Cisco Cisco Email Security Appliance X1070 사용자 가이드
17-9
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Note
Do not change any other settings in this section without guidance from Cisco support.
Step 7
If you will use the cloud service for file analysis, expand the Advanced Settings for File Analysis panel
and adjust the following options as needed
and adjust the following options as needed
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137. Refer to the Cisco AMP
Virtual Private Cloud Appliance user guide for information
about enabling SSH access to the server.
instead of the default port, 32137. Refer to the Cisco AMP
Virtual Private Cloud Appliance user guide for information
about enabling SSH access to the server.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
This option also allows you to configure an upstream proxy
for communication with the file reputation service. If
checked, provide the appropriate Server, Username and
Passphrase information.
for communication with the file reputation service. If
checked, provide the appropriate Server, Username and
Passphrase information.
When Use SSL (Port 443) is selected, you can also check
Relax Certificate Validation to skip standard certificate
validation if the tunnel proxy server's certificate is not
signed by a trusted root authority. For instance, select this
option if using a self-signed certificate on a trusted internal
tunnel proxy server.
Relax Certificate Validation to skip standard certificate
validation if the tunnel proxy server's certificate is not
signed by a trusted root authority. For instance, select this
option if using a self-signed certificate on a trusted internal
tunnel proxy server.
Note
If you checked Use SSL (Port 443)in the SSL
Communication for File Reputation section of the
Advanced Settings for File Reputation, you must
add the AMP on-premises reputation server CA
certificate to the certificate store on this appliance,
using either the CLI command certconfig >
CERTAUTHORITY > CUSTOM, or Network >
Certificates (Custom Certificate Authorities) in the
Web interface. Obtain this certificate from the
server (Configuration > SSL > Cloud server >
download).
Communication for File Reputation section of the
Advanced Settings for File Reputation, you must
add the AMP on-premises reputation server CA
certificate to the certificate store on this appliance,
using either the CLI command certconfig >
CERTAUTHORITY > CUSTOM, or Network >
Certificates (Custom Certificate Authorities) in the
Web interface. Obtain this certificate from the
server (Configuration > SSL > Cloud server >
download).
Heartbeat Interval
The frequency, in minutes, with which to ping for
retrospective events.
retrospective events.
Reputation Threshold
The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.
Scores above this threshold indicate the file is infected.
•
Use value from Cloud Service (60)
•
Enter Custom Value – defaults to 60.
Query Timeout
The number of elapsed seconds before the reputation query
times out.
times out.
Processing Timeout
The number of elapsed seconds before the file processing
times out.
times out.
File Reputation Client ID
The client ID for this appliance on the File Reputation
server (read-only).
server (read-only).
Option
Description