06-15-2020 01:23 PM
Hi,
we received the following critical alert from esa:
Unable to connect to Cisco Web Security Service.
URL Filtering will not work correctly.
Please verify all network, proxy and firewall settings.
Connection to "v2.sds.cisco.com" failed.
The last error seen on this connection: Request failed with code: 56 (Proxy connect aborted due to timeout)
Version: 11.1.0-131
Could anyone please help us how to address / fix the issue from Cisco IronPort end?
Thank you in advance.
Regards,
Maria
06-22-2020 04:24 AM - edited 06-22-2020 04:40 AM
Hello Maria,
To resolve the issue please check you have below values configured for "websecurityadvancedconfig" on your ESA appliance"
ESA> websecurityadvancedconfig
Enter URL lookup timeout (includes any DNS lookup time) in seconds:
[30]>
Enter the URL cache size (no. of URLs):
[810000]>
Do you want to disable DNS lookups? [N]>
Enter the maximum number of URLs that should be scanned:
[25]>
Enter the Web security service hostname:
[v2.sds.cisco.com]>
Enter the threshold value for outstanding requests:
[5]>
Do you want to verify server certificate? [Y]> N
Enter the default time-to-live value (seconds):
[600]>
Do you want to rewrite both the URL text and the href in the message? Y indicates that the full
rewritten URL will appear in the email body. N indicates that the rewritten URL will only be visible in
the href for HTML messages. [Y]>
Do you want to include additional headers? [N]>
Enter the default debug log level for RPC server:
[Info]>
Enter the default debug log level for URL cache:
[Info]>
Enter the default debug log level for HTTP client:
[Info]>
I hope the above helps.
Cheers,
Pratham
06-24-2020 08:16 AM
Hi Pratham,
my threshold value for outstanding requests is set to 50. If I change this value, what are the consequences? What does this value represent?
Thank you for your support
Regards,
Maria
08-17-2020 11:22 AM
Hello María,
Changing the value will reduce the number of queries the ESA makes using the web security service.
Using 5 instead of 50 will provide an improvement in service performance as fewer queries are being done.
Feel free to check out the Cisco field notice 64111 regarding this feature: https://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html
Please let me know if you have any questions.
Best.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide