance From Pulling Data Directly from Managed Appliances307Receiving Alerts About Backup Status308Scheduling Single or Recurring Backups308Starting an Immediate Backup308Checking Backup Status309Backup Information in Log Files309Other Important Backup Tasks310Making a Backup Appliance the Primary Appliance310Disaster Recovery on the Security Management Appliance311Upgrading Appliance Hardware313Upgrading AsyncOS313Batch Commands for Upgrades313Determining Network Requirements for Upgrades and Updates314Choosing an Upgrade Method: Remote vs. Streaming314Streaming Upgrade Overview314Remote Upgrade Overview314Hardware and Software Requirements for Remote Upgrades315Hosting a Remote Upgrade Image316Important Differences in Remote Upgrading Method316Configuring Upgrade and Service Update Settings316Upgrade and Update Settings317Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies318Configuring the Update and Upgrade Settings from the GUI320Upgrade Notifications320Before You Upgrade: Important Steps321Upgrading AsyncOS321Viewing Status of, Canceling, or Deleting a Background Download323After Upgrading323About Reverting to an Earlier Version of AsyncOS324Important Note About Reversion Impact324Reverting AsyncOS324About Updates326About URL Category Set Updates for Web Usage Controls326Configuring the Return Address for Generated Messages326Managing Alerts327Alert Types and Severities327Alert Delivery327Viewing Recent Alerts328About Duplicate Alerts328Cisco AutoSupport329Hardware Alert Descriptions329System Alert Descriptions329Changing Network Settings332Changing the System Hostname332The sethostname Command332Configuring Domain Name System Settings333Specifying DNS Servers333Multiple Entries and Priority333Using the Internet Root Servers334Reverse DNS Lookup Timeout334DNS Alert334Clearing the DNS Cache334Configuring DNS Settings via the Graphical User Interface335Configuring TCP/IP Traffic Routes335Managing Static Routes in the GUI335Modifying the Default Gateway (GUI)335Configuring the Default Gateway336Configuring the System Time336Using a Network Time Protocol (NTP) Server336Selecting a GMT Offset337Updating Time Zone Files337Automatically Updating Time Zone Files337Manually Updating Time Zone Files337Saving and Importing Configuration Settings338Managing Configuration Files338Saving and Exporting the Current Configuration File338Loading a Configuration File339Empty Versus Omitted Tags340Note About Loading Passwords for Log Subscriptions340Note About Character Set Encoding340Resetting the Current Configuration340Rolling Back to a Previously Committed Configuration340CLI Commands for Configuration Files341The showconfig, mailconfig, and saveconfig Commands341The loadconfig Command342The rollbackconfig Command342The publishconfig Command342Uploading Configuration Changes Using the CLI343Managing Disk Space344(Virtual Appliances Only) Increasing Available Disk Space344Viewing Disk Space, Quotas, and Usage345About Disk Space Maximums and Allocations345Ensuring That You Receive Alerts About Disk Space345Managing Disk Space for the Miscellaneous Quota346Reallocating Disk Space Quotas346Adjusting the Reference Threshold in System Health Graphs for Email Security Appliances347Customizing Your View347Using Favorite Pages348Setting Preferences348Improving Web Interface Rendering349Logging351Logging Overview351Logging Versus Reporting351Log Retrieval352Filename and Directory Structure352Log Rollover and Transfer Schedule352Timestamps in Log Files353Logs Enabled by Default353Log Types354Summary of Log Types354Log Type Comparison357Using Configuration History Logs357Using CLI Audit Logs358Using FTP Server Logs359Using HTTP Logs359Using Spam Quarantine Logs360Using Spam Quarantine GUI Logs360Using Text Mail Logs361Sample Text Mail Log361Examples of Text Mail Log Entries362Message Receiving363Successful Message Delivery Example363Unsuccessful Message Delivery (Hard Bounce)363Soft Bounce with Ultimately Successful Delivery Example363Message Scanning Results (scanconfig)364Message with Attachment364Generated or Rewritten Messages365Sending a Message to the Spam Quarantine365Using NTP Logs366Using Reporting Logs366Using Reporting Query Logs367Using Safelist/Blocklist Logs367Using SMA Logs368Using Status Logs369Using System Logs371Understanding Tracking Logs371Log Subscriptions371Configuring Log Subscriptions372Setting the Log Level372Creating a Log Subscription in the GUI373Editing Log Subscriptions374Configuring Global Settings for Logging374Logging Message Headers375Configuring Global Settings for Logging by Using the GUI375Rolling Over Log Subscriptions376Rolling Over Logs in Log Subscriptions376Rolling