Working of Cluster/Group/Machine Levels on ESA

Available Languages

Download Options

  • PDF     (168.4 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (202.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (147.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 10, 2021
Document ID:217136

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    The Cisco Email Security Appliance (ESA) features allow you to configure and manage multiple appliances at once for reliability, flexibility, and scalability and also allowing you to manage globally while complying with local policies etc.

    Configure ESA

    ESA can be configured at 3 different levels:

    1. Machine

    2. Group

    3. Cluster

    Cluster

    A cluster consists of a set of machines with common configuration information. Within each cluster, the appliances can be further divided into machine groups, where a single machine can be a member of only one group at a time. 

    Clusters are implemented in a peer-to-peer architecture - with no primary/secondary relationship. You can log into any machine to control and administer the entire cluster or group. This allows the administrator to configure different elements of the system on a cluster-wide, group-wide, or per-machine basis, based on their own logical groupings.

    Group

    You can configure the devices and bind them to different groups. One or many groups can be configured on the appliance. Each group level settings can be modified separately within a cluster set. 

    The group-level settings override the Cluster level settings and at the initial setup, the group settings are generally empty.

    Machine

    Typically, the settings configured at this level are applied to only that specific machine. It overrides the Group and the Cluster level settings. There is a certain configuration that is machine-specific like interface, feature keys, services etc.

    How to switch between Cluster/Group/Machine modes?

    GUI

    1. Navigate to the GUI.

    2. Open any specific configuration you wish to edit. For example, in the given screenshot, navigate to Incoming Mail Policies as shown in the image.

    3. Use the Change Mode option from the drop-down; you can choose options to switch to different modes in order to view the configurations at these levels.

    CLI

    1. Log in to the CLI of the machine.

    2. Use the command clustermode in order to switch between the levels.

    (Cluster test_cisco)> clustermode

    Choose the configuration mode for subsequent changes.
    1. Cluster
    2. Group
    3. Machine
    [1]>

    How to Add/Modify/Remove settings at different levels?

    GUI

    1. Navigate to the GUI of the device.

    2. You will see options to Delete Settings and Manage Settings.

    3. Manage Settings gives you options to Copy/Move the settings from one level to another level.

    4. You can select Copy or Move actions in order to easily transfer the configuration from the current configured level to the desired level.

    For example: In the given screenshot, the configuration is defined at the Cluster level, so you can either move or copy the configuration from cluster to the Group level or to the Machine level.

    5. Now you can modify or add additional configuration if required.

    6. In order to delete the settings, you can simply click on the Delete Settings option in order to erase the configuration from a given level. You will be prompted with a window to further confirm or cancel it as shown in the image.

    Note: Configuration at the machine level takes the first preference and will override the group and the cluster level settings. Similarly, if configuration defined at Group will take preference and will override the cluster level settings.

    CLI

    1. Log in to CLI

    2. Use the specific commands in order to make changes.

    (Machine cisco.com)> policyconfig

    Would you like to configure Incoming Mail Policy or Outgoing Mail Policies or Match Headers Priority?
    1. Incoming Mail Policies
    2. Outgoing Mail Policies
    3. Match Headers Priority
    [1]>

    What would you like to do?
    1. Switch modes to edit at mode "Cluster test_cisco".
    2. Start a new, empty configuration at the current mode (Machine cisco.com).
    3. Copy settings from another cluster mode to the current mode (Machine cisco.com).
    [1]>

    3. You can choose from the options prompted to modify or add the configuration at the machine/group/cluster level.

    4. With the use of the clustermode command, you can switch between different levels and choose to modify or copy the settings to the desired level.

    5. In order to view configuration on different levels for a specific configuration, you can further use the clustershow command as mentioned here:

    []> clustershow

    policyconfig Settings
    =====================
    Configured at mode:
    Cluster: Yes
    Group Main_Group: No
    Machine cisco.com:

    6. You can use the clusterset command in order to perform one of these options.

    []> clusterset

    You can copy the current settings of policyconfig to a group or a machine.
    1. Copy To Group
    2. Copy To Machine
    3. Move To Group
    4. Move To Machine
    5. Delete From Cluster
    [1]>

    Related Information

    TAC Authored

    Contributed by Cisco Engineers

    • Anjali Kumari
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products