Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
1-25
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Chapter 1 Setup and Installation
When enabling the use of the Secure Tunnel, the appliance creates an SSH tunnel
over the specified port to the server upgrades.cisco.com. By default this
connection is over port 25, which works in most environments because the system
also requires general access over that port in order to send email messages. After
a connection is made to upgrades.cisco.com, Customer Support is able to use the
SSH tunnel to obtain access to the appliance. As long as the connection over port
25 is allowed, this bypasses most firewall restrictions. You can also use the
techsupport tunnel command in the CLI.
over the specified port to the server upgrades.cisco.com. By default this
connection is over port 25, which works in most environments because the system
also requires general access over that port in order to send email messages. After
a connection is made to upgrades.cisco.com, Customer Support is able to use the
SSH tunnel to obtain access to the appliance. As long as the connection over port
25 is allowed, this bypasses most firewall restrictions. You can also use the
techsupport tunnel command in the CLI.
In both the Remote Access mode and Tunnel mode, a password is required. It is
important to understand that this is not the password that will be used to access
the system. After that password and the system serial number are provided to your
customer support representative, a password used to access the appliance is
generated.
important to understand that this is not the password that will be used to access
the system. After that password and the system serial number are provided to your
customer support representative, a password used to access the appliance is
generated.
After the technical support tunnel is enabled, it remains connected to
upgrades.cisco.com for seven days. At the end of the seven days, established
connections are not disconnected but are unable to reattach to the tunnel once
disconnected. The timeout set on the SSH tunnel connection does not apply to the
Remote Access account; it remains active until specifically deactivated.
upgrades.cisco.com for seven days. At the end of the seven days, established
connections are not disconnected but are unable to reattach to the tunnel once
disconnected. The timeout set on the SSH tunnel connection does not apply to the
Remote Access account; it remains active until specifically deactivated.
Working with Feature Keys
Occasionally, Cisco IronPort Customer Support may provide a key to enable
specific functionality on your system. On the main Security Management
appliance, choose Management Appliance > System Administration > Feature
Keys on the GUI (or the featurekey command in the CLI) to enter the key and
enable the associated functionality.
specific functionality on your system. On the main Security Management
appliance, choose Management Appliance > System Administration > Feature
Keys on the GUI (or the featurekey command in the CLI) to enter the key and
enable the associated functionality.
Keys are specific to the serial number of your appliance and specific to the feature
that you enable. You cannot reuse a key from one system on another system. If
you incorrectly enter a key, an error message is generated.
that you enable. You cannot reuse a key from one system on another system. If
you incorrectly enter a key, an error message is generated.
Two pages provide feature keys functionality: the Feature Keys page and the
Feature Key Settings page.
Feature Key Settings page.
Feature Keys Page
Log in to the GUI and select Management Appliance > System Administration
> Feature Keys. Use the Feature Keys page to perform the following tasks:
> Feature Keys. Use the Feature Keys page to perform the following tasks: