We are in the process of migrating to O365. We currently have multiple, physical ESAs in our environment. Our next step after migration would be to look at moving from the physical ESAs to Cloud Email Security. Just some questions for anyone that has been down this path.
1. Are there differences between the physical ESA and Cloud Email Security? I thought that I had read a couple of posts on here that there are some differences, but can't find those posts now. 2. Configuration - Is it as simple as they say? Export our current config and upload it to Cloud Email Security? 3. Making changes - With O365, make a change, wait an hour. Do config changes work the same as on the physical appliance? 4. Reporting - We have to, on occasion, have to download the mail logs. Is that still possible?
One other question, off-topic. If we keep a physical appliance on our internal network, as a relay, do we need to have any licensing for it? Since it's on our internal network, we wouldn't need AV/AS scanning. Just the ability to relay email to our Gateways. Is this possible?
Unfortunately not much documentation is available with us at the moment on the cloud appliances working and implementation as its taken care of mostly by a dedicated team at Cisco, even though it is similar to the physical appliance in a lot of ways.
I would request you to reach out to the hosted services team for queries on the hosted appliance.
CES Hosted Contact information: CES email: firstname.lastname@example.org
CES Hosted Service Desk: US Toll Free: +1 866 616 5139 UK Toll Free: +44 800 085 3214 AUS toll free: +61 180 071 6560 International: +1 512 340 3775
As for the additional query, yes the physical ESA can surely be used purely as a relay appliance even after all feature keys have expired. However, you would need an active contract for support and opening TAC cases etc.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :