Cisco IronPort AsyncOS 7.7 For Security Management User Guide
Cisco IronPort AsyncOS 7.7 forSecurity Management User GuideJuly 12, 2011Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 527-0883Text Part Number: OL-23827-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUTNOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUTARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FORTHEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATIONPACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TOLOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) aspart of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS AREPROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSEDOR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTALDAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE ORINABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES.Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarkscan be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the wordpartner does not imply a partnership relationship between Cisco and any other company. (1005R)Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Anyexamples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.Cisco IronPort AsyncOS 7.7 for Security Management User Guide 2008-2011 Cisco Systems, Inc. All rights reserved.
CONTENTSCHAPTER1Getting Started with the Security Management Appliance 1-1Security Management Appliance Overview 1-1Supported Services on the Security Management Appliance 1-3Email Security Management 1-3Web Security Management 1-4Additional Features 1-4What’s New in This Release 1-5How to Use This Guide 1-8Before You Begin 1-8Email Security Appliances 1-9Web Security Appliances 1-9Security Management Appliances 1-10Document Conventions 1-10Where to Find More Information 1-11Documentation Set 1-11Cisco IronPort Technical Training 1-12Knowledge Base 1-13Cisco Support Community 1-14Cisco IronPort Customer Support 1-14Third Party Contributors 1-14Cisco IronPort Welcomes Your Comments 1-15Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01iii
ContentsCHAPTER2Setup and Installation 2-1Installation Planning 2-2Mail Flow When Using the Security Management Appliance as an ExternalSpam Quarantine 2-3Centralized Management and the Security Management Appliance 2-4Physical Dimensions 2-4Preparing for Setup 2-5Understanding the System Setup Steps 2-6Determining Network and IP Address Assignments 2-6Gathering the Setup Information 2-7Accessing the Graphical User Interface 2-8Accessing the Web Interfaces of the Security ManagementAppliance 2-8Accessing the Security Management Appliance Command Line Interface 2-9Understanding the System Setup Wizard 2-9Browser Requirements 2-10Support Languages 2-11Running the System Setup Wizard 2-11Step 1: Review the End User License Agreement 2-12Step 2: Configure the System Settings 2-13Step 3: Configure the Network Settings 2-14Step 4: Review Your Configuration 2-16Proceeding to the Next Steps 2-17Security Management Appliance User Interface 2-17Tabs on the System Status Page 2-19Commit Changes Button 2-20Accessing Customer Support from the Security Management Appliance 2-20Technical Support 2-21Support Request 2-21Cisco IronPort AsyncOS 7.7 for Security Management User GuideivOL-23827-01
ContentsRemote Access 2-23Packet Capture 2-24Starting a Packet Capture 2-25Editing Packet Capture Settings 2-27Working with Feature Keys 2-30Feature Keys Page 2-30Feature Key Settings Page 2-31Expired Feature Keys 2-32SMA Compatibility Matrix 2-32CHAPTER3Appliance Configuration 3-1Appliance Configuration Overview 3-1Enabling Services on the Security Management Appliance 3-2Enabling and Disabling Centralized Email Reporting on a SecurityManagement Appliance 3-3Disabling Centralized Email Reporting 3-4Enabling and Disabling Centralized Web Reporting on a SecurityManagement Appliance 3-5Disabling Centralized Web Reporting 3-6Enabling and Disabling Centralized Email Tracking on a SecurityManagement Appliance 3-6Disabling Centralized Email Tracking 3-7Enabling and Disabling the Cisco IronPort Spam Quarantine on a SecurityManagement Appliance 3-8Disabling the Cisco IronPort Spam Quarantine 3-9Enabling and Disabling the Centralized Configuration Manager on a SecurityManagement Appliance 3-9Disabling the Cisco IronPort Centralized Configuration Manager 3-10Adding Managed Appliances 3-10Editing and Deleting Managed Appliances 3-14Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01v
