Introduction
What's New in this Release
Cisco Secure Email and Web Manager Overview
Setup, Installation, and Basic Configuration
Solution Deployment Overview
SMA Compatibility Matrix
Installation Planning
Network Planning
About Integrating a Cisco Secure Email and Web Manager Appliance with Email Security Email Gateway Appliances
Deployments with Clustered Email Gateway Appliances
Preparing for Setup
Physically Setting Up and Connecting the Appliance
Determining Network and IP Address Assignments
Gathering the Setup Information
Accessing the Security Management Appliance
Browser Requirements
About Accessing the Web Interfaces
Accessing the Web Interface
Accessing the Legacy Web Interface
Accessing the Command Line Interface
Supported Languages
Accessing the New Web Interface on Dark Mode
Accessing the Security Management Appliance API Interface Using Swagger UI
Running the System Setup Wizard
Before You Begin
Overview of the System Setup Wizard
Launch the System Setup Wizard
Review the End User License Agreement
Configure the System Settings
Entering an Email Address for System alertsAlerts
Setting the Time
Setting the Passphrase
Enabling AutoSupport
Configure the Network Settings
Network Settings
Review Your Configuration
Proceeding to the Next Steps
About Adding Managed Appliances
Editing Managed Appliance Configurations
Removing an Appliance from the List of Managed Appliances
Configuring Services on the Security Management Appliance
Committing and Abandoning Configuration Changes
Working With Reports
Ways to View Reporting Data
How the Security Management Appliance Gathers Data for Reports
How Reporting Data is Stored
About Reporting and Upgrades
Customizing Your View of Report Data
Viewing Reporting Data for an Appliance or Reporting Group
Choosing a Time Range for Reports
(Web Reports Only) Choosing Which Data to Chart
Customizing Tables on Report Pages
Custom Reports
Modules That Cannot Be Added to Custom Reports
Creating Your Custom Report Page
Viewing Details of Messages or Transactions Included in Reports
Improving Performance of Email Reports
Exporting Reporting and Tracking Data
Exporting Report Data as a Comma Separated Values (CSV) File
Subdomains vs. Second Level Domains in Reporting and Tracking
Troubleshooting All Reports
Unable to View Report Data on Backup Security Management Appliance
Reporting Is Disabled
Email and Web Reports
Working With Reports on the New Web Interface
Ways to View Reporting Data
How the Security Management Appliance Gathers Data for Reports
How Reporting Data is Stored
About Reporting and Upgrades
Using the Interactive Report Pages
Customizing Your View of Report Data
Viewing Reporting Data for an Appliance or Reporting Group
Choosing a Time Range for Reports
(Web Reports Only) Choosing Which Data to Chart
(Email Reports Only) Customizing Views on Report Pages
Customizing Tables on Report Pages
Using Counters to Filter Data on the Trend Graphs
My Favorite Reports Page
Modules That Cannot Be Added to the My Favorite Reports Page
Adding Reports on the My Favorite Reports Page
Viewing Details of Messages or Transactions Included in Reports
Improving Performance of Email Reports
Exporting Reporting and Tracking Data
Exporting Report Data as a Comma Separated Values (CSV) File
Troubleshooting All Reports
Unable to View Report Data on Backup Security Management Appliance
Reporting Is Disabled
Using Centralized Email Security Reporting
Centralized Email Reporting Overview
Setting Up Centralized Email Reporting
Enabling Centralized Email Reporting
Enabling Centralized Email Reporting on the Legacy Web Interface
Enabling Centralized Email Reporting on the New Web Interface
Creating Email Reporting Groups
Adding the Centralized Email Reporting Service to Each Managed Email Security Appliance
Enabling Centralized Email Reporting on Email Security Appliances
Working with Email Report Data
Working with Email Report Data on the New Web Interface
Searching and the Interactive Email Report Pages
Understanding the Email Reporting Pages
Table Column Descriptions for Email Reporting Pages
Email Reporting Overview Page
How Incoming Mail Messages are Counted
How Email Messages Are Categorized by the Appliances
Categorizing Email Messages on the Overview Page
Incoming Mail Page
Views Within the Incoming Mail Page
“No Domain Information” Link
Time Ranges in the Mail Trend Graphs
Incoming Mail Details Table
Sender Profile Pages
Sender Groups Report Page
Sender Domain Reputation Page
Outgoing Destinations Page
Outgoing Senders Page
Internal Users Page
Internal User Details Page
Searching for a Specific Internal User
DLP Incidents
DLP Incidents Details Table
DLP Policy Detail Page
Message Filters
Geo Distribution
High Volume Mail
Content Filters Page
Content Filter Details Page
DMARC Verification
Macro Detection
External Threat Feeds Page
Virus Types Page
URL Filtering Page
Web Interaction Tracking Page
Forged Email Detection Page
Safe Print Page
Mail Policy Details Report Page
Advanced Phishing Protection Page
Advanced Phishing Protection Page on Legacy Web Interface
Advanced Phishing Protection Page on New Web Interface
Advanced Malware Protection (File Reputation and File Analysis) Reporting Pages
Requirements for File Analysis Report Details
(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server
(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results
(On-Premises File Analysis) Activate the File Analysis Account
Additional Requirements
Identifying Files by SHA-256 Hash
File Reputation and File Analysis Report Pages
Viewing File Reputation Filtering Data in Other Reports
For Which Files Are Detailed File Analysis Results Visible in the Cloud?
