Cisco Email Security Appliance – Part 1


This two-day training course provides a thorough foundation for how to successfully install, configure, and administer the Cisco IronPort email security appliances. At the end of the course, attendees will possess a working knowledge of how to use CiscoIronPort email security appliances to successfully manage and troubleshoot email traffic entering and leaving the enterprise network.

  • Enterprise messaging managers and system administrators
  • Email system designers and architects
  • Network managers responsible for messaging implementation

Attendees receive in-depth instruction on the most commonly used product features, with an emphasis on:

  • How to administrate with “best practices” for configuration and operation. How to manage, monitor, and troubleshoot the flow of email through Cisco IronPort email security appliances.
  • How to configure access control policies to eliminate threats at the perimeter, based on the identity and trustworthiness of the sender.
  • How to create and apply Data Loss Prevention (DLP) polices to outgoing email.
  • How to configure Cisco IronPort email security appliances to detect and handle unwanted spam and viruses.
  • How to use Message Tracking and Reporting to document email traffic trends, both on the C-Series and M-Series.
  • How to manage the spam quarantine, both on the C-Series and M-Series.
  • How to use Cisco IronPort’s reputation-based services, SensorBase and Virus Outbreak Filters, to increase the security of your email network.
  • How to set delivery parameters for outgoing mail.
  • Extensive lab exercises provide attendees with a simulated enterprise email environment. An emphasis on protection against external security threats and screening sensitive internal data.


Module 1 – Introduction & System Overview

  • List Cisco IronPort Email Security Appliances Describe the ESA Hardware Options Describe the Email Pipeline Filters
  • List the ESA Feature Key Options
  • Describe the Operation of a Listener

Module 2 – Tracking and Reporting Messages

  • Perform a system installation of an M-Series Integrate the M-Series into the existing C-Series lab.
  • Use local and Centralized Message Tracking
  • Use Local and Centralized Reporting

Module 3 – Controlling Sender & Recipient Domains

  • Configure public and private listeners
  • Configure SMTP Routes
  • Use SensorBase Reputation Scores (SBRS) to manage mail
  • Use Mail Debugging Tools

Module 4 – Controlling Spam with SensorBase & Anti-Spam

  • Adjust SBRS
  • Configure Anti-Spam Settings
  • Configure the Cisco IronPort Spam Quarantine
  • Use the Security Management Appliance for Off Box Quarantining

Module 5 – Using Anti-Virus & Virus Outbreak Filters

  • Enable one or both Anti-Virus Engines
  • Use one or both AV Engines in Mail Policies
  • Use Virus Outbreak Filters to preemptively drop traffic and provide zero-hour protection
  • Identify best practices for managing Cisco IronPort Anti-Virus


Module 6 – Using Mail Policies to Direct Business Email

  • Use Email Security Manager
  • Create a User-Based Mail Policies
  • Use Message Tracking to monitor message splintering

Module 7 – Using System Quarantines and Delivery Methods

  • Describe, create and manage quarantines
  • Perform searches quarantine contents
  • Assign Bounce Profiles
  • Create Virtual Gateways

Module 8 – Using Content Filters for Specific Business Needs

  • Describe content scanning
  • Detect password-protected / non-protected attachments
  • Create weighted content matching
  • Implement Matched Content Visibility
  • Execute best practices when staging new filters

Module 9 – Preventing Data Loss

  • Identify conditions of liability through data loss
  • Select a Cisco IronPort DLP solution
  • Implement the solution in an Outgoing Mail Policy
  • Track DLP Policy usage

Module 10 – Encrypting Outbound Email

Provision with the Cisco Registered Envelope Service Associate a content filtering rule with an “Encrypt” action Register a CRES Envelope Recipient

Module 11 – Troubleshooting

  • Identify Issues
  • Diagnose and Isolate Problems
  • Troubleshooting tools and best practices
  • Log file contents and log administration

Module 12 – System Administration

  • Safely upgrade software on your Cisco IronPort
  • Manage users and control alerting behavior
  • Manage configurations and prepare for disaster recovery
  • Access Customer Support

It is assumed that attendees possess the following background knowledge and skills:

  • Registration on the Cisco Ironport Support Portal
  • A moderate knowledge of TCP/IP fundamentals
  • Experience with Internet-based messaging, including SMTP, Internet message formats, and MIME message format
  • Familiarity with command line interface (CLI) and graphical user interface (GUI) is recommended

Students get a Blue Coat key at the end of the course which allows them to take an official Blue Coat exam. Students will become Blue Coat Certified ProxySG Administrators upon completing the course and passing the Prometric online exam.

Duration: 2 Days

Campus Contern
Bâtiment Colibri
19 Rue Edmond Reuter
L - 5326 Contern
Phone : +352 267 469 200