Got a question? Call +632 8244 2098   |   

Securing Email with Cisco Email Security Appliance (SESA)

  • Length 4 days
  • Version 3.1
Course overview
View dates &
book now
  • Register interest

Why study this course

The course shows you how to deploy and use Cisco® Email Security Appliance to establish protection for your email systems against phishing, business email compromise, and ransomware, and to help streamline email security policy management.

This hands-on course provides you with the knowledge and skills to implement, troubleshoot, and administer Cisco Email Security Appliance, including key capabilities such as advanced malware protection, spam blocking, anti-virus protection, outbreak filtering, encryption, quarantines, and data loss prevention.

This course helps you prepare to take the exam, Securing Email with Cisco Email Security Appliance (300-720 SESA), which leads to CCNP Security and the Certified Specialist – Email Content Security certifications.

Digital courseware: Cisco now provides students with electronic courseware for this course. Students who have a confirmed booking will be sent an email prior to the course start date, with a link to create an account via before they attend their first day of class. Please note that any electronic courseware or labs will not be available (visible) until the first day of the class.

Aligns to certification

Request Course Information

By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.

What you’ll learn

After taking this course, you should be able to:

  • Describe and administer the Cisco Email Security Appliance (ESA)

  • Control sender and recipient domains

  • Control spam with Talos SenderBase and anti-spam

  • Use anti-virus and outbreak filters

  • Use mail policies

  • Use content filters

  • Use message filters to enforce email policies

  • Prevent data loss

  • Perform LDAP queries

  • Authenticate Simple Mail Transfer Protocol (SMTP) sessions

  • Authenticate email

  • Encrypt email

  • Use system quarantines and delivery methods

  • Perform centralised management using clusters

  • Test and troubleshoot

Cisco at DDLS

DDLS is a Platinum Learning Partner and we are the largest provider of authorised Cisco training in Australia, offering a wider range of Cisco courses, run more often than any of our competitors. DDLS has won awards such as ANZ Learning Partner of the Year (twice!) and APJC Top Quality Learning Partner of the Year.

Stay ahead of the technology curve

Don’t let your tech outpace the skills of your people

Quality instructors and content

Expert instructors with real world experience and the latest vendor- approved in-depth course content.

Partner-Preferred Supplier

Chosen and awarded by the world’s leading vendors as preferred training partner.

Ahead of the technology curve

No matter your chosen technologies or platforms, we can help you stay one step ahead.

Who is the course for?

  • Security engineers

  • Security administrators

  • Security architects

  • Operations engineers

  • Network engineers

  • Network administrators

  • Network or security technicians

  • Network managers

  • System designers

  • Cisco integrators and partners

We can also deliver and customise this training course for larger groups – saving your organisation time, money and resources. For more information, please contact us via email on


Course subjects

Describing the Cisco Email Security Appliance

  • Cisco Email Security Appliance Overview

  • Technology Use Case

  • Cisco Email Security Appliance Data Sheet

  • SMTP Overview

  • Email Pipeline Overview

  • Installation Scenarios

  • Initial Cisco Email Security Appliance Configuration

  • Centralising Services on a Cisco Content Security Management Appliance (SMA)

  • Release Notes for AsyncOS 11.x

Administering the Cisco Email Security Appliance

  • Distributing Administrative Tasks

  • System Administration

  • Managing and Monitoring Using the Command Line Interface (CLI)

