Requirements for the PVO Migration Wizard when ESA is clustered

Available Languages

Updated:August 25, 2015
Document ID:200083

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the requirements for the Policiy, Virus and Outbreak quarantine (PVO) wizard when clustering is involved on the Email Security Appliance (ESA).

What are the requirements for the PVO Migration Wizard when ESA is clustered?

To use the Migration Wizrad to move data from clustered ESA to the Security Management Appliance (SMA) for  the Policy, Virus & Outbreak Quarantine, these requirements must be met:

Note: You can enable centralized policy, virus and outbreak quarantines at any level for clustered appliances.

Requirements

  • Before you enable "Centralized policy, virus, and outbreak quarantines" on an Email Security appliance (ESA) at a particular level (machine, group, or cluster), all appliances that belong to the same level must first be added to the Security Management appliance
  • Must use the Administrator account to configure the settings, (not Operator or others) or the configuration can be set up but the [Enable...] button on the ESA will be grayed out and the service cannot be enabled
  • Content and message filters and DLP message actions must be configured at the same level and not overridden at any level below that level
  • Centralized policy, virus, and outbreak quarantines settings must be configured at the same level and not be overridden at any level below the configured level.
  • Ensure that the interface to be used for communications with the Security Management appliance has the same name on all appliances in the group or cluster.

Example

If you want to enable centralized policy, virus and outbreak quarantines at the cluster or group level, but an ESA which is connected to the cluster has these settings defined at the machine level, you must remove the centralized quarantines settings configured at the machine level before you can enable the feature at the cluster or group level.

If these are not met, there will be an error similar to this on the SMA side:

Unable to proceed with Centralized Policy, Virus and Outbreak (PVO) Quarantines configuration as host1.example.com, host2.example.com in Example_Cluster have content filters / DLP actions available at a level different from the Cluster Example_Cluster level.

Related Information

Revision History

Revision Publish Date Comments
1.0
25-Aug-2015
Initial Release
TAC Authored

Contributed by Cisco Engineers

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products