You can search for these events using grep, example: grep "CPQ ICID" mail_logs.New CPQ ICID 12345 interface Management (10.10.10.1) address 10.10.20.1 reverse dns host unknown verified no CPQ receiving events will look like this for both messages being quarantined to the SMA and messages released to ESA.If the SMA has a mail logs subscription (it does by default), you can review the mail logs to gather additional insight.You can fix these issues by simply removing anonymous ciphers from the outgoing delivery cipher list, which is done by adding ' :-aNULL' to the end of the cipher list.Mon Apr 1 12:00:00 2014 Info: DCID 123456 TLS was required but could not be successfully negotiated Mon Apr 1 12:00:00 2014 Info: DCID 123456 TLS failed: verify error: no certificate from server This would appear in the logs as something like this: It is possible for this to fail if the appliance negotiates an anonymous cipher. In order for the TLS connection to succeed, the device opening the connection must be able to verify that the receiving device is using our hiddent CPQ certificate.All CPQ connections in either direction rely on TLS, and as a result cipher configuration can play a role.Issues such as these will typically show up as application faults in the mail logs, and can usually be resolved by rebooting the SMA. These issues are not always necessarily network based, for example in CSCus29647 an internal component of the SMA goes out of operation. There may also be problems with SSH communication between the SMA and the ESA.This does not appear to work with 'hoststatus' or 'showrecipients', and I have not tested 'deleterecipients' with it, but this probably does not work either. The SMA wil have a destination object called '' which contains released messages while they are queued for delivery to the ESA.When using clusters, it is important that the interface defined at cluster level under Security Services -> Policy, Virus and Outbreak Quarantines exists for all appliances at machine level.Again, you can use telnet and will see the 220 banner if succesful. Check that the SMA can connect to the ESA on the configured port and interface.You cannot use 'hoststatus' with it, but you can use 'showrecipients' and 'deleterecipients' if necessary. You can see this using 'tophosts' or Monitor -> Delivery Status. The ESA will have a destination object called '', which contains messages while they are queued for delivery to the SMA.You should get a 220 banner if the communication is successful. Check that the ESA can connect to the SMA on the configured port and interface.If the port is not accepting connections, you should check if the system status is 'offline' and resume if needed. These listeners will be suspended if the admin user uses 'suspendlisteners all' or 'suspend'.$RELAYED (Only select hosts can relay from this box) These listeners can be seen in the configuration file.Both the ESA and the SMA will have a hidden listener called 'cpq_listener' that will listen on the specified port.The SMA will use SSH to query the ESA configuration and determine which interface / port to deliver the released email to. In particular, this is used when the SMA delivers released emails to the ESA. The SMA also uses SSH (via command client) to get configuration information from the ESAs.Again, by default, the port is 7025, but this may have been changed by the admin user! The ESA will listen for connections on the interface and port defined under Security Services -> Policy, Virus and Outbreak Quarantines.By default, the port is 7025, but this may have been changed by the admin user! The SMA will listen for connections on the interface and port defined under Centralized Services -> Policy, Virus and Outbreak Quarantines. ![]() CPQ communication uses SMTP, but with some extra commands for transferring metadata.This feature has additional network connectivity requirements, and poses some new challenges for troubleshooting. The Centralized Policy, Virus and Outbreak (PVO) Quarantines feature was introduced in AsyncOS 8.0 (ESA) / 8.1 (SMA). If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. Security Management Appliance (SMA) with AsyncOS 8.0 or later.Email Security Appliance (ESA) with AsyncOS 8.1 or later.The information in this document is based on these software and hardware versions: This document describes how to troubleshoot delivery and connection problems when centralized policiy, virus and outbreak quarnatine is enabled.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |