We are in the process of migrating to O365. We currently have multiple, physical ESAs in our environment. Our next step after migration would be to look at moving from the physical ESAs to Cloud Email Security. Just some questions for anyone that has been down this path.
1. Are there differences between the physical ESA and Cloud Email Security? I thought that I had read a couple of posts on here that there are some differences, but can't find those posts now. 2. Configuration - Is it as simple as they say? Export our current config and upload it to Cloud Email Security? 3. Making changes - With O365, make a change, wait an hour. Do config changes work the same as on the physical appliance? 4. Reporting - We have to, on occasion, have to download the mail logs. Is that still possible?
One other question, off-topic. If we keep a physical appliance on our internal network, as a relay, do we need to have any licensing for it? Since it's on our internal network, we wouldn't need AV/AS scanning. Just the ability to relay email to our Gateways. Is this possible?
Unfortunately not much documentation is available with us at the moment on the cloud appliances working and implementation as its taken care of mostly by a dedicated team at Cisco, even though it is similar to the physical appliance in a lot of ways.
I would request you to reach out to the hosted services team for queries on the hosted appliance.
CES Hosted Contact information: CES email: email@example.com
CES Hosted Service Desk: US Toll Free: +1 866 616 5139 UK Toll Free: +44 800 085 3214 AUS toll free: +61 180 071 6560 International: +1 512 340 3775
As for the additional query, yes the physical ESA can surely be used purely as a relay appliance even after all feature keys have expired. However, you would need an active contract for support and opening TAC cases etc.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...