Dec 04, 2019 Cisco/Generic code transceivers are compatible with Sophos products with limitations shown above. The 1G=10G combination on 4x10G FlexiPort modules is only supported with Intel-coded transceivers. Other third-party transceivers and Active or Passive DAC cables with similar coding might work as well but have not been tested by Sophos.
- Compare Cisco Umbrella vs Sophos Web Content Filtering. 87 verified user reviews and ratings of features, pros, cons, pricing, support and more.
- Mar 27, 2017 Introduction. This document describes why a Cisco Email Security Appliance (ESA) administrator receives a warning message from an appliance after an upgrade that states that the Sophos Anti-Virus database is expired.
Contents
Introduction
This document describes why the Sophos Anti-Virus updates on the Cisco security appliance are different than those available on the Sophos web site.
Prerequiste
Cisco recommends that you have knowledge of these topics:
- Cisco Email Security Appliance (ESA)
- All versions of AsyncOS
Background
There are two types of updates: updates to the Sophos Anti-Virus engine and updates to the Sophos virus identity files (Integrated Development Environment (IDE) files).
The Sophos Anti-virus engine is fully integrated into the AsyncOS operating system. Sophos generates a new version of their anti-virus scanning engine approximately every month. The new version contains both current virus definitions and any code changes that are required to recognize new types of viruses and to fix known issues. As additional viruses are discovered, Sophos releases virus identity files, called IDE files. These will work with engines that are less than 90 days old.
Sophos updates are managed automatically by Cisco AsyncOS in the C-Series appliance. As Sophos releases new versions of their engine, Cisco qualifies them through a quality assurance (QA) process, and then places them on the Cisco update servers so that your C-Series appliance will automatically download and update them. As IDE virus definition files are released, these move automatically through the service and are placed on the Cisco update servers within a few minutes of their release by Sophos.
Sophos IDE virus signatures are valid and operate with the previous engine versions. All current IDEs will be loaded and will work with the engine version running in the Cisco C-Series appliance.
Configure
Sometimes the files on the Cisco ESA may appear to be out of synchronization with those available directly from Sophos. This can be further complicated by the timezone difference between Sophos and most North American customers. The Sophos web site is managed by Sophos headquarters near Oxford in the UK. The postings on the site are dated with the local timezone, GMT. It is a bit confusing to correlate Sophos IDE files. Not only does the large time difference often cause the dates to seem a day apart, but Cisco uses a different numbering schema for the IDE files. You can try to match these files by checking the Sophos IDE site to see when an IDE was released, as well as how many others were released that day and the day before it, but as Cisco will often pick up incremental changes not posted on this site, this is not the most efficient method. Cisco queries the Sophos website every 10 minutes. The default setting for an appliance is to query the Cisco download site every five minutes. In the worst case there will be a 15 minute delay.
The numbering schema for the IDE files is the date. For example, 'Sophos IDE Rules 2004121402 Tue Dec 14 06:27:14 2004' correlates to the thrid update (start counting from zero) on Decemeber 14th, published here.
Cisco Sophos Security
Cisco recommends that you set the Sophos Automatic Update Interval to the default setting of 15 minutes. Check that you are getting continuous updates from Cisco by using the web-based GUI, on the Security Services->Anti-Virus page. This information is also available using the antivirusstatus CLI command, for example:
If your updates are not successful (you will receive an alert message if this happens), you can try a manual update using the Update Now button in the GUI, or the antivirusupdate CLI command. The status of the update is shown in the antivirus log file. For example:
Introduction
This document describes how to manually update the anti-virus process for the Cisco Email Security Appliance (ESA).
How do I force a download of Sophos or McAfee Anti-Virus updates immediately?
Although anti-virus updates happen at regular intervals as configured from the appliance service updates, if you are waiting for an update you can initiate an anti-virus update yourself. By default, the updater service will check for updates every five minutes. Cisco recommends to leave this set to the default update interval.
You can review the appliance service updates from GUI, Security Services > Service Updates. From the CLI run updateconfig. This will be listed as the Update Interval.
To update the anti-virus process directly, please choose one of the following methods:
GUI
From the GUI, you can initiate an update from the Security Services > Anti-Virus, and choose either Sophos or McAfee. From the Current Anti-Virus Files table, click the Update Now button.
Sophos Cisco Vpn Client
Example, using Sophos Anti-Virus:
CLI
From the CLI, you can initiate an immediate virus update with the CLI command antivirusupdate, and choose the anti-virus process you have licensed, sophos or mcafee.
On the CLI you can also force a complete update via the command antivirusupdate force. A complete update is when the ESA will reach out to the Cisco update servers and pull the complete and most recent IDE, and also will pull the complete and most recent anti-virus engine, and reapply this in the background on your appliance.
Verification
You can view the process of the anti-virus updates my running tail updater_logs from the CLI on the ESA. This assure you of the appliance's communication with the Cisco update servers and manifest, and allow you to see the update complete.
Sophos Cisco Site To Site Vpn
You will want to assure that you see the highlighted lines above, which will indicate the successful request and update of the requested anti-virus updates.
Cisco Sophos Free
Cisco encourages customers who enable Sophos Anti-Virus scanning to subscribe to Sophos alerts on the Sophos site at http://www.sophos.com/virusinfo/notifications/. Subscribing to receive alerts directly from Sophos will ensure you are apprised of the latest virus outbreaks and their available solutions.
Related Information