Download Firmware Cisco ESA AsyncOS 14.2.1

Cisco has released a firmware update for her Email Security Appliances, which are abbreviated to ESA. The technology comes from IronPort Systems, which was purchased by Cisco in 2007. Although that was more than a decade and a half ago, you still hear the name IronPort for these appliances. For the supported upgrade paths, it is advisable to review the documentation or contact Cisco’s TAC. This firmware is called 14.2.1 and has 14.2.1-020 as the exact version number; this also lists the recent ones sql injection and http response header injectionproblems addressed. The list of innovations looks like this:

What’s New in AsyncOS 14.2.1

Using only User-defined Passphrases to open Password-protected Attachments. From this release onwards, you can choose to use only the user-defined passphrases created in your email gateway to open password-protected attachments in incoming and outgoing messages.

Send Maturity. In this release, the legacy Sender Domain Reputation (SDR) Domain Age functionality is replaced with Sender Maturity. Sender Maturity is an important feature to establish sender reputation. Sender Maturity is automatically generated for spam classification based on multiple sources of information and can differ from “Whois-based domain age.” Sender Maturity represents the Cisco Talos view of how mature a domain is as an email sender. The maturity value is tuned to enable threat detection regarding emails and generally does not reflect the domain age represented in “Whois-based domain age.” Sender Maturity is set to a limit of 30 days, and beyond this limit, a domain is considered mature as an email sender, and no further details is provided. Sender Maturity is used to calculate the sender reputation. Immature domains are assigned lower reputation. Cisco Talos recommends you rely on sender reputation only for determining policy actions. Sender Maturity is exposed to fine-tune filters for specific, non-standard scenarios.

Sender Domain Reputation Filtering Improvements. In this release, the user experience and overall quality of the Sender Domain Reputation (SDR) service is enhanced with performance improvements, increased availability, and deployment of SDR.

New Sender Domain Reputation Verdicts. From this release onwards, the Sender Domain Reputation (SDR) verdicts are updated to accurately reflect the intended meaning and recommended usage. During the upgrade, the system automatically updates the Sender Domain Reputation message or content filter configurations to reflect the new verdicts. Make sure you review and configure the message or content filters accordingly. For more information about the recommended actions, you can take for each new SDR verdict, see the “SDR Verdicts” section in the “Sender Domain Reputation Filtering” chapter of the user guide. After you upgrade to AsyncOS 14.2.x release, the legacy SDR verdicts in the content or message filters, reporting, and message tracking are replaced with the new SDR verdicts as follows:

• Untrusted
• Questionable
• Neutral
• Favorable
• Trusted
• Unknown

Enhancements on Grouping Appliances for File Analysis Reporting. The email gateway now uses the Smart Account ID to group appliances in your organization and to view the file analysis result of all appliances. When Smart Licensing is enabled on your email gateway, and you configure the appliance group for file analysis reporting, the system automatically registers Smart Account ID as the Appliance Group ID. You can change the Appliance Group ID at any time, and the change takes effect immediately without a Commit action.

Smart Software Licensing Enhancements. Following are the enhancements made to the Smart Software Licensing feature:

• License Reservation: You can reserve licenses for features enabled in your email gateway without connecting to the Cisco Smart Software Manager (CSSM) portal. This is mainly beneficial for covered users that deploy the email gateway in a highly secured network environment with no communication to the Internet or external devices. The feature licenses can be reserved in any one of the following modes:
  • Specific License Reservation (SLR) – use this mode to reserve licenses for individual features (for example, ‘Mail Handling’) for a given time-period.
  • Permanent License Reservation (PLR) – use this mode to reserve licenses for all features permanently.
• Device Led Conversion: After you register your email gateway with smart licensing, all existing, valid classical licenses are automatically converted to smart licenses using the Device Led Conversion (DLC) process. These converted licenses are updated in the virtual account of the CSSM portal.

TLS Certificate Enhancement for Destination Control. You can now choose a different certificate other than the certificate configured in the ‘Default’ destination control entry for specific domains. You can choose a different certificate in any one of the following ways:

• Edit the corresponding destination control entry and select a different certificate using the TLS certificate option in the web interface.
• Use the destconfig > new or edit sub commands in the CLI to select a certificate when you create or edit a destination control entry.

Modification of Classic Licensing – Expiration Date in Web Interface and CLI. From this release onwards, the existing ‘Expiration Date’ column header in the web interface and CLI for classic licensing is modified as follows – “Expiration Date (including grace period)” to indicate that the grace period is included in the expiration date.

Detecting Smart Identifier with or without Prefix. The email gateway now detects a smart identifier with or without the keyword (‘credit,’ ‘ssn,’ ‘cusip,’ or ‘aba’) added as a prefix in the message content. You can configure the content filter condition or message filter rule to detect the smart identifier with or without the keyword added as a prefix in the following ways:

• Use the Contains smart identifier prefix option in the content filter condition for Message Body, Message Body or Attachment, and Attachment Content. For more information, see the ‘Content Filter Condition’ section in the ‘Content Filter’ chapter of the user guide.
• Use the prefix syntax in the message filter rule. For more information, see the ‘Smart Identifier Syntax’ section in the ‘Using Message Filters to Enforce Email Policies’ chapter of the user guide.

Caching for Syslog Push Log Subscriptions. You can now configure a local disk buffer for a syslog push log subscription to allow email gateway to cache log events when the remote syslog server is unavailable. When the syslog server becomes available, the email gateway sends all the data in the buffer for that log subscription to the syslog server.

Configuring Maximum Number of Content Dictionaries in Email Gateway. You can now configure a maximum number of 150 content dictionaries in your email gateway.

Changes in Behavior in AsyncOS 14.2.1

• Message Tracking – Remediation Action Changes.
  • [Before this Release]: In the Message Tracking > Remediate > Confirm Remediation Action dialog box, you could enter any special characters in addition to ‘az,’ ‘AZ, ‘ and ‘0-9’ characters for the ‘Remediation Batch Name’ and ‘Description’ fields .
  • [From this Release onwards]: In the Message Tracking > Remediate > Confirm Remediation Action dialog box, you can only enter ‘az,’ ‘AZ, ‘ ‘0-9,’ ‘_,’ ‘-‘ characters, and spaces for the ‘Remediation Batch Name’ and ‘Description’ fields.
• Changes to Default Log Level Selected for Audit Logs.
  • [Before this Release]: When you would create an ‘Audit log’ log subscription using the web interface or the CLI, the ‘Information’ option would be selected as the default log level.
  • [From this Release onwards]: when you create an ‘Audit log’ log subscription using the web interface or the CLI, the ‘Debug’ option is selected as the default log level. You can change the log level option if required.