Cisco Cisco Email Security Appliance X1050 Fehlerbehebungsanleitung

This document describes the alert attributed to the Cisco Email Security Appliance (ESA) with
Advanced Malware Protection (AMP) enabled, where the service does not communicate over port
32137 for File Reputation.

AMP was released for use on the ESA in AsyncOS Version 8.5.5 for Email Security.  With AMP
licensed and enabled on the ESA, administrators receive this message:

The AMP service might be enabled, but probably does not communicate on the network via port
32137 for File Reputation.

If that is the case, the ESA administrator can choose to have File Reputation communicate over
port 443.

In order to do so, run ampconfig > advanced from the CLI and be sure that Y is selected for Do
you want to enable SSL communication (port 443) for file reputation? [N]>:

10.0.0-125.local> ampconfig

File Reputation: Enabled

File Analysis: Enabled

File types selected for File Analysis:

Microsoft Windows / DOS Executable

Appliance Group ID/Name: Not part of any group yet

Choose the operation you want to perform:

- SETUP - Configure Advanced-Malware protection service.

- ADVANCED - Set values for AMP parameters (Advanced configuration).

- SETGROUP - Add this appliance to the group of appliances that can share File Analysis

reporting details.

- CLEARCACHE - Clears the local File Reputation cache.

[]> advanced

Enter cloud query timeout?

[15]>

Choose a file reputation server:

1. AMERICAS (cloud-sa.amp.sourcefire.com)

2. Private reputation cloud

[1]>