ContentsEditing a Managed Appliance 3-14Deleting a Managed Appliance 3-15About Reports 3-16Reporting Options 3-16How the Security Appliance Gathers Data for Reports 3-16How Reporting Data is Stored 3-17Interactive Report Pages 3-17Choosing a Time Range for Interactive Reports 3-18Reporting Filters on the Security Management Appliance 3-19Printing and Exporting Report Data 3-20Exporting Report Data 3-21CHAPTER4Using Centralized Email Reporting 4-1Reporting Overview 4-1Getting Started with Email Reporting 4-2Configuring Centralized Email Reporting 4-2Creating Email Reporting Groups 4-4Adding Email Reporting Groups 4-5Editing and Deleting Email Reporting Groups 4-6Using the Email Reporting Tab 4-6Viewing Interactive Reports 4-9Searching and the Interactive Report Pages 4-10Reporting Filters for Report Pages 4-11Printing and Exporting Reports from Report Pages 4-11More Information about Reports and Report Pages 4-11Understanding the Email Reporting Pages 4-11Email Reporting Overview Page 4-12How Incoming Mail Messages are Counted 4-15How Email Messages Are Categorized by the Appliances 4-15Cisco IronPort AsyncOS 7.7 for Security Management User GuideviOL-23827-01
ContentsCategorizing Email Messages on Overview Page 4-16Incoming Mail Page 4-17Views Within the Incoming Mail Page 4-18Categorizing Email Messages on Incoming Mail Page 4-20Incoming Mail Details Table 4-24Sender Profile Pages 4-25Sender Groups Report Page 4-30Outgoing Destinations Page 4-31Outgoing Senders Page 4-33Internal Users Page 4-36Internal User Details Page 4-38Searching for a Specific Internal User 4-39DLP Incident Summary Page 4-40DLP Incidents Details Table 4-42DLP Policy Detail Page 4-43Content Filters Page 4-43Content Filter Details Page 4-45Virus Types Page 4-45TLS Connections Page 4-48Outbreak Filters Page 4-51System Capacity Page 4-55How to Interpret the Data You See on System Capacity Page 4-56System Capacity – Workqueue 4-56System Capacity – Incoming Mail 4-57System Capacity – Outgoing Mail 4-60System Capacity – System Load 4-62Note About Memory Page Swapping 4-63System Capacity – All 4-64Data Availability Page 4-64About Scheduled and On-Demand Reports 4-66Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01vii
ContentsAdditional Report Types 4-68Domain-Based Executive Summary Report 4-68Executive Summary Reports 4-73Generating Reports On Demand 4-73Scheduled Reports 4-75Adding Scheduled Reports 4-76Editing Scheduled Reports 4-77Discontinuing Scheduled Reports 4-78Archived Reports 4-78Accessing Archived Reports 4-79Deleting Archived Reports 4-80CHAPTER5Using Centralized Web Reporting 5-1Reporting Overview 5-1Getting Started with Web Reporting 5-3Configuring Centralized Web Reporting 5-3Using the Web Reporting Tab 5-5Interactive Report Pages for the Web Security Appliance 5-10Configuring Column Settings on Report Pages 5-10Printing Reports from Report Pages 5-11Reporting Filters for Report Pages 5-11Understanding the Web Reporting Pages 5-11Web Reporting Overview Page 5-12Users Page 5-16User Details Page 5-20Web Sites Page 5-24URL Categories Page 5-28Using The URL Categories Page in Conjunction with Other ReportingPages 5-32Cisco IronPort AsyncOS 7.7 for Security Management User GuideviiiOL-23827-01
ContentsCustom URL Categories 5-33Reporting Misclassified and Uncategorized URLs 5-35Application Visibility Page 5-36Understanding the Difference between Application versus ApplicationTypes 5-36Anti-Malware Page 5-41Malware Category Report Page 5-42Malware Threat Report Page 5-43Malware Category Descriptions 5-45Configuring Anti-Malware 5-46Client Malware Risk Page 5-50Client Detail Page 5-53Web Reputation Filters Page 5-57What are Web Reputation Filters? 5-57Configuring Web Reputation Scores 5-61Configuring Web Reputation Filter Settings for Access Policies 5-61L4 Traffic Monitor Data Page 5-63Configuring the L4 Traffic Monitor 5-65Reports by User Location Page 5-66Web Tracking Page 5-69Configuring Web Tracking 5-71Default Web Tracking Results 5-71Advanced Web Tracking Results 5-73System Capacity Page 5-74How to Interpret the Data You See on System Capacity Page 5-75System Capacity—System Load 5-76System Capacity—Network Load 5-78Data Availability Page 5-80Scheduling Reports 5-82Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01ix
