AsyncOS 15.5.1

📘

Relase Notes

Email Gateway (On-premises HW and Virtual) customers, please read and review the entire Release Notes for AsyncOS 15.5.1 for Cisco Secure Email Gateway. If you have an Email and Web Manger, Release Notes for AsyncOS 15.5.1 for Cisco Secure Email and Web Manager.

What's new in this release

Configuring Threat Scanner for Threat Detection

In the AsyncOS 15.0 release, the Threat Scanner feature was introduced to detect threats on incoming messages. In this release, you could not directly configure Threat Scanner to detect threats and it was configured in the back end. From this release onwards, you can configure Threat Scanner to detect incoming threats on your email gateway. You can enable or disable Threat Scanner for each incoming mail policy. When you enable Threat Scanner, it scans the incoming messages and influences the Anti-Spam verdict.

Including Additional Attributes for Improved Efficacy of SDR Service

Your email gateway now includes the Additional Attributes (Display name and the complete email address - Username, and Domain) by default as part of telemetry data sent to Cisco TAC for reputation analysis to enhance the efficacy of the Sender Domain Reputation (SDR) service. When the administrator logs into the email gateway, you will receive a warning message informing that the Include Additional Attributes option in SDR is enabled by default so that telemetry data includes the processing of personal data.

Configure Threat Defense Connector for individual incoming mail policies

You can now configure Threat Defense Connector for each incoming mail policy. To use this feature, you must have configured and enabled the Threat Defense Connector in your Secure Email Gateway.

Support of Large Key Size Values for DKIM Verification

You can use the following large key size values for DKIM verification in your email gateway:
• 3072 key bits size
• 4096 key bits size

TLS 1.3 Support for SSL Services

You can now configure TLS 1.3 for the following TLS services in your email gateway:
• GUI HTTPS
• Inbound SMTP
• Outbound SMTP

Obtaining File Hash Lists, RAT, SMTP Routes, Save and Load Configuration, Address List, and Incoming Mail Policy Users Information using AsyncOS APIs

You can now obtain information about File Hash Lists, Recipient Access Table (RAT) entries, SMTP Routes, Save and Load Configuration, Address List, and Incoming Mail Policy Users information in your email gateway using AsyncOS APIs

Enforcing TLS for Outgoing Messages at Sender or Recipient Level

The existing Destination Controls configuration allows you to override the TLS modes (such as TLS Mandatory, TLS Preferred, and so on) on a per-domain basis. If you need to enforce TLS for outgoing messages based on additional
conditions such as – senders, recipients, and so on, you can now use the X-ESA-CF-TLS-Mandatory header.

Scanning Password-Protected Attachments in Messages

You can configure the Content Scanner in your email gateway to scan the contents of password-protected attachments in incoming or outgoing messages. The ability to scan password-protected message attachments in
the email gateway helps an organization to:

• Detect phishing campaigns that use malware as attachments in messages with password-protection to target limited cyber-attacks.
• Analyze messages that contain password-protected attachments for malicious activity and data privacy.

The following languages are supported for this feature - English, Italian, Portuguese, Spanish, German, French, Japanese, and Korean.

Behavior Changes

Application SSH Client Algorithm Support

The following application SSH client algorithms are supported when you add an email gateway to a cluster.
[Non-FIPS Mode]
The following cipher algorithm, MAC method, and KEX algorithm are added to your Secure Email and Web Manager by default in addition to the existing algorithms:
• Cipher algorithms - aes128- ct r
• MAC methods - hmac- sha2- 256
• KEX algorithms - diffie-hellman- group14- sha256
[FIPS Mode]
The following cipher algorithm and MAC method are added to your Secure Email and Web Manager by default in addition to the existing algorithms:
• Cipher algorithms - aes128- ctr
• MAC methods - hmac- sha2- 256

Archive or Compressed File Processing by Advanced Malware Protection Engine

From this release onwards, Secure Email Gateway sends the entire archive file to Cisco Secure Malware Analytics if one or more constituent files qualify for File Analysis. The entire archive file is marked malware if any constituent files are found malicious. If the Secure Email Gateway fails to extract a compressed or archive file, it will be uploaded to Secure Malware Analytics for analysis.