Cisco Cisco Email Security Appliance C680 User Guide

Cisco IronPort Systems uses a distributed upgrade server architecture to make 
sure customers can quickly download AsyncOS upgrades wherever in the world 
they are located. Because of this distributed server architecture, the Cisco 
IronPort update servers use dynamic IP addresses. If you have strict firewall 
policies, you may need to configure a static location for AsyncOS upgrades. For 
more information, see 

.

You will need to create a firewall rule to allow downloading of upgrades from 
Cisco IronPort update servers on ports 80 and 443. If you have any existing 
firewall rules allowing download of legacy upgrades from 

upgrades.ironport.com

 on ports such as 22, 25, 80, 4766, they will need to be 

removed and/or replaced with revised firewall rules. For more information, see 

.

The McAfee Anti-Virus and Cisco IronPort AsyncOS update servers use dynamic 
IP addresses. If you have strict firewall policies, you may need to configure a 
static location for updates and AsyncOS upgrades. If you determine that your 
firewall settings require a static IP address for updates, complete the following 
steps:

Contact Cisco IronPort Customer support to obtain the static URL address.

Create a firewall rule to allow downloading of upgrades from the static IP address 
on port 80.

Navigate to the Security Services > Service Updates page, and click Edit Update 
Settings.

On the Edit Update Settings page, in the “Update Servers (images)” section, 
choose Local Update Servers and enter the static URL received in step 

 in the 

Base URL field for AsyncOS upgrades and McAfee Anti-Virus definitions.

Your IronPort Appliance

IronPort Systems 

Update Servers

HTTP connection through firewall