  • Other Tasks in the GUI

  • Advanced Network Configuration

  • Using Email Security Monitor

  • Tracking Messages

  • Logging

Controlling Sender and Recipient Domains

  • Public and Private Listeners

  • Configuring the Gateway to Receive Email

  • Host Access Table Overview

  • Recipient Access Table Overview

  • Configuring Routing and Delivery Features

Controlling Spam with Talos SenderBase and Anti-Spam

  • SenderBase Overview

  • Anti-Spam

  • Managing Graymail

  • Protecting Against Malicious or Undesirable URLs

  • File Reputation Filtering and File Analysis

  • Bounce Verification

Using Anti-Virus and Outbreak Filters

  • Anti-Virus Scanning Overview

  • Sophos Anti-Virus Filtering

  • McAfee Anti-Virus Filtering

  • Configuring the Appliance to Scan for Viruses

  • Outbreak Filters

  • How the Outbreak Filters Feature Works

  • Managing Outbreak Filters

Using Mail Policies

  • Email Security Manager Overview

  • Mail Policies Overview

  • Handling Incoming and Outgoing Messages Differently

  • Matching Users to a Mail Policy

  • Message Splintering

  • Configuring Mail Policies

Using Content Filters

  • Content Filters Overview

  • Content Filter Conditions

  • Content Filter Actions

  • Filter Messages Based on Content

  • Text Resources Overview

  • Using and Testing the Content Dictionaries Filter Rules

  • Understanding Text Resources

  • Text Resource Management

  • Using Text Resources

Using Message Filters to Enforce Email Policies

  • Message Filters Overview

  • Components of a Message Filter

  • Message Filter Processing

  • Message Filter Rules

  • Message Filter Actions

  • Attachment Scanning

  • Examples of Attachment Scanning Message Filters

  • Using the CLI to Manage Message Filters

  • Message Filter Examples

  • Configuring Scan Behavior

Preventing Data Loss

  • Overview of the Data Loss Prevention (DLP) Scanning Process

  • Setting Up Data Loss Prevention

  • Policies for Data Loss Prevention

  • Message Actions

  • Updating the DLP Engine and Content Matching Classifiers

Using LDAP

  • Overview of LDAP

  • Working with LDAP

  • Using LDAP Queries

  • Authenticating End-Users of the Spam Quarantine

  • Configuring External LDAP Authentication for Users

  • Testing Servers and Queries

  • Using LDAP for Directory Harvest Attack Prevention

  • Spam Quarantine Alias Consolidation Queries

  • Validating Recipients Using an SMTP Server

SMTP Session Authentication

  • Configuring AsyncOS for SMTP Authentication

  • Authenticating SMTP Sessions Using Client Certificates

  • Checking the Validity of a Client Certificate

  • Authenticating User Using LDAP Directory

  • Authenticating SMTP Connection Over Transport Layer Security (TLS) Using a Client Certificate

  • Establishing a TLS Connection from the Appliance

  • Updating a List of Revoked Certificates

Email Authentication

  • Email Authentication Overview

  • Configuring DomainKeys and DomainKeys Identified Mail (DKIM) Signing

  • Verifying Incoming Messages Using DKIM

  • Overview of Sender Policy Framework (SPF) and SIDF Verification

  • Domain-based Message Authentication Reporting and Conformance (DMARC) Verification

  • Forged Email Detection

Email Encryption

  • Overview of Cisco Email Encryption

  • Encrypting Messages

  • Determining Which Messages to Encrypt

  • Inserting Encryption Headers into Messages

  • Encrypting Communication with Other Message Transfer Agents (MTAs)

  • Working with Certificates

  • Managing Lists of Certificate Authorities

  • Enabling TLS on a Listener’s Host Access Table (HAT)

  • Enabling TLS and Certificate Verification on Delivery

  • Secure/Multipurpose Internet Mail Extensions (S/MIME) Security Services

Using System Quarantines and Delivery Methods

  • Describing Quarantines

  • Spam Quarantine

  • Setting Up the Centralised Spam Quarantine

  • Using Safelists and Blocklists to Control Email Delivery Based on Sender

  • Configuring Spam Management Features for End Users

  • Managing Messages in the Spam Quarantine

  • Policy, Virus, and Outbreak Quarantines

  • Managing Policy, Virus, and Outbreak Quarantines

  • Working with Messages in Policy, Virus, or Outbreak Quarantines

  • Delivery Methods

Centralised Management Using Clusters

  • Overview of Centralised Management Using Clusters

  • Cluster Organisation

  • Creating and Joining a Cluster

  • Managing Clusters

  • Cluster Communication

  • Loading a Configuration in Clustered Appliances

  • Best Practices

Testing and Troubleshooting

  • Debugging Mail Flow Using Test Messages: Trace

  • Using the Listener to Test the Appliance

  • Troubleshooting the Network

  • Troubleshooting the Listener

  • Troubleshooting Email Delivery

  • Troubleshooting Performance

  • Web Interface Appearance and Rendering Issues

  • Responding to Alerts

  • Troubleshooting Hardware Issues

  • Working with Technical Support


  • Model Specifications for Large Enterprises

  • Model Specifications for Midsize Enterprises and Small-to-Midsize Enterprises or Branch Offices

  • Cisco Email Security Appliance Model Specifications for Virtual Appliances

  • Packages and Licenses

Lab outline

  • Verify and Test Cisco ESA Configuration

  • Perform Basic Administration

  • Advanced Malware in Attachments (Macro Detection)

  • Protect Against Malicious or Undesirable URLs Beneath Shortened URLs

  • Protect Against Malicious or Undesirable URLs Inside Attachments

  • Intelligently Handle Unscannable Messages

  • Leverage AMP Cloud Intelligence Via Pre-Classification Enhancement

  • Integrate Cisco ESA with AMP Console

  • Prevent Threats with Anti-Virus Protection

  • Applying Content and Outbreak Filters

  • Configure Attachment Scanning

  • Configure Outbound Data Loss Prevention

  • Integrate Cisco ESA with LDAP and Enable the LDAP Accept Query

  • Domain Keys Identified Mail (DKIM)

  • Sender Policy Framework (SPF)

  • Forged Email Detection

  • Configure the Cisco SMA for Tracking and Reporting


Knowledge and skills you must have before attending this course:

  • TCP/IP services, including Domain Name System (DNS), Secure Shell (SSH), FTP, Simple Network Management Protocol (SNMP), HTTP, and HTTPS

  • Experience with IP routing

To fully benefit, you should also have one or more of these basic technical competencies:

  • Cisco certification (CCENT certification or higher)

  • Relevant industry certification such as (ISC)², CompTIA Security+, EC-Council, Global Information Assurance Certification (GIAC), or ISACA

  • Cisco Networking Academy letter of completion (CCNA® 1 and CCNA 2)

  • Windows expertise: Microsoft [Microsoft Specialist, Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Systems Engineer (MCSE)], CompTIA (A+, Network+, Server+)

Terms & Conditions

The supply of this course by DDLS is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.