ContentsManaging Scheduled Reports 5-83Adding Scheduled Reports 5-83Editing Scheduled Reports 5-85Deleting Scheduled Reports 5-85Additional Extended Reports 5-85Top URL Categories—Extended 5-85Top Application Types—Extended 5-87Archiving Reports 5-89‘Generate Report Now’ Option 5-89CHAPTER6Tracking Email Messages 6-1Tracking Service Overview 6-1About Setting Up Centralized Message Tracking 6-3Understanding Tracking Query Setup 6-3Running a Search Query 6-7Narrowing the Result Set 6-8Understanding Tracking Query Results 6-9Message Details 6-10CHAPTER7Managing the Cisco IronPort Spam Quarantine 7-1Understanding the Cisco IronPort Spam Quarantine 7-1Configuring Cisco IronPort Spam Quarantine Settings 7-3Configuring Administrative Users for Cisco IronPort Spam Quarantine 7-6Configuring End User Access and Notifications 7-7Configuring End User Quarantine Access 7-8Enabling Spam Notifications 7-9Setting Up Email Security Appliances to Forward Spam 7-12Configuring External Quarantine Settings 7-13Cisco IronPort AsyncOS 7.7 for Security Management User GuidexOL-23827-01
ContentsAdding and Updating Managed Appliances and Using the Quarantine SpamOption 7-14Managing Messages in the Cisco IronPort Spam Quarantine 7-15Searching for Messages in the Cisco IronPort Spam Quarantine 7-16Searching Large Message Collections 7-17Viewing Messages in the Cisco IronPort Spam Quarantine 7-17Viewing HTML Messages 7-18Viewing Encoded Messages 7-18Delivering Messages in the Cisco IronPort Spam Quarantine 7-18Deleting Messages from the Cisco IronPort Spam Quarantine 7-18Enabling the End User Safelist/Blocklist Feature 7-19Enabling and Configuring Safelist/Blocklist Settings 7-20Backing Up and Restoring the Safelist/Blocklist Database 7-21Synchronizing Safelist and Blocklist Settings and Databases 7-22Message Delivery for Safelists and Blocklists 7-22Troubleshooting Safelists and Blocklists 7-23Using End User Safelists and Blocklists 7-23Accessing Safelists and Blocklists 7-24Adding Entries to Safelists and Blocklists 7-24Working with Safelists 7-25Working with Blocklists 7-26CHAPTER8Managing Web Security Appliances 8-1Overview of Managing Web Security Appliances 8-1Working with Configuration Masters 8-3Important Notes About Using Configuration Masters 8-3Editing Security Services Settings 8-3Initializing Configuration Masters 8-7Associating Web Security Appliances to Configuration Masters 8-8Configuring Configuration Masters 8-9Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01xi
ContentsPopulating a Configuration Master with Existing Web Security ApplianceSettings 8-10About Configuring Web Security Features Using ConfigurationMasters 8-11Publishing Configurations to Web Security Appliances 8-13Publishing a Configuration Master 8-15Using Advanced File Publishing 8-18Viewing Publish History 8-21Viewing Web Security Appliance Status 8-22CHAPTERMonitoring System Status 9-19Monitoring Security Management Appliance Status 9-1Centralized Services 9-3Security Appliance Data Transfer Status 9-5System Information 9-7Viewing the Status of Your Managed Appliances 9-8Monitoring Reporting Data Availability Status 9-9Monitoring Data Availability on your Email Security Appliances 9-9Monitoring Data Availability on your Web Security Appliances 9-11Monitoring Tracking Data Status 9-12Monitoring Email Tracking Data Status 9-12Monitoring Web Tracking Data Status 9-13CHAPTER10LDAP Queries 10-1Overview 10-1Configuring LDAP to Work with the Cisco IronPort Spam Quarantine 10-2Creating the LDAP Server Profile 10-3Testing LDAP Servers 10-6Configuring LDAP Queries 10-6Cisco IronPort AsyncOS 7.7 for Security Management User GuidexiiOL-23827-01