Over Logs Immediately Using the GUI376Rolling Over Logs Immediately via the CLI376Viewing the Most Recent Log Entries in the GUI376Viewing the Most Recent Entries in Logs (tail Command)376Configuring Host Keys377Troubleshooting381Collecting System Information381Troubleshooting Hardware Issues381Troubleshooting Feature Setup Issues382General Troubleshooting Resources382Troubleshooting Performance Issues on Managed Appliances382Troubleshooting Issues with Specific Functionality382Responding to Alerts383Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware383Additional Alert Descriptions383Working with Technical Support384Opening or Updating a Support Case from the Appliance384Getting Support for Virtual Appliances385Enabling Remote Access for Cisco Technical Support Personnel385Enabling Remote Access to Appliances With an Internet Connection385Enabling Remote Access to Appliances Without a Direct Internet Connection386Disabling a Tech Support Tunnel386Disabling Remote Access386Checking the Status of the Support Connection387Running a Packet Capture387Remotely Resetting Appliance Power388IP Interfaces and Accessing the Appliance391IP Interfaces391Configuring IP Interfaces391Creating IP Interfaces Using the GUI392Accessing the Appliance via FTP393Secure Copy (scp) Access395Accessing via a Serial Connection396Pinout Details for the Serial Port in 80- and 90- Series Hardware396Pinout Details for the Serial Port in 70-Series Hardware396Assigning Network and IP Addresses399Ethernet Interfaces399Selecting IP Addresses and Netmasks399Sample Interface Configurations400IP Addresses, Interfaces, and Routing400Summary401Strategies for Connecting Your Content Security Appliance401Firewall Information403Web Security Management Examples405Web Security Appliance Examples405Example 1: Investigating a User405Related Topics406Example 2: Tracking a URL407Related Topics407Example 3: Investigating Top URL Categories Visited407Related Topics408Additional Resources409Cisco Notification Service409Documentation409Third Party Contributors410Training410Knowledge Base Articles (TechNotes)411Cisco Support Community411Customer Support411Registering for a Cisco Account411Cisco Welcomes Your Comments412End User License Agreement413Cisco Systems End User License Agreement413Supplemental End User License Agreement for Cisco Systems Content Security Software420Index423Tamaño: 4 MBPáginas: 432Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1Hot Patch 21Build Number and Release Date1Upgrade Paths1Bugs Fixed in This Hot Patch2Hot Patch 12Build Number and Release Date2Upgrade Paths2Bugs Fixed in This Hot Patch2Tamaño: 100 KBPáginas: 2Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1New Features2New Features in Release 9.5.12New Features in Release 9.5.02Supported Hardware3Upgrade Paths3Upgrading to Release 9.5.1-009 - Deprovisioned3Upgrading to Release 9.5.0-125 (GD - General Deployment)3Upgrading to Release 9.5.0-053 (LD - Limited Deployment)3Compatibility with Email and Web Security Releases4Important Notes4Content Security Release Terminology4SNMP4New and Changed Information4(Web Security Management) Configuration Master Changes5(Release 9.5.1) Configuration Master Changes5(Release 9.5.0) Configuration Masters 8.5 and 8.7 Are Now Configuration Master 8.85(Release 9.5.1) Changes to the Web Reputation Filtering Report5Change When Saving a Configuration File During Upgrade (CLI)5(Email Security Reporting) Changes in Reporting of Marketing Messages5Installation and Upgrade Notes6Important Additional Reading6Virtual Appliance6Upgrading a Virtual Appliance6Migrating From a Hardware Appliance to a Virtual Appliance6Preupgrade Requirements7Prepare for the SSH Vulnerability Fix7File Analysis Quarantine (Email Security)7Verify Associated Email and Web Security Appliance Versions8Back Up Your Existing Configuration8Upgrading to This Release8Important! Requirements After Upgrade8Virtual Appliances: Required Changes for SSH Security Vulnerability Fix8File Analysis: Required Changes to View Analysis Result Details in the Cloud9Reallocate Disk Space9Documentation Updates10File Analysis Grouping10Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware10Known and Fixed Issues10Bug Search Tool Requirements10Lists of Known and Fixed Issues11Known and Fixed Issues in Release 9.5.111Known and Fixed Issues in Release 9.5.011Other Bug Searches11Related Documentation12Service and Support12Tamaño: 200 KBPáginas: 12Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1New Features1Supported Hardware2Upgrade Paths2Compatibility with Email and Web Security Releases2Important Notes2Content Security Release Terminology2Installation