IronPort - daily management guide - AsyncOS 7.6.1
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Managing System Quarantines via the Graphical User Interface (GUI)<br />
System Quarantine Performance<br />
Users and User Groups<br />
4-6<br />
Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> 7.6 for Email Daily Management Guide<br />
Chapter 4 Quarantines<br />
Messages stored in system quarantines use system memory in addition to hard drive space. Storing<br />
hundreds of thousands of messages in system quarantines on a single appliance may cause a decrease in<br />
the appliance’s performance due to excessive memory usage. The appliance takes more time to<br />
quarantine, delete, and release messages, which causes message processing to slow down and the email<br />
pipeline to back up.<br />
Cisco recommends storing an average of less than 20,000 messages in your system quarantines to ensure<br />
that Email Security appliance processes email at a normal rate.<br />
Users belonging to the Administrators group have access to quarantines by default. Users in the<br />
Operators, Guests, Read-Only Operators, and Help Desk Users groups, as well as custom user roles with<br />
quarantines access privileges, can be assigned to a quarantine (so that they may view, process, or search<br />
messages within a quarantine), but cannot change the quarantine's configuration (e.g. the size, retention<br />
period, etc.), or create or delete quarantines. Users in the Technicians group cannot access quarantines.<br />
Creating System Quarantines<br />
You can create new system quarantines to hold messages. The basic workflow for setting up a quarantine<br />
is:<br />
1. Create users who will interact with the quarantine.<br />
a. Local Users. A quarantine's user list contains local users in all user groups, except<br />
Administrators. Users in the Administrators group always have full access to the quarantine. For<br />
more information, see Working with User Accounts, page 8-12.<br />
b. External Users. You can also enable your Cisco <strong>IronPort</strong> appliance to use an external directory<br />
to authenticate users and select which user groups have access to the quarantine. For more<br />
information, see External Authentication, page 8-23.<br />
c. Delegated Administrators. You can create a custom user role with quarantine access privileges<br />
and assign local users to the group to act as delegated administrators for the quarantine. For<br />
more information, see Managing Custom User Roles for Delegated Administration, page 8-26.<br />
2. Create the quarantine, following the steps below.<br />
3. Create filters that will move messages to the quarantine. For more information about creating filters,<br />
see the “Email Security Manager” chapter in the Cisco <strong>IronPort</strong> <strong>AsyncOS</strong> for Email Configuration<br />
Guide and refer to “Using Message Filters to Enforce Email Policies” in the Cisco <strong>IronPort</strong> <strong>AsyncOS</strong><br />
for Email Advanced Configuration Guide.<br />
To create a system quarantine:<br />
Step 1 Click Add Quarantine on the Quarantines page. The Add Quarantine page is displayed.<br />
Step 2 Type a name for the quarantine.<br />
Step 3 Specify the space (in megabytes) to allocate for the quarantine. For more information, see Allocating<br />
Space for System Quarantines, page 4-4.<br />
Step 4 Select a Retention Period, or time to keep a message in the quarantine before the default action in<br />
performed on the message. For more information, see Retention Time, page 4-4.<br />
Step 5 Select a Default Action (Delete or Release).<br />
OL-25138-01