Export and Import ESA HAT to Add Multiple Entries

Available Languages

Download Options

  • PDF     (548.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (625.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (540.8 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 4, 2023
Document ID:220376

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to export the Host Access Table (HAT) from your ESA, manipulate the entries, and then import it back to your ESA.

    Prerequisites

    Cisco Email Security Appliance (ESA) product knowledge, along with the basics of the Sender Group that are listed within the HAT and a user role that allows the action to export and import a HAT configuration.

    Requirements

    • A sender group in which the intention is to add multiple entries.
    • A list of senders or IP addresses that be added to a specific sender group.
    • On-prem and vESAs need to have FTP enabled.
    • A local FTP client installed.

    Why to Export/Import a HAT Configuration

    Sometimes you have a big list of senders or IPs for a specific purpose. It can be to use them as relay, senders, or IPs that you trust; or a list of malicious IPs from a vendor that you want to add in a blocklist. And to add them all manually could seem to be a complicated and time intensive task.

    On-prem, Virtual ESA and CES Appliances Considerations

    It is important to mention and emphasize the actions listed apply to all three types of devices. However, in the case of CES devices, once the HAT has been exported, you are advised to open a case with TAC so an engineer can download the exported HAT file and share it with you, so you can add the desired entries and then import it to your cloud device.

    Current Sender Group Entries

    In this case, the modify Sender Group is the BLOCKED_LIST, to which you can add multiple entries to this sender group. These are the current entries of this sender group.

    BLOCKED_LIST Sender Group

    Configuration

    Export Host Access Table (HAT)

    1. From the ESA GUI, navigate to Mail Policies > HAT Overview.
    2. Click Export HAT at the bottom of the HAT box.
      HAT Overview
    3. A new window opens and you type a name to identify the exported file. In this example, put MyNewExportedHAT, for the exported file. After you type the name, click Submit.
    4. The HAT overview redisplays, and a message appears at the top of the window with this text Success - HAT was exported.
    5. To check your exported file, go to System Administration > Configuration File and in the Load Configuration section, you see the file name from step 1.
      Configuration File

    Preview the Exported File and Edit the Entries

    1. To modify the file, click Preview Selected File. After that, a new window is opened. All the information displayed in that format is what is contained in your HAT.
    2. To modify a specific sender group (BLOCKED_LIST), you can select all the text from the Preview of Configuration File window as it is and export it to a text editor to manipulate it.
    3. Confirm the BLOCKED_LIST section appears like this:
      BLOCKED_LIST: cisco.com example.com .taclab.com sbrs[-10.0:-3.0] $BLOCKED (Spammers are rejected)
    4. To add entries, you can add them after the last entry. In this example, it is.example.com, as shown here:
      BLOCKED_LIST:
      cisco.com example.com .taclab.com
      1.2.3.4 (Add IP via export method)
      5.6.7.8 (Add IP via export method)
      9.10.11.12 (Add IP via export method)
      13.14.15.16 (Add IP via export method)
      17.18.19.20 (Add IP via export method)
      21.22.23.24 (Add IP via export method)
      25.26.27.28 (Add IP via export method)
      29.30.31.32 (Add IP via export method)
      33.34.35.36 (Add IP via export method)
      37.38.39.40 (Add IP via export method)
      41.42.43.44 (Add IP via export method)
      45.46.47.48 (Add IP via export method)
      49.50.51.52 (Add IP via export method)
      53.54.55.0/24 (Add subnet via export method)
      anotherexample.com (Add host via export method)
      ciscodummy.com (Add host via export method)
      taclab2.com(Add host via export method)
      sbrs[-10.0:-3.0]
      $BLOCKED (Spammers are rejected)

    5. You have the option to add a comment between parenthesis.
    note-icon

    Note: To copy the exported HAT file to your local machine, you can also do it with an FTP client. If you check it from the Preview file part, it can be it easier for you to manipulate it.

    Upload Modified File to Your ESA

    In this example, use an FTP client to upload the new HAT file to your ESA. This example uses Filezilla as the FTP client to connect to the ESA.

    1. Once connected to the ESA by FTP, search for the location /configuration within the appliance.
    2. When in that folder, several files are displayed, which includes the HAT file you exported earlier.
    3. With the new modified file on your local computer, copy it to your device. In this example, the name of the new file is MyNewHAT and it was upload to the device. Select the file and click Upload.

      Filezilla Interface

    4. Once the new file is upload to the device, you can proceed to import it to the HAT overview section in your ESA appliance.

    Import a New Host Access Table (HAT)

    1. From the ESA GUI, navigate to Mail Policies > HAT Overview.
    2. From there, click Import HAT and select the name that contains the new entries and click Submit.
      Import HAT
    3. A prompt window shows Importing will replace all existing HAT entries. Click Import to confirm the upload.
    4. At the top, you see a message that indicates the number of entries imported.
    5. To view the new changes, access the sender group, which in this example is: BLOCKED_LIST.
      Sender List New Entries
    6. As you can see, new entries have been added.

    Revision History

    Revision Publish Date Comments
    1.0
    10-Apr-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Diego Hernandez Landers
      Cisco Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products