Securing Email with Cisco Email Security Appliance

3 days


This course is designed to help learners understand how to install, configure, and manage the Cisco Email Security Appliance in a small to medium-sized business and enterprise installation. Knowledge application and basic troubleshooting skills are reinforced with the use of hands-on-labs.

This course is for Cisco Channel Partners only, end users and partners not looking for Channel Partner accreditation should attend the SESA course


This course is for Channel Partners seeking to acquire knowledge about how to maintain, optimize, and troubleshoot a Cisco Email Security Appliance as well as those Partner's preparing for the Cisco Email Security Field Engineer (#700-280 ESFE) exam

Skills Gained

After you complete this course you should be able to:

  • Install and Administer the Cisco Email Security Appliance
  • Define domain-based Message Authentication
  • Describe the function of web reputation-based filters
  • Understand and configure outbreak filters
  • Control Sender and Recipient Domains
  • Control Spam with Cisco SensorBase and antispam
  • Understand and configure Cisco SourceFire Advanced Malware Protection integration using file reputation and analysis services
  • Explain how Advanced Malware Protection results may be applied to content filtering
  • Using Mail Policies
  • Using Content Filters
  • Describe URL filtering
  • Configure message filtering to detect high-volume mail attacks
  • Prevent Data Loss
  • Use LDAP
  • Use Authentication and Encryption
  • Use Message Filters
  • Use System Quaratines and Delivery Methods
  • Create a Clustered Environment
  • Troubleshoot the Cisco Email Security Appliance


Attendees should meet the following prerequisites:

  • TCP/IP Fundamentals
  • Experience with Internet-based messaging, including Simple Mail Transfer Protocol(SMTP), Internet message formats, and Multipurpose Internet Mail Extensions (MIME) ICND2 Recommended

Course Outline

Reviewing the Cisco ESA

  • Reviewing the Cisco Security Management Appliance
  • Defining an SMTP Conversation
  • Identifying Terms and Definitions
  • Examining the Pipeline
  • Describing Cisco Email Security Appliance Models and Licensing
  • Installing and Verifying the Cisco Email Security Applicance

Administering the Cisco Email Security Appliance

  • Configuring Localized Message Tracking and Reporting
  • Configuring Centralized Tracking and Reporting
  • Tracking and Reporting Messages
  • Administering the Cisco Email Security Appliance
  • Managing Log Files
  • Creating and Using Administrator Accounts

Controlling Sender and Recipient Domains

  • Configure Public and Private Listeners
  • Describing the Host Access Table (HAT)
  • Describing the Recipient Access Table (RAT)
  • Describing Email Authentication Methods
  • Defining Domain-Based Message Authentication
  • Troubleshooting with Mail Logs

Controlling Spam with Cisco SensorBase and Antispam

  • Describing SensorBase
  • Configure Antispam
  • Quarantining Spam on the Cisco Email Security Appliance
  • Describing Safelist and Blocklist
  • Quarantining Spam on the Cisco Security Management Appliance
  • Configuring Bounce Verification
  • Describing Web Reputation Filters
  • Defining Outbreak Filters

Using Antivirus, Virus Outbreak Filters, and Advanced Malware Protection

  • Enabling Antivirus Engines
  • Using Outbreak Filters
  • Using Advanced Malware Protection

Using Mail Policies

  • Describing Email Security Manager
  • Creating User-Based Mail Policies
  • Using Message Splintering

Using Content Filters

  • Describing Content Filtering
  • Configuring Basic Content Filtering
  • Applying Content Filter Applications
  • Describing and Configuring Message Filtering

Preventing Data Loss

  • Identifying the Data Loss Problem
  • Choosing a Cisco DLP Solution
  • Implementing DLP Configuration
  • Describing the RSA Engine

Using LDAP

  • Describing LDAP Features
  • Describing Query Tokens and Operators
  • Configuring LDAP Profiles
  • Configuring SMTP Call-Ahead
  • Reviewing Case Studies
  • Using LDAP Group Queries

Using Authentication and Encryption

  • Configuring Cisco Registered Envelope Service
  • Describing TLS
  • Authenticating Email with SPF

Using Message Filters

  • Identifying Mesage Filters
  • Describing Regular Expressions Basics
  • Applying Message Filters

Using System Quarantines and Delivery Methods

  • Describing Quarantines
  • Describing Policy, Virus and Outbreak Quarantines
  • Setting Delivery Limits
  • Creating Virtual Gateways
  • Configuring Bounce Profiles


  • Creating a Clustered Environment
  • Joining an Existing Cluster
  • Managing a Clustered Environment
  • Administering a Cluster from the GUI


  • Identifying Appliance-Related Problems
  • Monitoring the System
  • Diagnosing Problems
  • Locating Common Problems and Solutions


  • Hardware Challenge Lab 1: Access the Cisco Remote Lab
  • Hardware Challenge Lab 2: Install Your Cisco Email Security Appliance
  • Hardware Challenge Lab 3: Perform Administration
  • Hardware Challenge Lab 4: Test Your Listener Settings
  • Hardware Challenge Lab 5: Prevent Domain Spoofing with DMARC
  • Hardware Challenge Lab 6: Defend Against Spam with SensorBase and Antispam
  • Hardware Challenge Lab 7: Defend Against Viruses
  • Hardware Challenge Lab 8: Prevent Advanced Persistent Threats with Advanced Malware Protection
  • Hardware Challenge Lab 9: Customize Mail Policies for Your End Users
  • Hardware Challenge Lab 10: Enforce Your Business Policies in Email Delivery
  • Hardware Challenge Lab 11: Manage High-Volume Mail Flow
  • Hardware Challenge Lab 12: Configure DLP
  • Hardware Challenge Lab 13: Configure LDAP Accept
  • Hardware Challenge Lab 14: Configure SMTP Call-Ahead
  • Hardware Challenge Lab 15: Accommodate Multiple Domains Using LDAP Accept Bypass and Domain Assignments
  • Hardware Challenge Lab 16: Control Mail Policies with LDAP Group Queries
  • Hardware Challenge Lab 17: Configure Envelope Encryption
  • Hardware Challenge Lab 18: Encrypt Email with TLS
  • Hardware Challenge Lab 19: Verify SIDF and SPF
  • Hardware Challenge Lab 20: Redirect Mail with Message Filters
  • Hardware Challenge Lab 21: Configure Virtual Gateways
  • Hardware Challenge Lab 22: Configure Clusters
  • Hardware Challenge Lab 23: Troubleshoot


Delegates looking to acheive the Channel Partner Accreditation should attend the PASESA course

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

Upcoming Dates

  • GREEN This class is Guaranteed To Run.
  • SPVC - Self-Paced Virtual Class.
  • Click a Date to Enroll.
Course Location Days Cost Date
Wokingham2 1000 £1000 2019-06-10
Onsite3 1500 £1500 2019-06-19
Onsite5 2500 £2500 2019-06-19
Wokingham3 1500 £1500 2019-10-14