Cisco ESA Secure Email Upgrade from 13.5 to 14.2 Release

Performing Upgrade

Cisco IronPort Email Security Appliance(tm) Upgrade

Note: From Async OS 14.2 version onwards, the Sender Domain Reputation verdict names have changed. For example, the ‘Tainted’ and ‘Weak’ verdict names are merged as one verdict known as ‘Neutral’. During the upgrade, the system automatically updates the Sender Domain Reputation message and content filter configurations to reflect the new verdict names. Make sure you review and configure the message and content filters accordingly.

Note: From Async OS 14.2 version onwards, the SDR Domain Age filters are automatically updated to SDR Sender Maturity Filters. However, Sender Maturity is set to a limit of a maximum of 30 days and beyond this limit, a domain is considered mature as an email sender, and no further details are provided. Filters which have an invalid value for Sender Maturity would be marked as inactive after upgrade. Make sure you review and modify your message filters and content filters accordingly.

You can choose to cancel the upgrade now and modify the required filters, or you can modify the filters accordingly after the upgrade is complete.

Note: The custom CA certificates that are expired or have an issue with basic constraints extension and CA setting are deleted after upgrade.

This upgrade will require a reboot of the system after it finishes installing.
You may log in again after this is done.

After you upgrade to AsyncOS 12.0 or later, you can no longer use certificates with a critical extension that:
– The system cannot recognize
– Contains information that the system cannot process or validate.

All certificates that match the above criterion are deleted.
After you upgrade to AsyncOS 13.0, you cannot use the TLS v1.0 version for GUI in FIPS mode. However, you can enable TLS v1.0 on the appliance, if required.
After you upgrade to AsyncOS 13.5.1 and later, TLS v1.1 and v1.2 is enabled by default.
– You cannot use TLS v1.0 in FIPS mode.
– The appliance disables TLS v1.0 in non-FIPS mode after the upgrade but you can re-enable it if required.

The old system CA certificate bundle is moved to the following directory path – /data/pub/systemca.old/

Do you want to append the current system CA certificate bundle to the custom CA certificate bundle? Yes

Leave a Comment

Translate »
Google no longer supports Google Images API and this plugin can't work.

You can try to use other plugins with the same feature:
WP Picasa Box -
WP Pixabay Search And Insert -