Notes2Important Additional Reading2Migrating from Older Hardware to x90 Hardware Appliances2Documentation Updates3Known and Fixed Issues3Bug Search Tool Requirements3Lists of Known and Fixed Issues3Other Bug Searches3Related Documentation4Service and Support4Tamaño: 100 KBPáginas: 5Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1Hot Patch 11Build Number and Release Date1Upgrade Paths1Fixed Defects in This Hot Patch2Hot Patch 22Build Number and Release Date2Upgrade Paths2Fixed Defects in This Hot Patch2Tamaño: 100 KBPáginas: 2Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1New Features1New in Release 9.6.12New in Release 9.6.1-0272Release 9.6.1-0192New in Release 9.6.02Supported Hardware3Upgrade Paths3Upgrading to Release 9.6.1-027 (GD - General Deployment)3Upgrading to Release 9.6.1-019 (De-provisioned)3Upgrading to Release 9.6.0-051 (GD - General Deployment)4Content Security Release Terminology4Compatibility with Email and Web Security Releases4New and Changed Information4Communication Protocol4(Email Security) URL Filtering Report Change5(Email Security) Changes in Reporting of Marketing Messages5Change When Saving a Configuration File During Upgrade (CLI)5(Web Security) Changes to Malware Categories and Malware Threats6(Web Security) Configuration Master Changes6(Web Security) Changes to the Web Reputation Filtering Report6Installation and Upgrade Notes6Important Additional Reading6Virtual Appliance7Upgrading a Virtual Appliance7Migrating From a Hardware Appliance to a Virtual Appliance7Pre-upgrade Requirements7Prepare for the SSH Vulnerability Fix7Verify Associated Email and Web Security Appliance Versions8Back Up Your Existing Configuration8Upgrading to This Release8Important! Requirements After Upgrade9Virtual Appliances: Required Changes for SSH Security Vulnerability Fix9File Analysis: Required Changes to View Analysis Result Details in the Cloud9Documentation Updates9Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware10SNMP10Known and Fixed Issues10Bug Search Tool Requirements11Lists of Known and Fixed Issues11Known and Fixed Issues in Release 9.6.111Known and Fixed Issues in Release 9.6.011Other Bug Searches11Related Documentation12Service and Support12Tamaño: 200 KBPáginas: 12Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1Hot Patch 11Build Number and Release Date1Upgrade Paths1Known and Fixed Defects in This Hot Patch2Hot Patch 22Build Number and Release Date2Upgrade Paths2Known and Fixed Defects in This Hot Patch2Tamaño: 100 KBPáginas: 3Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1New Features1New in Cisco AsyncOS 10.0.0-096 (GD - General Deployment)2New in Cisco AsyncOS 10.0.0-088 (MD - Maintenance Deployment)2New in Cisco AsyncOS 10.0.0-0552Upgrade Paths5Upgrading to Cisco AsyncOS 10.0.0-096 (GD - General Deployment)5Upgrading to Cisco AsyncOS 10.0.0-088 (MD - Maintenance Deployment)5Upgrading to Cisco AsyncOS 10.0.0-0555Content Security Release Terminology5Compatibility with Email and Web Security Releases6Changed Information6Installation and Upgrade Notes6Important Additional Reading6Virtual Appliance7Upgrading a Virtual Appliance7Migrating From a Hardware Appliance to a Virtual Appliance7Preupgrade Requirements7Verify Associated Email and Web Security Appliance Versions7Back Up Your Existing Configuration8IPMI Messages During Upgrade8Upgrading to This Release8Documentation Updates8Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware9Known and Fixed Issues9Bug Search Tool Requirements9Lists of Known and Fixed Issues9Finding Information about Known and Resolved Issues9Related Documentation10Service and Support11Tamaño: 200 KBPáginas: 12Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1Hot Patch 11Build Number and Release Date1Upgrade Paths1Bugs Fixed in This Hot Patch2Tamaño: 200 KBPáginas: 2Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1General Compatibility Information1Compatibility With Virtual Appliances2Compatibility with Email Security Appliances2Compatibility with Web Security Appliances4Centralized Web Reporting and Tracking4Centralized Configuration Management6Advanced File Publishing6Configuration Masters6Support for Cloud Web Security Connector10Additional Information10Tamaño: 200 KBPáginas: 10Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosContents1Hot Patch 41Build Number and Release Date1Upgrade Paths1Bugs Fixed in This Hot Patch2Hot Patch 32Build Number and Release Date2Upgrade Paths2Bugs Fixed in This Hot Patch2Hot Patch 22Hot Patch 13Build Number and Release Date3Upgrade Paths3Bugs Fixed in This Hot Patch3Tamaño: 200 KBPáginas: 3Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidos1 Welcome22 