cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13002
Views
5
Helpful
5
Replies

Ironport CASE update unsuccessful

Andrewkai
Level 1
Level 1

Hello,

I would like to ask for a favour from you guys. I got the following error message form my Ironport  C160.

CASE update unsuccessful. This may be due to transient network or DNS issues,
HTTP proxy configuration causing update transmission errors or unavailability of the configured download server. 
The specific error on the appliance for this failure is: Error transferring CASE update directory information
'http://downloads.ironport.com/as/case.ini': I/O error opening URL
'http://downloads.ironport.com/as/case.ini?version=7.0.3-005&model=C160&serial=&t_version=3.1.0-014&e_version=3.1.0-014&has_vof=0&has_ipas=1&has_sbnp=1'

Thanks for your kind support and advices!

Sincerely,

Andrew

1 Accepted Solution

Accepted Solutions

Hello Andrew,

an alert would be triggered for each update failure, so if only a single alert was seen you can assume that only one update attempt failed.

In GUI Security Services -> Anti-Spam you can also review the last download attempt and the last successful download (or on CLI: antispamstatus). The configured update interval determines when the next update is attempted, so usually no manual intervention would be required as the appliance drives this on its own.

Under some circumstances (when the network connectivity is bad or the network bandwidth is manually limited) the update fails at all times and the appliance does not manage to finish an update attempt in the configured time interval. This may result in outdated Anti-Spam (or Anti-Virus) rules and happens most likely when new Anti-Spam/Anti-Virus engines are released (as they have a higher size than rule updates and require more bandwidth to download). In that case the first step would be to change the update interval (for testing purpose) to a higher value (for instance: 15 or 30 minutes) to see if the update could finish within that time interval. However, this can only be seen as a workaround as the root cause for this is a network related issue that needs investigation in the network (and not on the appliance).

So to make a long story short: single alerts are save to be ignored (they CAN happen), several of them within a short time frame should be further investigated.

Thanks and regards,

Martin

View solution in original post

5 Replies 5

Martin Eppler
Cisco Employee
Cisco Employee

Hello Andrew,

a C160 is not a Cisco Spam & Virus Blocker, so your post is in the wrong forum here :-)

But the Cisco Spam & Virus Blocker can encounter the same alert message, which is why I'd like to keep the post in this forum here rather than moving it to the IronPort Email Security forum.

First of all: how often did you see this alert and in what time intervals?

A single alert may just indicate what it sais: a temporary network issue in downloading Anti-Spam updates. Typically an appliance (when set to default) is attempting an update every five minutes (GUI: Security Services -> Service Updates, Parameter: update interval), so if one update fails it recovers just minutes later (if no further alert is seen).

If you see several alerts within a short time frame, then I'd recommend to verify the network connectivity of the appliance on port 80 and 443 - especially when firewalls and/or proxy servers are in place that could prevent access to downloads.ironport.com.

Thanks and regards,

Martin

meppler wrote:

Hello Andrew,

a C160 is not a Cisco Spam & Virus Blocker, so your post is in the wrong forum here :-)

But the Cisco Spam & Virus Blocker can encounter the same alert message, which is why I'd like to keep the post in this forum here rather than moving it to the IronPort Email Security forum.

First of all: how often did you see this alert and in what time intervals?

A single alert may just indicate what it sais: a temporary network issue in downloading Anti-Spam updates. Typically an appliance (when set to default) is attempting an update every five minutes (GUI: Security Services -> Service Updates, Parameter: update interval), so if one update fails it recovers just minutes later (if no further alert is seen).

If you see several alerts within a short time frame, then I'd recommend to verify the network connectivity of the appliance on port 80 and 443 - especially when firewalls and/or proxy servers are in place that could prevent access to downloads.ironport.com.

Thanks and regards,

Martin

Hi Martin,

Thanks for your great comment. I know I posted in the wrong page bcos I can't creat new discussion under

https://supportforums.cisco.com/community/netpro/security/ironport  :-)

Yes! you are right we are doing DR testing for Ironport and that's why I'm getting this alert. If I'm not wrong, this is only a single alert.

So, should I download Anti-spam updates manually? OR just ignore this alert?


Appreciate you kind help!

Sincerely,

Andrew

Hello Andrew,

an alert would be triggered for each update failure, so if only a single alert was seen you can assume that only one update attempt failed.

In GUI Security Services -> Anti-Spam you can also review the last download attempt and the last successful download (or on CLI: antispamstatus). The configured update interval determines when the next update is attempted, so usually no manual intervention would be required as the appliance drives this on its own.

Under some circumstances (when the network connectivity is bad or the network bandwidth is manually limited) the update fails at all times and the appliance does not manage to finish an update attempt in the configured time interval. This may result in outdated Anti-Spam (or Anti-Virus) rules and happens most likely when new Anti-Spam/Anti-Virus engines are released (as they have a higher size than rule updates and require more bandwidth to download). In that case the first step would be to change the update interval (for testing purpose) to a higher value (for instance: 15 or 30 minutes) to see if the update could finish within that time interval. However, this can only be seen as a workaround as the root cause for this is a network related issue that needs investigation in the network (and not on the appliance).

So to make a long story short: single alerts are save to be ignored (they CAN happen), several of them within a short time frame should be further investigated.

Thanks and regards,

Martin

Thank you so much! Appreciate you help.

Sincerely,

Andrew

Hello Andrew,

many thanks. Glad to see that I was able to help here.

Regards and happy weekend,

Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: