Guest

Preview Tool

Cisco Bug: CSCut69420 - [ENH] Request for static IP/hostnames for AMP/cloud services

Last Modified

Aug 18, 2017

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

10.0.0-203 10.0.1-087 8.5.6-073 8.5.6-092 8.5.6-106 9.0.0-500 9.1.0-032 9.5.0-034 9.5.0-067

Description (partial)

ENH request

Symptom:
Customer has their ESA(s) very locked down for its communication out to the internet.  Require static rules for the ESA communication out.  However, they have an old firewall, and it will not take DNS names for the rules to get out to the internet. He wants to run AMP, reputation and analysis, URL filtering.
 
Can we give them an IP addresses to use, or a CIDR range vs. the a.immunet.com and cloud-sa-amp.sourcefire.com and intel.api.sourefire.com addresses?

Per TALOS, no ---> "Talos will be providing some of the static addresses, however, the URL filtering function in ESA is geo-sensitive and will always redirect to the closest or lower latency location.  The other caveat is that we have plans for expanding to new locations such as the Cisco Cloud Services and we are not sure if this will be the fastest link for the customer."

We need a solution for customers who don't expose their ESA to the full Internet, and have firewalls not capable of DNS rules.
 
The guide for ESA that shows Firewall Rules needs to have destinations for the AMP and other services that have been added in the last year that aren't reflected.

Customers have issues enabling AMP as well as the URL Filtering because of their FW rules.

Conditions:
AMP/URL filtering configured on appliance; network/router/firewall has limitations requiring static IP or hostnames for these services to provided access.

Related Community Discussions

Error on ESA C170: FIle Reputation Service is unreachable
Dear community, I´ve a problem on an ESA C170: Warning <System> *******.local: amp The File Reputation service in the cloud is unreachable.... The Warning message is: amp The File Reputation service in the cloud is unreachable. Last message occurred 61 times between Mon Dec  1 12:43:36 2014 and Mon Dec  1 13:43:26 2014. Version: 8.5.6-074 Serial Number: D48******************* Timestamp: 01 Dec 2014 13:44:13 +0100   I´ve already edited the heratbeat interval to 900 seconds (15'), but the error still ...
Latest activity: Sep 01, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.