Before You Begin23 Plan the Installation34 Document Required Settings35 Install the Appliance in a Rack4Appliance Placement46 Temporarily Change Your IP Address for Remote Access5For Windows5For Mac67 Connect to the Appliance68 Plug In and Power Up the Appliance79 Log In to the Appliance8Web-Based Interface8Command-Line Interface810 Run the System Setup Wizard911 Check for Available Upgrades1012 Configure Network Settings1013 Additional Configurations1114 Where to Go From Here1215 Cisco Notification Service12Tamaño: 500 KBPáginas: 14Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidos1 Welcome22 Before You Begin33 Document Network Settings44 Plan the Installation55 Install the Appliance in a Rack6Appliance Placement66 Plug In the Appliance77 Temporarily Change Your IP Address8For Windows8For Mac88 Connect to the Appliance99 Power Up the Appliance1010 Log In to the Appliance10Web-Based Interface10Command-Line Interface1111 Run the System Setup Wizard1212 Configure Network Settings1313 Configuration Summary1414 You’re Done!15Adding Security Appliances15Enabling Centralized Email and Web Reporting15Message Tracking15Scheduled Email and Web Reporting16More Information1615 Frequently Asked Questions1716 Where to Go From Here19Tamaño: 1 MBPáginas: 24Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidos1 Welcome22 Before You Begin23 Plan the Installation34 Document Required Settings35 Install the Appliance in a Rack4Appliance Placement46 Temporarily Change Your IP Address for Remote Access4For Windows5For Mac57 Connect to the Appliance68 Plug In and Power Up the Appliance79 Log In to the Appliance8Web-Based Interface8Command-Line Interface910 Run the System Setup Wizard911 Check for Available Upgrades1012 Configure Network Settings1113 Additional Configurations1114 Where to Go From Here1215 Cisco Notification Service13Tamaño: 500 KBPáginas: 14Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidos1 Welcome22 Before You Begin23 Plan the Installation34 Document Required Settings35 Install the Appliance in a Rack5Appliance Placement56 Temporarily Change Your IP Address for Remote Access5For Windows5For Mac67 Connect to the Appliance78 Plug In and Power Up the Appliance89 Log In to the Appliance9Web-Based Interface9Command-Line Interface910 Run the System Setup Wizard1011 Check for Available Upgrades1112 Configure Network Settings1113 Additional Configurations1214 Where to Go From Here1315 Cisco Notification Service13Tamaño: 600 KBPáginas: 16Language: EnglishManuales abiertas
/es/manuals/1602022/Tabla de contenidosTable of Contents3Reporting API5Reporting API Overview6Downloading Reporting Data6Retrieving CSV Data via Automated Processes6Email Security Appliance Download URL7Security Management Appliance Download URL7Sample URL for ESA Using the ‘Export’ Link7File Format7Timestamps7Keys8Streaming8Reporting Glossary9Messages9Domains9Outgoing Mail9Internal User9Reputation Filtering ‘Multiplier’9Reporting Data Descriptions10Table Keys10Common Entries10Incoming and Outgoing Mail Summary10Incoming Mail Summary10Outgoing Mail Summary11Outgoing Mail Delivery Details11Incoming Mail Details11Incoming Domains11Incoming IP Addresses12Incoming Network Owners13Sender Group Details14Sender Group Connection Numbers14Sender Group Mail Flow Policy Overview15Internal Users15Internal User Mail Flow Overview15Individual User Detail - Incoming Mail16Individual User Detail - Outgoing Mail16Individual User Detail - Incoming Filter Matches17Individual User Detail - Outgoing Filter Matches17Content Filters17Content Filters Summary - Incoming Filters17Content Filters Summary - Outgoing Filters18Incoming Content Filter Detail - Total Matches18Outgoing Content Filter Detail - Total Matches18Incoming Content Filter Detail - Matches Per User18Outgoing Content Filter Detail - Matches Per User19Virus Outbreaks19Virus Outbreak Filter Details19Virus Types20Top Incoming Virus Types Detected20Top Outgoing Virus Types Detected20Virus Types Detail20TLS Connections21Incoming TLS Connections Summary21Incoming TLS Messages Summary21Incoming TLS Connections Details21Outgoing TLS Connections Summary22Outgoing TLS Messages Summary23Outgoing TLS Connections Details23System Capacity24Average Time Spent in Work Queue24Average Messages in Work Queue24Maximum Messages in Work Queue24Total Incoming Connections24Total Incoming Messages24Average Incoming Message Size (Bytes)25Total Incoming Message Size (Bytes)25Total Outgoing Connections25Total Outgoing Messages25Average Outgoing Message Size (Bytes)25Total Outgoing Message Size (Bytes)26Overall CPU Usage26Overall CPU Usage26Tamaño: 100 KBPáginas: 26Language: EnglishManuales abiertas