We were hit by this issue with the corrupt Sophos AV signature, causing performance on the S appliances to tank. Cisco said it would be corrected by this afternoon, but it's evening now and still nothing. Anyone hearing anything new about this?
Dear Cisco Web Security Customer,
This message is for Web Security Appliance customers running releases 7.0.x or 7.1.x & using Sophos virus scanning.
The primary Cisco IronPort datacenter encountered a power event at approximately 6:30am PDT today, May 22, 2012 that caused a failover to one of our backup datacenters. We have recently received customer reports of issues relating to Sophos and performance. It has been determined that after the power event your appliance(s) may have received an outdated Sophos update that could potentially cause a data corruption that may impact the performance of your appliance. Cisco engineering teams are actively working on an update that will correct this issue and we are anticipating it being made available by early afternoon PDT tomorrow, May 23, 2012.
As a precaution Cisco IronPort recommends that until the update is available that you temporarily disable Sophos virus scanning using the following instructions:
1) Login to the Web Security Appliance via HTTP to the GUI 2) Go to Security Services -> Anti-Malware 3) Click at “Edit Global Settings” 4) Uncheck “Enable Sophos” 5) Press “Submit” 6) Commit the changes
Cisco IronPort will notify you when the update is available.
This is an update for Web Security Appliance customers running releases 7.0.x or 7.1.x & using Sophos virus scanning.
A Sophos IDE patch is now available that resolves this problem.
The primary Cisco IronPort datacenter encountered a core switch failure at approximately 4:30am PDT yesterday, May 22, 2012. Following this event we received customer reports of issues relating to Sophos and performance. It was determined that some customers had an outdated Sophos update that could potentially cause data corruption or impact the performance of their appliances.
Cisco Engineering was able to identify the cause of this problem and released a Sophos IDE patch at 07:20 PM PDT that fixes this problem.
How To Upgrade
Prior to upgrading, please save a copy of the configuration file somewhere other than on your appliance. This Upgrade requires you to reboot your appliance if you are running an outdated Sophos IDE.
Note: If your WSA doesn't require this patch you will not be asked to reboot. You will just need to click "Clear Upgrade" in the WebUI or exit the session in the CLI.
From the CLI:
1. Log into the command line of your Cisco IronPort Appliance as the 'admin' user
2. Type 'upgrade'
3. When asked if you are sure you would like to reboot, press 'Yes'
1. Go to 'System Upgrade' in the 'System Administration' tab
2. Select 'Sophos IDE Patch Update (Reboot May Be Required)' from the list of updates.
3. After upgrade completes, click on 'Reboot Now'
Once the the IDE patch upgrade and reboot is complete, it will bring your Sophos virus definitions to factory default and will be automatically updated to latest definitions at the next scheduled update. If you do not want to wait until the next scheduled update, you can choose to update now by using the following steps:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :