So SMA does not include sslconfig CLI command. We cannot reonfigure SSL/TLS ciphers as we do for ESA (C-series) appliances. Once I got instructions from TAC support telling, that I must download config file from SMA, edit those cipher parameters manually and then upload it back to the appliance. Is this still the only way to do it with SMA 8.1.1, 8.30 and 8.3.5?
If we download the config file and do the changes, can we use sslconfig CLI command and there VERIFY subcommand of an ESA appliance to verify that a planned cipher set would surely work in a SMA appliance? I think I might be interested in cipher set
Is the proper parameter to be changed named ssl_gui_ciphers? Does it cover only the management web GUI or also spam quarantine web GUI? Not interested in STARTTLS SMTP ciphers at this point. As s default, those SSL ciphers are set as:
After fixing a locally downloaded config file and loading it back to SMA, will the config file load require a reboot? Are our safelists/blocklists, logs, message tracking, scheduled reports, spam quarantine content safe and we will not lost anything? So all we plan to change in config file, are the cipher settings.
Testing a SMA spam quarantine https service with Qualys Inc. SSL labs test service opened my eyes on this case:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :