cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
246
Views
0
Helpful
7
Replies
Beginner

Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

We are getting these errors. What can be done? I found one old post about changing the "outstanding requests" But I dont know if that post still is valid?

Communication to the dns-name works as it should.

 

The Warning message is:

Unable to connect to Cisco Web Security Service.
URL Filtering will not work correctly.
Please verify all network, proxy and firewall settings.
Connection to "v2.sds.cisco.com" failed.
The last error seen on this connection: "Request failed with code: 28 (Operation timed out after 0 milliseconds with 0 out of 0 bytes received)"

Last message occurred 3 times between Fri May 17 08:54:18 2019 and Fri May 17 09:01:09 2019.

Version: 12.1.0-071
Timestamp: 17 May 2019 10:02:41 +0200

 

We have this config under websecurityadvancedconfig

 

Enter URL lookup timeout (includes any DNS lookup time) in seconds:
[5]>

Enter the URL cache size (no. of URLs):
[810000]>

Do you want to disable DNS lookups? [N]>

Enter the maximum number of URLs that can be scanned in a message body:
[100]>

Enter the maximum number of URLs that can be scanned in the attachments in a
message:
[25]>

Enter the Web security service hostname:
[v2.sds.cisco.com]>

Enter the threshold value for outstanding requests:
[50]>

Do you want to verify server certificate? [Y]>

Do you want to enable URL filtering for shortened URLs? [Y]>

For shortened URL support to work, please ensure that ESA is able to connect to
following domains:
bit.ly, tinyurl.com, ow.ly, tumblr.com, ff.im, youtu.be, tl.gd, plurk.com,
url4.eu, j.mp, goo.gl, fb.me, alturl.com, wp.me, chatter.com, tiny.cc, ur.ly

Enter the default time-to-live value (seconds):
[30]>

Do you want to rewrite both the URL text and the href in the message? Y
indicates that the full rewritten URL will appear in the email body. N
indicates that the rewritten URL will only be visible in the href for HTML
messages. [Y]>

Do you want to include additional headers? [N]>

Enter the default debug log level for RPC server:
[Info]>

Enter the default debug log level for URL cache:
[Info]>

Enter the default debug log level for HTTP client:
[Info]>

Everyone's tags (1)
7 REPLIES 7
Cisco Employee

Re: Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

Hello,

 

That change is still valid and necessary, yes. You can find more information on our field notice page: here.

 

Thanks!

-Dennis M.

Beginner

Re: Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

Thanks for your reply. But it starts only version below nine? We run 12.1.071? Does it still apply?
Highlighted
Cisco Employee

Re: Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

Still valid and necessary even in the newer releases, yes. I've requested that the notice be updated to avoid future confusion.

 

Thanks!

-Dennis M.

Beginner

Re: Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

Hi!
Adjusting the outstanding request did not help.

The log shows the following:

Tue May 21 10:45:48 2019 Warning: cache : THR: cache_manager-cloud_connector: SRC: antispam: MID: 2519308: REQ_ID: 99215.1558428343: 3 consecutive connection errors. Assuming connection to 'v2.sds.cisco.com' is down
Tue May 21 10:45:49 2019 Warning: cache : THR: cache_manager-cloud_connector: SRC: antispam: MID: 2519308: REQ_ID: 99215.1558428343: The 'sds_host' connection to 'v2.sds.cisco.com' has recovered now

Cisco Employee

Re: Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

Hello,

 

How often are you seeing these alerts?

 

Thanks!

-Dennis M.

Beginner

Re: Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

Hi!
This is the latest error I got.

Last message occurred 4 times between Tue May 21 18:46:46 2019 and Tue May 21 20:19:59 2019.
Cisco Employee

Re: Unable to connect to Cisco Web Security Service. URL Filtering will not work correctly

Hello,

 

Thanks for the update. If these are intermittent and only for a few seconds at a time then it is possible they could be related to network latency. The threshold change is not a fix all but it's certainly a must to make sure there's nothing else being impacted by it. One note would be that the v2.sds.cisco.com servers are not currently globally distributed, so depending on where your servers are located you could potentially be experiencing less/more latency and increased timeouts.

 

Thanks!

-Dennis M.