Error in IronPort

rockbd · ‎03-28-2017

Today i active ironport url filtering. and within 6 hr i am getting the some error. One is url filtering can't update which i understand but following warning i can't understand anyone can explain me the following

he Warning message is:

Unable to connect to Cisco Web Security Service.
URL Filtering will not work correctly.
Please verify all network, proxy and firewall settings.
Connection to "v2.sds.cisco.com" failed.
The last error seen on this connection: "Request failed with code: 35 (error:07064041:memory buffer routines:BUF_MEM_grow:malloc failure)"

Is this serious issue or just a normal routine error.

Libin Varghese · ‎03-28-2017

Hi,

The error could be due to transient connectivity issues with the server.

You can confirm connectivity at the moment by using the below command:

telnet v2.sds.cisco.com 443

You can also verify the configuration used for connectivity using the command "websecurityadvancedconfig".

cisco.lab> websecurityadvancedconfig

Enter URL lookup timeout (includes any DNS lookup time) in seconds:
[15]>

Enter the URL cache size (no. of URLs):
[1215000]>

Do you want to disable DNS lookups? [Y]>

Enter the maximum number of URLs that should be scanned:
[100]>

Enter the Web security service hostname:
[v2.sds.cisco.com]>

Enter the threshold value for outstanding requests:
[5]>

Do you want to verify server certificate? [N]>

Enter the default time-to-live value (seconds):
[30]>

Do you want to rewrite all URLs with secure proxy URLs? [N]>

Do you want to include additional headers? [N]>

Enter the default debug log level for RPC server:
[Debug]>

Enter the default debug log level for URL cache:
[Debug]>

Enter the default debug log level for HTTP client:
[Debug]>

If everything is configured correctly and you see multiple such errors then I would recommend opening a TAC case to get it investigated further.

Thank You!

Libin Varghese

rockbd · ‎03-28-2017

Dear Libin Varghese

Thanks for the reply.

I active it to use content filtering via web. I am not good in command line so can you tell me how to check this via web.

Libin Varghese · ‎03-28-2017

Hi,

The configuration part mentioned is only available through the command line access of the appliance.

You can use putty to ssh to the IP of the appliance over port 22.

- Libin V

rockbd · ‎03-29-2017

ok .. thanks. i will try that.

Till now i will go with the error mail.

Sriram Subramanian · ‎04-18-2017

Hello,

After enabling the URL Filtering these information error alerts might occur when the service is trying to connect to the Web Service Gateway. This issue should resolve itself once the service tries to reconnect with the Web Service Gateway.

You can check under Security Services -> URL Filtering to make sure the service is connected. If the service is still not connecting after a few minutes, you might need to open a TAC to further troubleshoot the issue.