ContentsLDAP Query Syntax 10-6Tokens 10-7Spam Quarantine End-User Authentication Queries 10-8Sample Active Directory End-User Authentication Settings 10-8Sample OpenLDAP End-User Authentication Settings 10-9Spam Quarantine Alias Consolidation Queries 10-9Sample Active Directory Alias Consolidation Settings 10-10Sample OpenLDAP Alias Consolidation Settings 10-11Testing LDAP Queries 10-11Domain-Based Queries 10-12Creating a Domain-Based Query 10-13Chain Queries 10-14Creating a Chain Query 10-15Configuring AsyncOS to Work With Multiple LDAP Servers 10-16Testing Servers and Queries 10-17Failover 10-17Configuring the Cisco IronPort Appliance for LDAP Failover 10-17Load Balancing 10-19Configuring the Cisco IronPort Appliance for Load Balancing 10-19Configuring External Authentication for Users 10-20User Accounts Query 10-21Group Membership Queries 10-22CHAPTER11Configuring SMTP Routing 11-1Routing Email for Local Domains 11-1SMTP Routes Overview 11-2Default SMTP Route 11-3Defining an SMTP Route 11-3SMTP Routes Limits 11-4Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01xiii
ContentsSMTP Routes and DNS 11-4SMTP Routes and Alerts 11-4SMTP Routes, Mail Delivery, and Message Splintering 11-4SMTP Routes and Outbound SMTP Authentication 11-5Managing SMTP Routes on the Security Management Appliance 11-5Adding SMTP Routes 11-6Editing SMTP Routes 11-6Deleting SMTP Routes 11-7Exporting SMTP Routes 11-7Importing SMTP Routes 11-8CHAPTER12Common Administrative Tasks 12-1Performing Maintenance Tasks Using CLI Commands 12-2Shutting Down the Security Management Appliance 12-2Rebooting the Security Management Appliance 12-3Placing the Security Management Appliance into a Maintenance State 12-3The suspend and offline Commands 12-5Resuming from an Offline State 12-5The resume Command 12-6Resetting to Factory Defaults 12-6The resetconfig Command 12-7Displaying the Version Information for AsyncOS 12-8Backing Up Your Security Management Appliance 12-8About Backing Up Your Data 12-8Restrictions for Backups 12-9Backup Duration 12-10Availability of Services During Backups 12-10Interruption of a Backup Process 12-11Scheduling a Backup 12-11Periodic Backups 12-12Cisco IronPort AsyncOS 7.7 for Security Management User GuidexivOL-23827-01
ContentsImmediate Backups 12-14Other Important Backup Tasks 12-15Upgrading to New Security Management Appliance Hardware 12-15Upgrading AsyncOS 12-17Before You Upgrade: Important Steps 12-17Remote vs. Streaming Upgrades 12-18Upgrading Clustered Systems 12-19Streaming Upgrade Overview 12-19Remote Upgrade Overview 12-20Hardware and Software Requirements for Remote Upgrades 12-21Hosting a Remote Upgrade Image 12-22Obtaining Upgrades Using the GUI 12-22Upgrading AsyncOS from the GUI 12-23Reverting to an Earlier Version of AsyncOS 12-25Important Note About Reversion Impact 12-25Performing the AsyncOS Reversion 12-25Obtaining Upgrades Using the CLI 12-29The updateconfig Command 12-29The upgrade Command 12-30Differences Between Upgrading Methods (Remote vs Streaming) 12-31Configuring Upgrade and Service Update Settings 12-32Editing Update Settings 12-32Configuring the Update and Upgrade Settings from the GUI 12-34Disaster Recovery on the Security Management Appliance 12-36About Distributing Administrative Tasks 12-40User Roles 12-40Delegating Administration with Custom User Roles 12-45About Custom Email User Roles 12-45Creating Custom Email User Roles 12-48Editing Custom Email User Roles 12-50Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01xv
ContentsUsing Custom Email User Roles 12-50About Custom Web User Roles 12-51Creating Custom Web User Roles 12-52Editing Custom Web User Roles 12-54Managing Users with the GUI 12-55Adding Users 12-57Editing Users 12-58Deleting Users 12-58Disabling Access to Sensitive Information in Message Tracking 12-59Additional Commands to Support Multiple Users: who, whoami, andlast 12-59Configuring Restrictive User Account and Password Settings 12-61Changing Passwords 12-66External Authentication 12-66Enabling LDAP Authentication 12-67Enabling RADIUS Authentication 12-68Configuring Access to the Security Management Appliance 12-70Configuring IP-Based Network Access 12-71Direct Connections 12-71Connecting Through a Proxy 12-71Creating the Access List 12-72Configuring the Web UI Session Timeout 12-74Viewing Active Sessions 12-75Configuring the Return Address for Generated Messages 12-76Managing Alerts 12-76Overview of Alerts 12-77Alerts: Alert Recipients, Alert Classifications, and Severities 12-77Alert Settings 12-78Alert Delivery 12-78SMTP Routes and Alerts 12-79Cisco IronPort AsyncOS 7.7 for Security Management User GuidexviOL-23827-01
