Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Ironport Auto Update - Anti Spam and Anti Virus Sophos

Im still having issues with auto upgrading for anti virus and anti spam.  The feature keys are within date and do not expire until next year. 

Aware Cisco had issues with updating via their end and this has been resolved but I still need to perform forced updates for anti spam and anti virus.


Automatic updates is enabled.


CISCO - has this been resolved completely?


Security Services - Service Updates

Update Server (images):Dynamic (Cisco IronPort Update Server)
Update Server (list):Dynamic (Cisco IronPort Update Server)
Automatic Updates:Enabled
Update Interval:5m
HTTP Proxy Server:Not Enabled
HTTPS Proxy Server:Not Enabled
Cisco Employee

What version of AsyncOS are

What version of AsyncOS are you running?  This would be on your ESA appliances, correct?  Also - have you tried using the downloads-static URLs?  This may help to resolve any firewall/routing issues that may be affecting local sites...

As of June 28th, 2013: will have IPv4 address


Cisco offers static servers for those sites that have strict firewall requirements.


Hostnames, IPs, and Ports involved (Please Note that all the information below are needed in the firewalls, if you configure the update and upgrade using static method): on port 80 on port 443 on port 80


Changing the Upgrade and Update Settings on AsyncOS:

1. Start on the Service Updates page of the Security Services page.
2. Click Edit Update Settings....
3. In the 'Update Servers (images)' section select Local Update Servers.
4. For 'Base Url (all services except McAfee Anti-Virus definitions and IronPort AsyncOS upgrades)' enter: Set "Port' to 80. Authentication settings should be left blank.
5. For 'Host (McAfee Anti-Virus definitions, PXE Engine updates, IronPort AsyncOS upgrades)' enter:
6. Leave the section labeled 'Update Servers (list)' set to IronPort Update Servers.
7. Fill in Proxy Servers settings if appropriate.
8. Click Submit.
9. Click Commit Changes.
10. Confirm by clicking Commit Changes again.



You can test if the upgrades are working by going to the System Upgrade page and clicking on Available Upgrades. If the list of available versions displays, then your setup is complete.  To verify updates are working, you can use the CLI command 'tail' to look at the appropriate log for errors. For Sophos updates, monitor the antivirus log. For McAfee, watch the updater_logs. For CASE updates used by IPAS and VOF, look at the antispam log. The system will also send alerts when updates fail.


I hope this helps!



(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

CreatePlease to create content