Mailbox Auto Remediation
TLS Connections Page
Inbound SMTP Authentication Page
Rate Limits Page
Outbreak Filters Page
Reporting of Graymail
Reporting of Marketing Messages after Upgrade to AsyncOS 9.5
System Capacity Page
How to Interpret the Data You See on System Capacity Page
System Capacity – Workqueue
System Capacity – Incoming Mail
System Capacity – Outgoing Mail
System Capacity – System Load
Overall CPU Usage
Memory Page Swapping
Resource Conservation Activity
System Capacity – All
Threshold Indicator in System Capacity Graphs
Reporting Data Availability Page
Understanding the Email Reporting Pages on the New Web Interface
Mail Flow Summary Page
How Incoming Mail Messages are Counted
How Email Messages Are Categorized by the Appliances
Categorizing Email Messages on the Mail Flow Summary Page
System Capacity Page
How to Interpret the Data You See on System Capacity Page
System Capacity – Workqueue
System Capacity – Incoming Mail
System Capacity – Outgoing Mail
System Capacity – System Load
Overall CPU Usage
Memory Page Swapping
Resource Conservation Activity
System Capacity – All
Threshold Indicator in System Capacity Graphs
Advanced Malware Protection Page
Advanced Malware Protection – Summary
Advanced Malware Protection – AMP Reputation
Advanced Malware Protection – File Analysis
Advanced Malware Protection – File Retrospection
Advanced Malware Protection – Mailbox Auto Remediation
Requirements for File Analysis Report Details
(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server
(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results
(On-Premises File Analysis) Activate the File Analysis Account
Additional Requirements
Identifying Files by SHA-256 Hash
Viewing File Reputation Filtering Data in Other Reports
For Which Files Are Detailed File Analysis Results Visible in the Cloud?
Virus Filtering Page
Virus Types Detail Table
Macro Detection Page
DMARC Verification Page
Domains by DMARC Verification Details Table
Outbreak Filtering Page
URL Filtering Page
URL Retrospection Report page
Forged Email Detection Page
Sender Domain Reputation Page
External Threat Feeds Page
Safe Print Page
Advanced Phishing Protection Reports Page
Mail Flow Details Page
Views Within the Mail Flow Details Page
“No Domain Information” Link
Time Ranges in the Mail Trend Graphs
Incoming Mails Table
Sender Profile Pages
Sender Details Table
Sender Groups Page
Outgoing Destinations Page
Outgoing Destinations Detail Table
TLS Encryption Page
TLS Connections Details Table
Inbound SMTP Authentication Page
Rate Limits Page
Connections by Country Page
Domain Protection Page
User Mail Summary
User Mail Flow Details Table
Searching for a Specific Internal User
DLP Incident Summary Page
Web Interaction Page
Web Interaction Tracking Details
Remediation Reports Page
Message Filters Page
High Volume Mail Page
Content Filters Page
Content Filter Details Page
Reporting Data Availability Page
Reporting of Graymail
Reporting of Marketing Messages after Upgrade to AsyncOS 9.5
About Scheduled and On-Demand Email Reports
Additional Report Types
Domain-Based Executive Summary Report
Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering
Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports
Creating Domain-Based Executive Summary Reports
Executive Summary Report
Scheduled Reports Page
Scheduling Email Reports
Adding Scheduled Reports
Editing Scheduled Reports
Discontinuing Scheduled Reports
Generating Email Reports On Demand
Archived Email Reports Page
Viewing and Managing Archived Email Reports
Accessing Archived Reports
Deleting Archived Reports
Scheduling and Archiving Email Reports on the New Web Interface
Scheduling Email Reports on the New Web Interface
Adding Scheduled Reports on the New Web Interface
Editing Scheduled Reports on the New Web Interface
Discontinuing Scheduled Reports on the New Web Interface
Archived Email Reports Page on the New Web Interface
Accessing Archived Reports on the New Web Interface
Generating Email Reports On Demand
Deleting Archived Reports on the New Web Interface
Troubleshooting Email Reports
Outbreak Filters Reports Do Not Show Information Correctly
Message Tracking Results Do Not Match Report Results After Clicking a Link in a Report
Advanced Malware Protection Verdict Updates Report Results Differ
Issues Viewing File Analysis Report Details
File Analysis Report Details Are Not Available
Error When Viewing File Analysis Report Details
Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance
Logging of File Analysis-Related Errors
Total Graymail or Marketing Messages Appears To Be Incorrect
Using Centralized Web Reporting and Tracking
Centralized Web Reporting and Tracking Overview
Setting Up Centralized Web Reporting and Tracking
Enabling Centralized Web Reporting on the Security Management Appliance
Enabling Centralized Web Reporting on Web Security Appliances
Adding the Centralized Web Reporting Service to Each Managed Web Security Appliance
Anonymizing User Names in Web Reports
Working with Web Security Reports
Working with Web Security Reports on the New Web Interface
Web Reporting Page Descriptions
About Time Spent
Web Reporting Overview
Users Report (Web)
User Details (Web Reporting)
User Count Report (Web)
Web Sites Report
URL Categories Report
Reducing Uncategorized URLs
URL Category Set Updates and Reports
Using The URL Categories Page in Conjunction with Other Reporting Pages
Reporting Misclassified and Uncategorized URLs
Application Visibility Report
Understanding the Difference between Application versus Application Types
Anti-Malware Report
Malware Category Report
Malware Threat Report
Malware Category Descriptions
Advanced Malware Protection (File Reputation and File Analysis) Reports
Requirements for File Analysis Report Details
(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server
(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results
(On-Premises File Analysis) Activate the File Analysis Account
Additional Requirements
Identifying Files by SHA-256 Hash
Advanced Malware Protection (File Reputation and File Analysis) Report Pages
Viewing File Reputation Filtering Data in Other Reports
For Which Files Are Detailed File Analysis Results Visible in the Cloud?
Client Malware Risk Report
Web Reputation Filters Report
What are Web Reputation Filters?
Adjusting Web Reputation Settings
L4 Traffic Monitor Report
SOCKS Proxy Report
Reports by User Location
System Capacity Page
Viewing the System Capacity Report
How to Interpret the Data You See on the System Capacity Page
System Capacity - System Load
System Capacity - Network Load
Note About Proxy Buffer Memory Swapping
Data Availability Page
Understanding the Web Reporting Pages on the New Web Interface
About Time Spent
Overview Page
Application Visibility Page
Layer 4 Traffic Monitor Page
SOCKS Proxy Page
URL Categories Page
Reducing Uncategorized URLs
URL Category Set Updates and Reports
Using The URL Categories Page in Conjunction with Other Reporting Pages
Reporting Misclassified and Uncategorized URLs
Users Page
User Details Page (Web Reporting)
Web Sites Page
HTTPS Reports Page
Anti-Malware Page
Malware Category Report
Malware Threat Report
Malware Category Descriptions
Advanced Malware Protection Page
Advanced Malware Protection - AMP Summary
Advanced Malware Protection - File Analysis
Client Malware Risk Report
Web Reputation Filters Page
About Scheduled and On-Demand Web Reports
Scheduling Web Reports
Storage of Scheduled Web Reports
Adding Scheduled Web Reports
Editing Scheduled Web Reports
Deleting Scheduled Web Reports
Additional Extended Web Reports
Top URL Categories—Extended
Top Application Types—Extended
Generating Web Reports on Demand
Archived Web Reports Page
Viewing and Managing Archived Web Reports
Schedule and Archive Web Reports on the New Web Interface
Scheduling Web Reports on the New Web Interface
Adding Scheduled Web Reports on the New Web Interface
Editing Scheduled Web Reports on the New Web Interface
Deleting Scheduled Web Reports on the New Web Interface
Archiving Web Reports on the New Web Interface
[New Web Interface] Generating Web Reports on Demand
Viewing and Managing Archived Web Reports on the New Web Interface
Web Tracking
Searching for Transactions Processed by Web Proxy Services
Malware Category Descriptions
Searching for Transactions Processed by the L4 Traffic Monitor
Searching for Transactions Processed by the SOCKS Proxy
Web Tracking on the New Web Interface
Searching for Transactions Processed by Web Proxy Services
Malware Category Descriptions
Searching for Transactions Processed by the Layer 4 Traffic Monitor
Searching for Transactions Processed by the SOCKS Proxy
Working with Web Tracking Search Results
Displaying More Web Tracking Search Results
Understanding Web Tracking Search Results
Viewing Transaction Details for Web Tracking Search Results
About Web Tracking and Advanced Malware Protection Features
About Web Tracking and Upgrades
Troubleshooting Web Reporting and Tracking
Centralized Reporting Is Enabled Properly But Not Working
Advanced Malware Protection Verdict Updates Report Results Differ
Issues Viewing File Analysis Report Details
File Analysis Report Details Are Not Available
Error When Viewing File Analysis Report Details
Error When Viewing File Analysis Report Details with Private Cloud Cisco AMP Threat Grid Appliance
Expected Data Is Missing from Reporting or Tracking Results
PDF Shows Only a Subset of Web Tracking Data
Troubleshooting L4 Traffic Monitor Reports
Exported .CSV file is Different From Web Interface Data
Issues Exporting Web Tracking Search Results
Tracking Messages
Tracking Service Overview
Setting Up Centralized Message Tracking
Enabling Centralized Email Tracking
Enabling Centralized Email Tracking on the Legacy Web Interface
Enabling Centralized Email Tracking on the New Web Interface
Configuring Centralized Message Tracking on Email Security Appliances
Adding the Centralized Message Tracking Service to Each Managed Email Security Appliance
Managing Access to Sensitive Information
Checking Message Tracking Data Availability
Searching for Email Messages
Searching for Email Messages on the New Web Interface
Searching for Email Messages on the Legacy Web Interface
Remediating Messages in Mailboxes
Search and Remediate Actions on Messages in the Mailboxes
Narrowing the Result Set
About Message Tracking and Advanced Malware Protection Features
Understanding Tracking Query Results
Message Details
Verdict Chart and Last State Verdicts
Envelope and Header Summary
Sending Host Summary
Processing Details
Summary Tab
DLP Matched Content Tab
URL Details Tab
SMTP Log Tab
AMP Log Tab
Troubleshooting Message Tracking
Expected Messages Are Missing from Search Results
Attachments Do Not Appear in Search Results
Exporting Message Service
Spam Quarantine
Overview of the Spam Quarantine
Local Versus External Spam Quarantine
Setting Up the Centralized Spam Quarantine
Enabling and Configuring Spam Quarantine
Enabling and Configuring the Spam Quarantine on the Legacy Web Interface
Enabling and Configuring Spam Quarantine on the New Web Interface
Adding the Centralized Spam Quarantine Service to Each Managed Email Security Appliance
Configuring an Outbound IP Interface on the Security Management Appliance
Configuring the IP Interface for Browser Access to the Spam Quarantine
Configuring Administrative User Access to the Spam Quarantine
Spam Quarantine Threshold Alert