ContentsCisco IronPort AutoSupport 12-79Alert Messages 12-79Alert From Address 12-80Alert Subject 12-80Example Alert Message 12-80Managing Alert Recipients 12-81Adding New Alert Recipients 12-82Configuring Existing Alert Recipients 12-82Deleting Alert Recipients 12-83Configuring Alert Settings 12-83Editing Alert Settings 12-83Alert Listing 12-84Hardware Alerts 12-85System Alerts 12-85Changing Network Settings 12-89Changing the System Hostname 12-89The sethostname Command 12-90Configuring Domain Name System Settings 12-90Specifying DNS Servers 12-91Multiple Entries and Priority 12-91Using the Internet Root Servers 12-92Reverse DNS Lookup Timeout 12-92DNS Alert 12-93Clearing the DNS Cache 12-93Configuring DNS Settings via the Graphical User Interface 12-93Configuring TCP/IP Traffic Routes 12-95Managing Static Routes in the GUI 12-95Modifying the Default Gateway (GUI) 12-97Configuring the Default Gateway 12-97Changing the Admin User’s Password 12-97Cisco IronPort AsyncOS 7.7 for Security Management User GuideOL-23827-01xvii
ContentsConfiguring the System Time 12-98Time Zone Page 12-98Selecting a Time Zone 12-98Selecting a GMT Offset 12-99Editing Time Settings (GUI) 12-100Editing the Network Time Protocol (NTP) Configuration (Time KeepingMeth
Contents vi Cisco IronPort AsyncOS 7.7 for Security Management User Guide OL-23827-01 Editing a Managed Appliance 3-14 Deleting a Managed Appliance 3-15 About Reports 3-16 Reporting Options 3-16 How the Security Appliance Gathers Data for Reports 3-16 How Reporting Data is Stored 3-17 Interactive Report Pages 3-17 Choosing a Time Range for Interactive Reports 3-18 .
conformance claims, and the ST organization. The TOE is IronPort Email Security Appliances (ESA), comprising the C160, C370, X1060, and X1070 appliance models, running IronPort AsyncOS software, version 7.1, and the C670 appliance model running IronPort AsyncOS version 7.3, from Cisco IronPort Systems LLC. The TOE is an
IronPort Systems, Inc.1100 Grundy Lane, Suite 100 San Bruno, California 94066 tel 650.989.6500 fax 650.989.6543 email info@ironport.com web www.ironport.com IronPort C-Series IronPort C-Series Overview Overview IronPort C-Series Overview . email encryption, and content filtering. Centralized Management
IronPort X1050 Email Security System PAgE specs IronPort X1050 Built to meet the needs of the most demanding networks in the world. IronPort C650 Designed for large enterprises and service providers. IronPort C350 Suggested for medium to large enterprises. IronPort C350D Recommended for any co
Cisco IronPort C370, C670, or X1070 Email Security Appliances (ESAs) with 4 GB of memory may experience issues running a Cisco AsyncOS 8.x.x release. If you have one or more Cisco IronPort C370, C670, or X1070 Email Security Appliances (ESAs) with 4 GB, Cisco will contact you and provide you with a memory upgrade kit for each of your affected ESAs
Network Security Trusted Client Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network Admission Control ACE Web App Firewall IPS 4200 Cisco Virtual Office Cisco Security Manager Cisco Secure ACS IronPort Hosted Email Security IronPort S-Series IronPort C-Series Cisco Secure MARS ASA 5500 IronPort M .
Sawmill for IronPort includes an IronPort log format plug-in that processes Web Security appliance access logs to help you understand what is going on in your network. The IronPort log format plug-in allows you to create multiple types of profiles. When Sawmill for IronPort processes Web Security appliance access logs, it uses a profile you
Cisco IronPort Web Reputation Filters and the Cisco IronPort Anti-Malware System to provide a single, integrated solution that ensures that a corporation's web traffic is accurately scanned for both acceptable use violations and security threats. The CisCo ironPorT DifferenCe fasT, aCCuraTe ConTenT filTering for aCCePTable use PoliCy enforCemenT
realizes a functional behavior of a logic system from a given description (stated in form of verbal statements, truth table, K-map, state diagram, etc.) Example : Synthesize a logic function that realizes the following truth table. Use AND, OR, and NOT gates Figure 2.15. A function to be synthesized. Chapter 2-14 Synthesis of digital circuits f (a) Canonical sum-of-products f (b) Minimal-cost .
