Cisco Cisco Email Security Appliance C160 Mode D'Emploi
33-21
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 33 System Administration
Setting Up to Obtain Upgrades and Updates
Note
For this release, if you need to configure a firewall setting to allow HTTP access to this address, you
must configure it using the DNS name and not a specific IP address.
must configure it using the DNS name and not a specific IP address.
For hosting AsyncOS update files, you must have a server in your internal network that has:
•
A web server — for example, Microsoft IIS (Internet Information Services) or the Apache open
source server — which:
source server — which:
–
supports the display of directory or filenames in excess of 24 characters
–
has directory browsing enabled
–
is configured for anonymous (no authentication) or basic (“simple”) authentication
–
contains at least 350MB of free disk space for each AsyncOS update image
Hosting an Upgrade Image on a Local Server
After setting up a local server, go to
http://updates.ironport.com/fetch_manifest.html
to
download a ZIP file of an upgrade image. To download the image, enter your serial number (for a
physical appliance) or a VLN (for a virtual appliance) and the version number of the appliance. You will
then be presented with a list of available upgrades. Click on the upgrade version that you want to
download, and unzip the ZIP file in the root directory on the local server while keeping the directory
structure intact. To use the upgrade image, configure the appliance to use the local server on the Edit
Update Settings page (or use
physical appliance) or a VLN (for a virtual appliance) and the version number of the appliance. You will
then be presented with a list of available upgrades. Click on the upgrade version that you want to
download, and unzip the ZIP file in the root directory on the local server while keeping the directory
structure intact. To use the upgrade image, configure the appliance to use the local server on the Edit
Update Settings page (or use
updateconfig
in the CLI).
The local server also hosts an XML file that limits the available AsyncOS upgrades for the appliances
on your network to the downloaded upgrade image. This file is called the “manifest.” The manifest is
located in the
on your network to the downloaded upgrade image. This file is called the “manifest.” The manifest is
located in the
asyncos
directory of the upgrade image ZIP file. After unzipping the ZIP file in the root
directory of the local server, enter the full URL for the XML file, including the filename, on the Edit
Update Settings page (or use
Update Settings page (or use
updateconfig
in the CLI).
For more information about remote upgrades, please see the Knowledge Base or contact your Cisco
Support provider.
Support provider.
UpdatesThrough a Proxy Server
The appliance is configured (by default) to connect directly to Cisco’s update servers to receive updates.
This connection is made by HTTP on port 80 and the content is encrypted. If you do not want to open
this port in your firewall, you can define a proxy server and specific port from which the appliance can
receive updated rules.
This connection is made by HTTP on port 80 and the content is encrypted. If you do not want to open
this port in your firewall, you can define a proxy server and specific port from which the appliance can
receive updated rules.
If you choose to use a proxy server, you can specify an optional authentication and port.
Note
If you define a proxy server, it will automatically be used for all service updates that are configured to
use a proxy server. There is no way to turn off the proxy server for updates to any individual service.
use a proxy server. There is no way to turn off the proxy server for updates to any individual service.
Configuring Server Settings for Downloading Upgrades and Updates
Specify the server and connection information required to download upgrades and updates to your
appliance.
appliance.