Configuring Spam Quarantine Threshold Alert Settings Using CLI
Configuring Spam Quarantine Threshold Alert Settings Using GUI
Limiting Which Recipients Have Mail Quarantined
Spam Quarantine Language
Edit Spam Quarantine Page
Using Safelists and Blocklists to Control Email Delivery Based on Sender
Message Processing of Safelists and Blocklists
Enabling Safelists and Blocklists
Enabling Safelists and Blocklists on the Legacy Web Interface
Enabling Safelists and Blocklists on the New Web Interface
External Spam Quarantine and Safelist/Blocklists
Adding Senders and Domains to Safelists and Blocklists (Administrators)
Syntax for Safelists and Blocklist Entries
Clearing All Safelists and Blocklists
About End-User Access to Safelists and Blocklists
Adding Entries to Safelists (End Users)
Adding the Sender of a Quarantined Message to the Safelist
Adding Senders to the Safelist Without a Quarantined Message
Adding Senders to Blocklists (End Users)
Backing Up and Restoring the Safelist/Blocklist
Troubleshooting Safelists and Blocklists
Message from Safelisted Sender Was Not Delivered
Configuring Spam Management Features for End Users
Authentication Options for End Users Accessing Spam Management Features
LDAP Authentication Process
IMAP/POP Authentication Process
SAML 2.0 Authentication Process
Setting Up End-User Access to the Spam Quarantine via Web Browser
Configuring End-User Access to the Spam Quarantine
Determining the URL for End-User Access to the Spam Quarantine
Which Messages an End User Sees
Notifying End Users About Quarantined Messages
Recipient Email Mailing List Aliases and Spam Notifications
Testing Notifications
Troubleshooting Spam Notifications
User Receives Multiple Notifications
Recipient Does Not Receive Notifications
Configuring End-User Quarantine for Shared Mailbox
Accessing EUQ for Shared Mailbox
Configuring Account Settings
Accessing EUQ using Spam Quarantine Notification Mail
Accessing EUQ using Spam Quarantine Portal
Adding Shared Mailbox
Managing Messages in the Spam Quarantine
Accessing the Spam Quarantine (Administrative Users)
Accessing the Spam Quarantine (Administrative Users)
Searching for Messages in the Spam Quarantine
Searching Very Large Message Collections
Viewing Messages in the Spam Quarantine
Delivering Messages in the Spam Quarantine
Deleting Messages from the Spam Quarantine
Disk Space for the Spam Quarantine
About Disabling the External Spam Quarantine
Troubleshooting Spam Quarantine Features
Centralized Policy, Virus, and Outbreak Quarantines
Overview of Centralized Quarantines
Quarantine Types
Centralizing Policy, Virus, and Outbreak Quarantines
Enabling Centralized Policy, Virus, and Outbreak Quarantines on the Security Management Appliance
Enabling Centralized Policy, Virus, and Outbreak Quarantines on the New Web Interface of the Appliance
Adding the Centralized Policy, Virus, and Outbreak Quarantine Service to Each Managed Email Security Appliance
Configuring Migration of Policy, Virus, and Outbreak Quarantines
Designating an Alternate Appliance to Process Released Messages
Configuring Centralized Quarantine Access for Custom User Roles
Disabling Centralized Policy, Virus, and Outbreak Quarantines
Releasing Messages When an Email Security Appliance Is Unavailable
Managing Policy, Virus, and Outbreak Quarantines
Disk Space Allocation for Policy, Virus, and Outbreak Quarantines
Retention Time for Messages in Quarantines
Default Actions for Automatically Processed Quarantined Messages
Checking the Settings of System-Created Quarantines
Configuring Policy, Virus, and Outbreak Quarantines
About Editing Policy, Virus, and Outbreak Quarantine Settings
Determining the Filters and Message Actions to Which a Policy Quarantine Is Assigned
About Deleting Policy Quarantines
PVO Quarantine Threshold Alert
Configuring PVO Quarantine Threshold Alert Settings using CLI
Configuring PVO Quarantine Threshold Alert Settings using Web Interface
Monitoring Quarantine Status, Capacity, and Activity
Alerts About Quarantine Disk-Space Usage
Policy Quarantines and Logging
About Distributing Message Processing Tasks to Other Users
Which User Groups Can Access Policy, Virus, and Outbreak Quarantines
Working with Messages in Policy, Virus, or Outbreak Quarantines
Viewing Messages in Quarantines
Quarantined Messages and International Character Sets
Searching for Messages in Policy, Virus, and Outbreak Quarantines
Modifying Search Criteria
Manually Processing Messages in a Quarantine
Sending a Copy of the Message
About Moving Messages Between Policy Quarantines
Messages in Multiple Quarantines
Message Details and Viewing Message Content
Viewing Matched Content
Downloading Attachments
About Rescanning of Quarantined Messages
The Outbreak Quarantine
Rescanning Messages in an Outbreak Quarantine
Rule Summary View
Manage by Rule Summary Link
Reporting False Positives or Suspicious Messages to Cisco Systems
Troubleshooting Centralized Policy Quarantines
Administrative User Cannot Choose Quarantines in Filters and DLP Message Actions
Messages Released from a Centralized Outbreak Quarantine Are Not Rescanned
Managing Web Security Appliances
About Centralized Configuration Management
Determining the Correct Configuration Publishing Method
