June 27, 2013
NOTICE:
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision History
Revision Date Comment
Products Affected
Products Affected
Problem Description
Cisco will soon release new improvements to its Security Intelligence Operations infrastructure that enable greater scalability and efficacy to all Cisco security products. As part of this effort, there is a scheduled change to the IPv4 addresses for one host used to retrieve updates to all services, except McAfee Anti-Virus definitions for the Cisco Email Security Appliances (ESAs). Cisco Email Encryption Appliances also use this host to download license keys.
Background
By default, Cisco security technologies use Domain Name System (DNS) to locate the appropriate update servers. However, some environments might have configured static IP addresses in their access control. If you have configured IP-based access control in order to permit outbound connections for updates from Cisco, you need to modify your rules to support the new IP address.
Problem Symptoms
Customers that have configured IP-based access control to permit outbound connections for updates from Cisco need to modify the rules to support the new IP address prior to June 28, 2013.
If the new IP addresses are not added to the access control, Cisco Email Security Appliance will not receive updates and the Encryption Appliance will not download new license keys.
Workaround/Solution
If these IP addresses have been added to your access control policy:
downloads-static.ironport.com has address IPv4 address 204.15.82.8
Note: This site is used for all services (except McAfee Anti-Virus definitions on TCP Port 80) on Email Security Appliance and to download license keys on Encryption Appliance.
Add these IP address to your access control policy by June 28, 2013:
downloads-static.ironport.com will have IPv4 address 208.90.58.105
If you do not modify the necessary access controls, your Cisco Email Security Appliance will not receive updates and your Encryption Appliance will not download new license keys.
Should you have any questions, contact your local Cisco Support Team.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.