First Published: January 29, 2015
Last Updated: April 15, 2015
•
•
•
•
•
•
•
•
•
•
New Features, page 2
Upgrade Paths, page 3
Compatibility with Email and Web Security Releases, page 3
Important Notes, page 3
New and Changed Information, page 4
Installation and Upgrade Notes, page 5
Documentation Updates, page 9
Known and Fixed Issues, page 9
Related Documentation, page 11
Service and Support, page 11
Cisco Systems, Inc.
www.cisco.com

New Features
Feature
Virtual Form
Factor
Disk Space
Management improvements
Centralized File
Analysis quarantine
Display a message for appliance
Administrators
View recent appliance logins
Description
This Cisco Content Security Management Virtual Appliance release supports Email
Security appliances.
For complete information, see the Cisco Content Security Virtual Appliance
Installation Guide at http://www.cisco.com/c/en/us/support/security/content-security-management-appl iance/products-installation-guides-list.html
.
• Restrictions on the size of the spam quarantine have been removed.
• For virtual appliances, you can use VMWare tools to increase the disk space available to security management appliance instances. Single partitions above
2 TB in size are now supported.
If you are upgrading an existing virtual appliance, see an important caveat at
Upgrading a Virtual Appliance, page 5 .
• An additional quota (Miscellaneous Files) has been added to let you manage the space used for log files, packet captures, and configuration files.
For complete information, see the Managing Disk Space section in the online help or user guide.
Files can now be quarantined on the Security Management appliance when they are sent for File Analysis. However, unlike on the Email Security appliance, this quarantine does not automatically release messages based on the File Analysis verdict. Instead, the messages are held for the retention time that you specify.
The new quarantine is automatically created upon upgrade to this release. It is one of the group of quarantines referred to as "policy, virus, and outbreak quarantines" and has the same general settings and behavior as those quarantines.
For an important caveat before upgrading, see
File Analysis Quarantine, page 6
.
For details about this feature, see information about the centralized File Analysis quarantine in the online help or user guide.
You can create a message to display when administrative users log in to the appliance.
Currently, this functionality is available only using the command-line interface
(CLI). For information, see
Displaying a Message for Administrative Users, page 9
(below), or the chapter on distributing administrative tasks in the user guide.
You can view a short list of recent attempts to access the appliance using your credentials.
See
Viewing Your Recent Login Attempts, page 9 (below), or the chapter on
distributing administrative tasks in the user guide.
You can specify which users receive spam notifications, based on LDAP groups. Per-user spam notifications
Reporting and tracking for new features
Reporting and tracking have been updated to support new features in AsyncOS 9.0 for Cisco Email Security appliances
2
Release Notes for AsyncOS 9.0 for Cisco Content Security Management

Upgrade Paths
Feature
New Password
Change Options
Importing
Configuration
Files
Description
When you manually require a password change, for example after changing the password requirements, you can choose whether the users must change the password at the next login or after a specified duration.
If you are enforcing a password change after a specified duration, you can also set a grace period to reset the password after the password expires.
You can also specify a grace period for scheduled password changes.
You can now choose to ignore network settings and disk quota settings when importing a configuration file, simplifying migration of configurations between appliances.
This feature is also available in AsyncOS 8.4 for Cisco Content Security
Management Appliances, which supported Web Security appliances only.
You can upgrade to release 9.0.0-087 of AsyncOS for Cisco Content Security Management from the following versions:
• 7.9.1-039 • 8.1.1-033 •
•
8.3.6-039
8.3.6-042
• 8.4.0-150 • 9.0.0-087
This release is no longer available.
Compatibility with AsyncOS for Email Security and AsyncOS for Web Security releases is detailed in the Compatibility Matrix available from http://www.cisco.com/c/en/us/support/security/content-security-management-appliance/products-relea se-notes-list.html
.
•
•
Content Security Release Terminology
SNMP, page 4
Release Notes for AsyncOS 9.0 for Cisco Content Security Management
3

New and Changed Information
For an explanation of the terms ED, GD, and MD that are used in labeling content security product releases, see https://supportforums.cisco.com/blog/12309231/content-security-release-terminology .
AsyncOS supports system status monitoring via Simple Network Management Protocol (SNMP) versions v1, v2, and v3.
MIBs are available from http://www.cisco.com/c/en/us/support/security/content-security-management-appliance/tsd-products-s upport-series-home.html
.
When setting up SNMP to monitor connectivity:
When entering the url-attribute while configuring a connectivityFailure SNMP trap, determine whether the URL is pointing at a directory or a file.
• If it is a directory, add a trailing slash (/)
• If it is a file, do not add a trailing slash
Beginning in AsyncOS 8.4:
The use of SNMPv3 with password authentication and DES Encryption is mandatory to enable this service. (For more information on SNMPv3, see RFCs 2571-2575.) You are required to set a SNMPv3 passphrase of at least 8 characters to enable SNMP system status monitoring. The first time you enter a
SNMPv3 passphrase, you must re-enter it to confirm. The snmpconfig command “remembers” this phrase the next time you run the command.
In addition to the changes described in the New Features table above, the following functionality on your appliance has changed from previous releases and may require your attention.
•
Valid Characters for Usernames on the Update Settings Page, page 4
•
•
•
Opening a Support Case from the Appliance, page 5
SNMP Changes, page 5
Exporting Web Tracking Data, page 5
Requirements for usernames on the Management Appliance > System Administration > Update Settings page have changed in Release 9.0.
•
•
Previously: The name must start with a letter or number. Valid characters were letters, numbers, period, and space.
Now: The name must start with a lowercase letter or number. Valid characters are letters, numbers, period, and space.
4
Release Notes for AsyncOS 9.0 for Cisco Content Security Management

Installation and Upgrade Notes
In order to open a support case from the appliance, you will need your CCOID and support contract number. Previously, this information was collected via other means.
See the last paragraph under SNMP, page 4
.
Previously, when exporting web tracking data as CSV, the data was sorted by timestamp. Beginning in
AsyncOS 8.4, this data is not sorted.
•
•
•
•
•
Additional Reading, page 5
Virtual Appliance, page 5
Preupgrade Requirements, page 6
Upgrading to This Release, page 8
Requirements After Upgrade, page 8
You should also review the release notes for:
•
•
Your associated Email and Web security releases.
Earlier releases of AsyncOS for Security Management, if you are upgrading from a release earlier than the immediate previous release.
For links to this information, see
Related Documentation, page 11
.
To set up a virtual appliance, see the Cisco Content Security Virtual Appliance Installation Guide , available from http://www.cisco.com/c/en/us/support/security/content-security-management-appliance/products-instal lation-guides-list.html
.
If you have a previous content security management Virtual Appliance release and you want to use more than 2 TB of disk space, you cannot simply upgrade your virtual appliance.
Instead, you must deploy a new virtual machine instance for AsyncOS 9.0.
Release Notes for AsyncOS 9.0 for Cisco Content Security Management
5

Installation and Upgrade Notes
When you upgrade a virtual appliance, the existing licenses remain unchanged.
Step 1
Step 2
Step 3
Step 4
Set up your virtual appliance using the documentation described in
Virtual Appliance, page 5 .
Upgrade your physical appliance to this AsyncOS release.
Save the configuration file from your upgraded physical appliance
Load the configuration file from the hardware appliance onto the virtual appliance.
Be sure to select appropriate options related to disk space and network settings.
•
•
•
Perform the following important preupgrade tasks:
•
File Analysis Quarantine, page 6
Change the Protocol for Users and Log Subscriptions Configured to Use SSH 1, page 6
Preserve Settings in Configuration Masters, page 7
•
•
•
Preserve Pre-Upgrade Data from the System Capacity Report, page 7
Verify Associated Email and Web Security Appliance Versions, page 7
Disk Space Reductions (Hardware Appliances), page 7
Back Up Your Existing Configuration, page 8
If you have manually created a policy quarantine with the name "File Analysis," you must eliminate this quarantine before upgrading. You can do this by creating another quarantine with a different name, moving the messages to this new quarantine, then deleting the existing File Analysis quarantine. For more information about moving messages between policy quarantines, see the user guide or online help.
If you do not do this, the system will not create the File Analysis quarantine that holds messages with attachments that have been sent for file analysis.
This section applies if you are upgrading from a release earlier than AsyncOS 8.0 for Content Security
Management:
Support for SSH 1 has been removed starting in AsyncOS release 8.0. Therefore, before upgrade, you should do the following:
• Any remote host keys which use SSH 1 should be changed to SSH 2. Use the logconfig > hostkeyconfig
command in the CLI to make this change.
• For any log subscriptions that are configured to use SSH 1 as the protocol for SCP log push, choose
SSH 2 instead.
6
Release Notes for AsyncOS 9.0 for Cisco Content Security Management

Installation and Upgrade Notes
•
•
Change the access protocol or add a new SSH 2 key for any users configured to use only SSH 1. Use the sshconfig
command in the CLI to make this change.
Disable SSH 1 using the sshconfig > setup command in the CLI.
To see which configuration master versions are supported by this release, see Compatibility with Email and Web Security Releases, page 3
.
If you upgrade from a release that supports configuration master versions that are not supported in this release:
• Configuration masters that are not supported in this release will be removed during upgrade.
•
•
If you wish to preserve the settings in a configuration master that is not supported after upgrade, copy the settings into a newer configuration master before upgrading. You may need to upgrade to this release in steps in order to do this.
Web Security appliances that are assigned to obsolete configuration masters at upgrade will not be assigned to any configuration master after upgrade.
This section applies if you are upgrading from a release earlier than AsyncOS 8.0 for Content Security
Management.
Beginning in AsyncOS release 8.0 for Cisco Content Security Management, changes have been made to the CPU Usage by Function chart in the System Capacity report.
Specifically, Web Reputation and Web Categorization data in this chart have been combined into a single measure called "Acceptable Use and Reputation." As a result, CPU usage data for “Acceptable Use and
Reputation” may not be valid for time ranges that include dates before the upgrade.
If you want to preserve pre-upgrade CPU usage data for Web Reputation and Web Categorization, export or save the data for the CPU Usage by Function chart as CSV or PDF before you upgrade.
Before upgrading, verify that the Email Security appliances and Web Security appliances that you want to manage will run releases that are compatible. See the
Compatibility with Email and Web Security
Releases, page 3
.
As a result of changes in disk space allocation, the maximum disk space available in this release may have changed from previous releases. Depending on your hardware and the AsyncOS version that you are upgrading from, the maximum disk space available may have increased or decreased. A decrease in available disk space may result in loss of the oldest data after upgrade, based on the amount of data on the appliance that exceeds the new maximum limit.
See
Table 1-1 to determine the change that applies to your deployment.
Release Notes for AsyncOS 9.0 for Cisco Content Security Management
7

Installation and Upgrade Notes
Table 1-1 Maximum Disk Space Available for Different AsyncOS Releases and Hardware, in GB
Disk Space Available (GB)
AsyncOS Version
Hardware Platform
M160 M170
8.x, 9.0 165
7.9 165
165
165
M660
681
681
M670
681
681
M1060
1039
1053
M1070
1407
1409
Before upgrading your Cisco Content Security Management appliance, save the XML configuration file from your existing Security Management appliance. Save this file to a location off the appliance. For important caveats and instructions, see the “Saving and Exporting the Current Configuration File” section in the user guide or online help.
Step 1
Step 2
Step 3
Address all topics described in
Preupgrade Requirements, page 6
.
Follow all instructions in the “Before You Upgrade: Important Steps” section in the user guide PDF for
THIS release.
Perform the upgrade:
Follow instructions in the “Upgrading AsyncOS” section of the “Common Administrative Tasks” chapter of the user guide PDF for your EXISTING release.
Note Do not interrupt power to the appliance for any reason (even to troubleshoot an upgrade issue) until at least 20 minutes have passed since you rebooted.
Step 4
Step 5
Step 6
Step 7
After about 10 minutes, access the appliance again and log in.
Follow instructions in the “After Upgrading” section of the user guide PDF for THIS release.
Perform all tasks in Requirements After Upgrade, page 8 .
If applicable, see
Migrating From a Hardware Appliance to a Virtual Appliance, page 6 .
After upgrade, make the following changes on the Management Appliance >
System Administration > Disk Management page:
• For the Miscellaneous quota, allocate at least twice the amount of the current disk usage displayed for Miscellaneous files.
8
Release Notes for AsyncOS 9.0 for Cisco Content Security Management

Documentation Updates
• Available disk space may have changed (see
Disk Space Reductions (Hardware Appliances), page 7
.) However, the disk space allocations that existed before upgrade have not been changed. You may need to allocate new amounts that fit the current disk space.
Until you do so, you will not be able to load configuration files that you save from the appliance.
The User Guide PDF may be more current than the online help. To obtain the User Guide PDF and other documentation for this product, click the View PDF button in the online help or visit the URL shown in
Related Documentation, page 11 .
Information about other resources, including the knowledge base and Cisco support community, is in the
Additional Resources chapter in the online help and User Guide PDF.
The following information appears in the User Guide PDF but not in the online help for this release.
You can display a message that administrative users will see when they sign in to the appliance.
To set or clear a message:
Step 1
Step 2
Step 3
Step 4
If you will import a text file, put it into the /data/pub/configuration directory on the appliance.
Access the command-line interface (CLI).
Use the adminaccessconfig > BANNER command and subcommand.
Commit the change.
The following information appears in the User Guide PDF but not in the online help for this release.
To view your last few recent login attempts (failed or successful) via the web interface, SSH, and/or FTP:
Step 1
Step 2
Log in to the appliance.
Click the icon beside "Logged in as" near the top right side of the screen.
Use the Cisco Bug Search Tool to find information about known and fixed defects in shipping releases.
Release Notes for AsyncOS 9.0 for Cisco Content Security Management
9

Known and Fixed Issues
Note Known issues on Cisco Email Security Appliances and Cisco Web Security Appliances may appear in or impact functionality of Cisco Content Security Management Appliances.
Known issues in previous content security management releases may also affect this release.
•
•
•
Bug Search Tool Requirements, page 10
Lists of Known and Fixed Issues, page 10
Other Bug Searches, page 10
Register for a Cisco account if you do not have one. Go to https://tools.cisco.com/RPF/register/register.do
.
Note Issues that were open in previous releases may also be open in this release.
Known issues
Fixed issues https://tools.cisco.com/bugsearch/search?kw=*&pf=prdNm&pfVal=2825091
31&rls=9.0&sb=afr&sts=open&svr=3nH&srtBy=byRel&bt=custV https://tools.cisco.com/bugsearch/search?kw=*&pf=prdNm&pfVal=2825091
31&rls=9.0.0-089&sb=fr&svr=3nH&srtBy=byRel&bt=custV
Known issues
Fixed issues https://tools.cisco.com/bugsearch/search?kw=*&pf=prdNm&pfVal=2825091
31&rls=9.0.0&sb=anfr&sts=open&svr=3nH&srtBy=byRel&bt=custV https://tools.cisco.com/bugsearch/search?kw=*&pf=prdNm&pfVal=2825091
31&rls=9.0.0-087&sb=fr&srtBy=byRel&bt=custV
Procedure
Step 1
Step 2
Step 3
Go to https://tools.cisco.com/bugsearch/ .
Log in with your Cisco account credentials.
Enter search criteria.
Release Notes for AsyncOS 9.0 for Cisco Content Security Management
10

Related Documentation
Step 4
For example, enter a bug number, or a.
Click Select from list , then navigate to and select your product:
Cisco Email Security Appliance
Cisco Web Security Appliance
Cisco Content Security Management Appliance b.
For Releases , enter the AsyncOS release number, such as 8.1.1
.
If you have questions or problems, click the Help or Feedback links at the top right side of the tool.
In addition to the main documentation in the following table, information about other resources, including the knowledge base and Cisco support community, is in the Additional Resources chapter in the online help and User Guide PDF.
Documentation For Cisco
Content Security Products:
Security Management appliances
Web Security appliances
Email Security appliances
Command Line Reference guide for content security products
Cisco Email Encryption
Is Located At: http://www.cisco.com/c/en/us/support/security/content-security-mana gement-appliance/tsd-products-support-series-home.html
http://www.cisco.com/c/en/us/support/security/web-security-applianc e/tsd-products-support-series-home.html http://www.cisco.com/c/en/us/support/security/email-security-applia nce/tsd-products-support-series-home.html http://www.cisco.com/c/en/us/support/security/email-security-applia nce/products-command-reference-list.html
http://www.cisco.com/c/en/us/support/security/email-encryption/tsdproducts-support-series-home.html
International: Visit http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
Support Site: Visit http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
For non-critical issues, you can also access customer support from the appliance. For instructions, see the User Guide or online help.
This document is to be used in conjunction with the documents listed in the
“Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of
Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Release Notes for AsyncOS 9.0 for Cisco Content Security Management
11

Service and Support
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.
Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2015 Cisco Systems, Inc. All rights reserved.
12
Release Notes for AsyncOS 9.0 for Cisco Content Security Management