Using Configuration Masters to Centrally Manage Web Security Appliances
Important Notes About Using Configuration Masters
Determine the Configuration Master Versions to Use
Enabling Centralized Configuration Management on the Security Management Appliance
Initializing and Configuring Configuration Masters
Initializing Configuration Masters
About Associating Web Security Appliances to Configuration Masters
Adding Web Security Appliances and Associating Them with Configuration Master Versions
Associating Configuration Masters to Web Security Appliances
Configuring Sub Configuration Masters
Viewing Associated Configuration Masters in the Appliance List
Deleting Sub Configuration Masters
Selecting the Sub Configuration Master as the Active Configuration
Configuring Settings to Publish
Importing from an Existing Configuration Master
Importing Settings from a Web Security Appliance
Configuring Web Security Features Directly in Configuration Masters
SMA-Specific Differences when Configuring Features in Configuration Masters
Tip for Working with Identities/Identification Profiles in Configuration Masters
Ensuring that Features are Enabled Consistently
Comparing Enabled Features
Enabling Features to Publish
Disabling Unused Configuration Masters
Setting Up to Use Advanced File Publishing
Publishing Configurations to Web Security Appliances
Publishing a Configuration Master
Before You Publish a Configuration Master
Publishing a Configuration Master Now
Publishing a Configuration Master Later
Publishing a Configuration Master Using the Command Line Interface
Publishing Configurations Using Advanced File Publishing
Advanced File Publish: Publish Configuration Now
Advanced File Publish: Publish Later
Viewing Status and History of Publishing Jobs
Viewing Publish History
Centralized Upgrade Management
Setting Up Centralized Upgrade Management for Web Security Appliances
Enable the Centralized Upgrade Manager
Adding the Centralized Upgrade Service to Each Managed Web Security Appliance
Selecting and Downloading WSA Upgrades
Using the Install Wizard
Viewing Web Security Appliance Status
Viewing a Summary of Status of Web Appliances
Viewing Status of Individual Web Security Appliances
Web Appliance Status Details
System Health Dashboard on the New Web Interface
Preparing For and Managing URL Category Set Updates
Understand the Impacts of URL Category Set Updates
Ensure That You Will Receive Notifications and Alerts about URL Category Set Updates
Specify Default Settings for New and Changed Categories
When the URL Category Set is Updated, Check Your Policy and Identity/Identification Profile Settings
Application Visibility and Control (AVC) Updates
Updating WBRS and AVC Data using CLI
Troubleshooting Configuration Management Issues
In Configuration Master Identities/Identification Profiles, Groups Are Not Available
Configuration Master Access Policies Web Reputation and Anti-Malware Settings Page Settings are Not as Expected
Troubleshooting Issues when Importing Existing Configuration for Configuration Masters
Troubleshooting Configuration Publishing Failures
Monitoring System Status
About Security Management Appliance Status
Monitoring Service Status on the New Web Interface of the Appliance
Monitoring Security Management Appliance Capacity
Monitoring the Processing Queue
Monitoring CPU Utilization
Monitoring Status of Data Transfer From Managed Appliances
Viewing the Configuration Status of Your Managed Appliances
Additional Status Information for Web Security Appliances
Monitoring Reporting Data Availability Status
Monitoring Email Security Reporting Data Availability
Monitoring Web Security Reporting Data Availability
Monitoring Email Tracking Data Status
Monitoring Capacity of Managed Appliances
Identifying Active TCP/IP Services
Replacing a Managed Appliance During Hardware Failure
Integrating With LDAP
Overview
Configuring LDAP to Work with the Spam Quarantine
Creating the LDAP Server Profile
Testing LDAP Servers
Configuring LDAP Queries
LDAP Query Syntax
Tokens
Spam Quarantine End-User Authentication Queries
Sample Active Directory End-User Authentication Settings
Sample OpenLDAP End-User Authentication Settings
Spam Quarantine Alias Consolidation Queries
Sample Active Directory Alias Consolidation Settings
Sample OpenLDAP Alias Consolidation Settings
Testing LDAP Queries
Domain-Based Queries
Creating a Domain-Based Query
Chain Queries
Creating a Chain Query
Configuring AsyncOS to Work With Multiple LDAP Servers
Testing Servers and Queries
Failover
Configuring the Cisco Content Security Appliance for LDAP Failover
Load Balancing
Configuring the Cisco Content Security Appliance for Load Balancing
Configuring External Authentication of Administrative Users Using LDAP
User Accounts Query for Authenticating Administrative Users
Group Membership Queries for Authenticating Administrative Users
Enabling External Authentication of Administrative Users
Configuring SMTP Routing
SMTP Routes Overview
SMTP Routes, Mail Delivery, and Message Splintering
SMTP Routes and Outbound SMTP Authentication
Routing Email for Local Domains
Default SMTP Route
Managing SMTP Routes
Defining an SMTP Route
SMTP Routes Limits
Adding SMTP Routes
Exporting SMTP Routes
Importing SMTP Routes
SMTP Routes and DNS
Integrating with Cisco XDR
Integrating Your Appliance with Cisco XDR
How to Integrate Your Appliance with Cisco XDR
Prerequisites
Enable the Cisco Cloud Services Portal on your Secure Email and Web Manager
Register Secure Email and Web Manager with Cisco Cloud Services Portal
Reregistering with Cisco Cloud Service Portal
Confirm Whether the Registration was Successful
Deregister Secure Email and Web Manager from Cisco Cloud Services Portal
Performing Threat Analysis using Cisco XDR Ribbon Plugin
Example - Using Cisco XDR Ribbon Plugin through Secure Email and Web Manager NGUI
Performing Remedial Actions on Messages in Cisco XDR
Distributing Administrative Tasks
About Distributing Administrative Tasks
Assigning User Roles
Predefined User Roles
Custom User Roles
About Custom Email User Roles
Access to Email Reporting
Access to Message Tracking Data
Access to Quarantines for Custom User Role
Log Subscription
Creating Custom Email User Roles
Using Custom Email User Roles
About Custom Web User Roles
Creating Custom Web User Roles
Editing Custom Web User Roles
Deleting Custom User Roles
User Roles with Access to the CLI
Using LDAP
Access to Quarantines
Users Page
About Authenticating Administrative Users
Changing the Admin User’s Passphrase
Changing the User’s Passphrase After Expiry
Managing Locally-Defined Administrative Users
Adding Locally-Defined Users
Editing Locally-Defined Users
Deleting Locally-Defined Users
Viewing the List of Locally-Defined Users
Setting and Changing Passphrases
Setting Passphrase and Login Requirements
Resetting Forgotten Passphrase
Requiring Users to Change Passphrase on Demand
Locking and Unlocking Local User Accounts
Locking User Accounts Manually
Unlocking User Accounts
External User Authentication
Configuring LDAP Authentication
Enabling RADIUS Authentication
Two-Factor Authentication
Enabling Two-Factor Authentication
Disabling Two-Factor Authentication
Adding an Email or Web Security appliance over SSH with Pre-Shared Keys
Additional Controls on Access to the Security Management Appliance
Configuring IP-Based Network Access
Direct Connections
Connecting Through a Proxy
Creating the Access List
Configuring the Web UI Session Timeout
Configuring the CLI Session Timeout
Controlling Access to Sensitive Information in Message Tracking
Displaying a Message for Administrative Users
Enabling and Disabling Message Banners for Administrative Users
Viewing Administrative User Activity
Viewing Active Sessions Using the Web
Viewing Your Recent Login Attempts
Viewing Administrative User Activity via the Command Line Interface
Troubleshooting Administrative User Access
Error: User Has No Access Privileges Assigned
User Has No Active Menus
Externally-Authenticated Users See Preferences Option
Common Administrative Tasks
Performing Administrative Tasks
Cisco Content Security Management Appliances Licensing
Working with Feature Keys
Smart Software Licensing
Smart Software Licensing - CLI Commands
license_smart
Description
Usage
Example: Configuring Port for Smart Agent Service
Example: Enabling Smart Licensing
Example: Registering the Appliance with the Smart Software Manager
Example: Status of Smart Licensing
Example: Status Summary of Smart Licensing
Example: Setting the Smart Transport URL
Example: Requesting Licenses
Example: Releasing Licenses
Example - Enabling and Registering License Reservation
Example - Updating License Reservation
Example - Removing License Reservation
Example - Disabling License Reservation
Example - Enabling Device Led Conversion Process Manually
showlicense_smart
Description
Example: Status of Smart Licensing
Example: Status Summary of Smart Licensing
cloudserviceconfig
Description
Usage
Example: Enabling Cisco Cloud Services on Appliance
Example: Disabling Cisco Cloud Services on Appliance
Example: Registering Content Security Gateway with Cisco Cloud Services Portal
Example: Deregistering Content Security Gateway from Cisco Cloud Services Portal
Example: Choosing Cisco Secure Cloud Server to connect Content Security Gateway to Cisco Cloud Services Portal
Example Performing AutoRegistration using CLI for Smart Licensing
Example Download a Certificate and Key
Example Client Certificate cloudserviceconfig
updateconfig
Description
Usage
Example: Uploading Cisco Talos Certificate and Key Details in Secure Email and Web Manager
Example: Configuring Secure Email and Web Manager to Add or Update VLNID
vlninfo
Description
Usage
Example: Displaying VLN and Cisco Talos Certificate and Key Details
help vlninfo
Description
Usage
Example: Displaying VLN details
Smart Software Licensing Key Points for AsyncOS 14.0
Performing Maintenance Tasks Using CLI Commands
Shutting Down the Security Management Appliance
Rebooting the Security Management Appliance
Taking the Security Management Appliance Out of Service
CLI Examples: suspend and suspendtransfers Commands
Resuming from a Suspended State
CLI Examples: resume and resumetransfers Commands
Resetting the Configuration to Factory Defaults
Resetconfig CLI Command
Diagnostic - Reload Subcommand
Diagnostic - Reload Status Command
Displaying the Version Information for AsyncOS
Enabling Remote Power Cycling
Monitoring System Health Using SNMP
Example: snmpconfig Command
Backing Up Security Management Appliance Data
What Data Is Backed Up
Restrictions and Requirements for Backups
Backup Duration
Availability of Services During Backups
Interruption of a Backup Process
Prevent the Target Appliance From Pulling Data Directly from Managed Appliances
Receiving Alerts About Backup Status
Scheduling Single or Recurring Backups
Starting an Immediate Backup
Checking Backup Status
Backup Information in Log Files
Other Important Backup Tasks
Making a Backup Appliance the Primary Appliance
Disaster Recovery on the Security Management Appliance
Upgrading Appliance Hardware
Upgrading AsyncOS
Batch Commands for Upgrades
Determining Network Requirements for Upgrades and Updates
Choosing an Upgrade Method: Remote vs. Streaming
Streaming Upgrade Overview
Remote Upgrade Overview
Hardware and Software Requirements for Remote Upgrades
Hosting a Remote Upgrade Image
Important Differences in Remote Upgrading Method
Configuring Upgrade and Service Update Settings
Upgrade and Update Settings
Static Upgrade and Update Server Settings for Environments with Strict Firewall Policies
Configuring the Update and Upgrade Settings from the GUI
Upgrade Notifications
Before You Upgrade: Important Steps
Upgrading AsyncOS
Viewing Status of, Canceling, or Deleting a Background Download
After Upgrading
About Reverting to an Earlier Version of AsyncOS
Important Note About Reversion Impact
Reverting AsyncOS
About Updates
About URL Category Set Updates for Web Usage Controls
Configuring the Appliance to Trust Proxy Server Communication
Configuring the Return Address for Generated Messages
Managing Alerts
Alert Types and Severities
Alert Delivery
Viewing Recent Alerts
About Duplicate Alerts
Cisco AutoSupport
Hardware Alert Descriptions
System Alert Descriptions
Changing Network Settings
Changing the System Hostname
The sethostname Command
Configuring Domain Name System Settings
Specifying DNS Servers
Multiple Entries and Priority
Using the Internet Root Servers
Reverse DNS Lookup Timeout
DNS Alert
Clearing the DNS Cache
Configuring DNS Settings via the Graphical User Interface
Configuring TCP/IP Traffic Routes
Managing Static Routes in the GUI
Modifying the Default Gateway (GUI)
Configuring the Default Gateway
Secure Communication Protocol
Specifying a Secure Communication Protocol
Configuring the System Time
Using a Network Time Protocol (NTP) Server
(Recommended) Setting Appliance System Time Using the Network Time Protocol (NTP)
Selecting a GMT Offset
Updating Time Zone Files
Automatically Updating Time Zone Files
Manually Updating Time Zone Files
Configuration File Page
Saving and Importing Configuration Settings
Managing Configuration Files
Saving and Exporting the Current Configuration File
Loading a Configuration File
Empty Versus Omitted Tags
Note About Loading Passphrases for Log Subscriptions
Note About Character Set Encoding
Resetting the Current Configuration
Rolling Back to a Previously Committed Configuration
CLI Commands for Configuration Files
The showconfig, mailconfig, and saveconfig Commands
The loadconfig Command
The rollbackconfig Command
The publishconfig Command
The trailblazerconfig Command
The updatepvocert Command
Uploading Configuration Changes Using the CLI
Managing Disk Space
(Virtual Appliances Only) Increasing Available Disk Space
Viewing Disk Space, Quotas and Usage
About Disk Space Maximums and Allocations
Ensuring That You Receive Alerts About Disk Space
Managing Disk Space for the Miscellaneous Quota
Reallocating Disk Space Quotas
Managing Data Storage Time
Adjusting the Reference Threshold in System Health Graphs for Email Security Appliances
SSO Using SAML 2.0
About SSO and SAML 2.0
SAML 2.0 SSO Workflow
Guidelines and Limitations for SAML 2.0
Logout
General
Spam Quarantine Access for Administrators
How to Configure SSO on your Cisco Security Management Appliance
Prerequisites
Supported Identity Providers
Certificates for Secure Communication
Configure Cisco Content Security Management Appliance as a Service Provider
Configuring the Identity Provider to Communicate with Cisco Security Management Appliance
Configure AD FS to Communicate with Cisco Security Management Appliance
Configure Azure AD to Communicate with Cisco Security Management Appliance
Configure Duo Access Gateway to Communicate with Cisco Security Management Appliance
Configure Identity Provider Settings on Cisco Content Security Management Appliance
Enable SAML Authentication
How to Configure SSO for Spam Quarantine
Prerequisites
Configure Cisco Content Security Management Appliance as a Service Provider
Configure the Identity Provider to Communicate with Cisco Content Security Management Appliance
Configure AD FS 2.0 to Communicate with Cisco Content Security Management Appliance
Configure PingFederate 7.2 to Communicate with Cisco Content Security Management Appliance
Configure Identity Provider Settings on Cisco Content Security Management Appliance
Enable SSO for Spam Quarantine
Configuring OpenID Connect 1.0 on Cisco Content Security Management for AsyncOS APIs
Overview
Workflow
Sample Access Token
Prerequisites
Configuring OpenID Connect on Appliance
Configuring OpenID Connect on Appliance using CLI
Customizing Your View
Using Favorite Pages
Setting Preferences
General Settings
Monitoring Web Usage Analytics
Improving Web Interface Rendering
Restarting and Viewing Status of Services Enabled on Appliance
Managing Lists of Certificate Authorities
Disabling the System Certificate Authority List
Importing a Custom Certificate Authority List
Exporting a Certificate Authority List
Displaying Trust Root Certificate
Deleting Custom Certificate
Configuring CRL Sources
Configuring CRL Sources using GUI
Configuring Global Settings for CRL Sources
Configuring CRL Sources using CLI
Receiving and Delivering Messages with Internationalised Domain Names (IDNs)
Prerequisites IDN
Features Configurable using IDN Domains in Cisco Secure Email and Web Manager
FQDN
Validation on Peer Certificate
Validation on Peer Certificate Using the GUI
Validation on Peer Certificate Using the CLI
Custom CA Validation
Appliance Certificate Validation
X.509 Certificate
Validation of Peer Certificate
Validation of Peer Certificate using GUI
Validation of Peer Certificate using CLI
Custom CA Certificate Validation
Appliance Certificate Validation
Single Pane of Glass
SPoG Add a Cisco Secure Email and Web Manager
SPoG Edit a Cisco Secure Email and Web Manager
SPoG Delete a Cisco Secure Email and Web Manager
SPoG Enable Services on a Cisco Secure Email and Web Manager
SPoG Viewing details on primary Cisco Secure Email and Web Manager
Logging
Logging Overview
Logging Versus Reporting
Log Retrieval
Filename and Directory Structure
Log Rollover and Transfer Schedule
Timestamps in Log Files
Logs Enabled by Default
Log Types
Summary of Log Types
Log Type Comparison
Using Configuration History Logs
Using CLI Audit Logs
Using FTP Server Logs
Using HTTP Logs
Using Spam Quarantine Logs
Using Spam Quarantine GUI Logs
Using Text Mail Logs
Sample Text Mail Log
Examples of Text Mail Log Entries
Message Receiving
Successful Message Delivery Example
Unsuccessful Message Delivery (Hard Bounce)
Soft Bounce with Ultimately Successful Delivery Example
Message Scanning Results (scanconfig)
Message with Attachment
Successful Vault Health Check and Initialization
Generated or Rewritten Messages
Sending a Message to the Spam Quarantine
Using NTP Logs
Using Reporting Logs
Using Reporting Query Logs
Using Safelist/Blocklist Logs
Using SMA Logs
Using Status Logs
Using System Logs
Understanding Tracking Logs
Using Audit Logs
Log Subscriptions
Configuring Log Subscriptions
Setting the Log Level
Creating a Log Subscription in the GUI
Editing Log Subscriptions
Configuring Global Settings for Logging
Logging Message Headers
Configuring Global Settings for Logging by Using the GUI
Rolling Over Log Subscriptions
Rolling Over Logs in Log Subscriptions
Rolling Over Logs Immediately Using the GUI
Rolling Over Logs Immediately via the CLI
Viewing the Most Recent Log Entries in the GUI
Viewing the Most Recent Entries in Logs (tail Command)
Configuring Host Keys
Troubleshooting
Collecting System Information
Troubleshooting Hardware Issues
Troubleshooting Feature Setup Issues
General Troubleshooting Resources
Troubleshooting Issues with Specific Functionality
Responding to Alerts
Alert: Battery Relearn Timed Out (RAID Event) on 380 or 680 Hardware
Additional Alert Descriptions
Working with Technical Support
Opening or Updating a Support Case from the Appliance
Getting Support for Virtual Appliances
Enabling Remote Access for Cisco Technical Support Personnel
Enabling Remote Access to Appliances With an Internet Connection
Enabling Remote Access to Appliances Without a Direct Internet Connection
Disabling a Tech Support Tunnel
Disabling Remote Access
Checking the Status of the Support Connection
Running a Packet Capture
Remotely Resetting Appliance Power
IP Interfaces and Accessing the Appliance
IP Interfaces and Accessing the Appliance
IP Interfaces
Configuring IP Interfaces
Creating IP Interfaces Using the GUI
Accessing the Appliance via FTP
Secure Copy (scp) Access
Accessing via a Serial Connection
Pinout Details for the Serial Port in 80- and 90- Series Hardware
Pinout Details for the Serial Port in 70-Series Hardware
Assigning Network and IP Addresses
Ethernet Interfaces
Selecting IP Addresses and Netmasks
Sample Interface Configurations
IP Addresses, Interfaces, and Routing
Summary
Strategies for Connecting Your Content Security Appliance
Firewall Information
Firewall Information
Web Security Management Examples
Web Security Management Examples
Web Security Appliance Examples
Example 1: Investigating a User
Related Topics
Example 2: Tracking a URL
Related Topics
Example 3: Investigating Top URL Categories Visited
Related Topics
Additional Resources
Cisco Notification Service
Documentation
Third Party Contributors
Training
Knowledge Base Articles (TechNotes)
Registering Azure Active Directory Application
Cisco Support Community
Customer Support
Registering for a Cisco Account
Cisco Welcomes Your Comments
End User License Agreement
Cisco Systems End User License Agreement
Supplemental End User License Agreement for Cisco Systems Content Security Software
>
Common Administrative Tasks
>
Customizing Your View
>
General Settings
General Settings
Improving Web Interface Rendering
Monitoring Web Usage Analytics