Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4547
Views
0
Helpful
3
Replies

URL Filtering Warnings "Unable to connect to Cisco Web Security Service"

tsilveruits
Level 1
Level 1

‎01-24-2018 10:30 AM - edited ‎03-08-2019 07:32 PM

Hi. We recently enabled the URL Filtering feature in our C300 vESAs, as we understand that the anti-spam features utilize the URL filtering score to help more accurately identify spam. However, it should be notced that we have not enabled any filters to apply URL rewriting or proxy redirecting.

 

My question is concerning the numerous warning notifications we receive. This happened in test as well, but we have only two vESA nodes in our test cluster, so the notifications were infrequent enough that they could easily be managed. But on our production side, we have two clusters with a total of 30 vESAs and we're receiving numerous warning notifications like the following per day.

 

Unable to connect to Cisco Web Security Service.
URL Filtering will not work correctly.
Please verify all network, proxy and firewall settings.
Connection to "v2.sds.cisco.com" failed.
The last error seen on this connection: "Request failed with code: 28 (Operation timed out after 0 milliseconds with 0 out of 0 bytes received)"

The only related doc I found pertaining to this is, https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv19933, which is specific to warnings when the feature is NOT enabled. So, our situation is a bit different.

 

The system seems to recover quickly, too. I grep'd the web_client logs and I see entries like the following. The recovery message is happening within fractions of a second after the system reports the server is down. If there were a means to prolong the assumption of failure, then I suspect that we wouldn't see so many warning notifications.

 

And disabling the alerts from the ESA is likely to disable warning alerts we actually want to see, so I don't believe that is an option.

 

(Request failed with code: 7 (Failed connect to v2.sds.cisco.com:443; Connection refused)) 
3 consecutive connection errors. Assuming connection to 'v2.sds.cisco.com' is down 
The 'sds_host' connection to 'v2.sds.cisco.com' has recovered now

 

6 people had this problem
Labels:
0 Helpful
3 Replies 3

tsilveruits
Level 1
Level 1

‎01-24-2018 11:08 AM

I just found the following thread [1], which may help.

 

[1] https://supportforums.cisco.com/t5/email-security/ironport-10-0-1-103-warning-the-python-was-restarted-due-to-an/td-p/3072010

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee

‎01-24-2018 03:39 PM

You can start by confirming if connectivity to the URL filtering servers are working from the ESA by a telnet.

 

telnet v2.sds.cisco.com 443

 

Then validate the configuration for URL filtering is as per the below field notice using command 'websecurityadvancedconfig'.

 

https://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html

 

Regards 

Libin Varghese 

 

0 Helpful

tsilveruits
Level 1
Level 1
In response to Libin Varghese

‎01-25-2018 12:09 PM

Thank you. Yeah, that field notice is referenced in the thread I linked to in the previous post. So, that setting has been changed on our clusters, and we seem to be seeing fewer of the warnings.

0 Helpful
Customers Also Viewed These Support Documents