Ironport C300 notes

From Brandonhutchinson.com

Jump to: navigation, search

Contents

Backing up the Ironport configuration

ironport> saveconfig

Do you want to include passwords? Please be aware that a configuration without
passwords will fail when reloaded with loadconfig. [N]> Y

The file C300-00137256E778-49P4W91-20071010T120747.xml has been saved in the
configuration directory on machine "ironport.example.com".

$ scp admin@ironport:/configuration/C300-00137256E778-49P4W91-20071010T120747.xml .

Disabling Ironport alerts

One of the 5 disks in our Ironport email appliance began experiencing S.M.A.R.T. failures (i.e., values monitored by S.M.A.R.T. exceeded a threshold), causing us to receive email alerts every 5 minutes. We were configured to receive messages for "all" severities for the "hardware" alert class.

Until we receive and swap out the failing disk, we want to prevent these warning emails. In this procedure, I modify alerting so that we only receive alerts of "critical" severity for the hardware alert class.

ironport> alertconfig
Sending alerts to:
  user@example.com
      Class: All - Severities: All

Initial number of seconds to wait before sending a duplicate alert: 3600
Maximum number of seconds to wait before sending a duplicate alert: 3600

Alerts will be sent using the system-default From Address.

IronPort AutoSupport: Enabled
You will receive a copy of the weekly AutoSupport reports.

Choose the operation you want to perform:
- NEW - Add a new email address to send alerts.
- EDIT - Modify alert subscription for an email address.
- DELETE - Remove an email address.
- CLEAR - Remove all email addresses (disable alerts).
- SETUP - Configure alert settings.
- FROM - Configure the From Address of alert emails.
[]> EDIT

Please select the email address to edit.
1. user@example.com (all)
[]> 1

Choose the Alert Class to modify for "user@example.com".
Press Enter to return to alertconfig.
1. All - Severities: All
2. System - Severities: All
3. Hardware - Severities: All
4. Virus Outbreak Filters - Severities: All
5. Anti-Virus - Severities: All
6. Anti-Spam - Severities: All
7. Directory Harvest Attack Prevention - Severities: All
[]> 3

Choose the severities for Hardware.  Separate multiple choices with commas.
1. All
2. Critical
3. Warning
4. Information
5. None
[5]> 2

Choose the Alert Class to modify for "user@example.com".
Press Enter to return to alertconfig.
1. All - Severities: None
2. System - Severities: All
3. Hardware - Severities: Critical
4. Virus Outbreak Filters - Severities: All
5. Anti-Virus - Severities: All
6. Anti-Spam - Severities: All
7. Directory Harvest Attack Prevention - Severities: All
[]> <ENTER> 

ironport> commit

Replacing an Ironport C300

  • Back up the Ironport configuration.
  • Replace the Ironport.
  • Connect a laptop NIC to the Ironport C300's Management port using a crossover cable.
  • Configure the laptop's NIC to be on the 192.168.42.0/24 subnet (e.g., ifconfig eth0 192.168.42.43 netmask 255.255.255.0).
  • Copy the backed up configuration to the new Ironport.
$ scp ironport_config.xml admin@192.168.42.42:/configuration
admin@192.168.42.42's password: ironport
  • Login to the new Ironport and load the configuration.
$ ssh admin@192.168.42.42
admin@192.168.42.42's password: ironport
Last login: Tue Nov 13 04:15:32 2007 from 192.168.42.43
Copyright (c) 2001-2006, IronPort Systems, Inc.


AsyncOS 4.7 for IronPort C300

Welcome to the IronPort C300 Messaging Gateway(tm) Appliance
Please run "systemsetup" or "sethostname" then "commit" before sending mail.
ironport.example.com> loadconfig

1. Paste via CLI
2. Load from file
How would you like to load a configuration file?
[1]> 2

Enter the name of the file on machine "ironport.example.com" to import:
[]> ironport_config.xml

Values have been loaded. Be sure to run "commit" to make these settings active.
Please run "systemsetup" or "sethostname" then "commit" before sending mail.
ironport.example.com> commit

Please enter some comments describing your changes:
[]> Loading previous configuration file

"ERROR: Element 'brightmail_usedfa' not allowed here"

When replacing the Ironport C300, our old configuration wouldn't load.

ERROR: Element 'brightmail_usedfa' not allowed here
  at Unknown:927:26
  Text: 0</brightm
Parsing failed.  Aborting.

To fix, I removed the following line from our old configuration:

<brightmail_usedfa>0</brightmail_usedfa>
Personal tools