05-19-2017 05:52 AM
Hi Support Team,
We would like to set up URL Filtering on ESA-C370. When I tried to enable URL Filtering I got the message:
Cisco Web Security Services connection status: Connection could not be established due to Authentication failure. Please check client cerificate. We have the ESA Inbound Essentials SW Bundle licenses (AS+AV+OF). For enable this feature, do we need only OF licenses or license for Web Security Essentials (with OF)?Thank you.
Best regards
05-19-2017 08:57 AM
I'm not an expert on the feature, but it sounds as if your ESA can't get out of your network to query URLs with Cisco. You might want to check the network requirements. A proxy doing SSL interception might require that your ESA trust its certificate. I'm not sure if that's possible, but see what else you already have working under Security Services, Service Updates.
05-19-2017 12:03 PM
Hi Ivana,
You could try confirming if you are able to telnet to the cloud server using the below command
"telnet v2.sds.cisco.com 443"
You could turn off verification of client certification using command "websecurityadvancedconfig" and ensure the configuration is per recommendation, however I would suggest enabling and commit changes to check if the error is temporary network issue.
(Machine Cisco.Lab> websecurityadvancedconfig
Enter URL lookup timeout (includes any DNS lookup time) in seconds:
[15]>
Enter the URL cache size (no. of URLs):
[810000]>
Do you want to disable DNS lookups? [N]>
Enter the maximum number of URLs that should be scanned:
[100]>
Enter the Web security service hostname:
[v2.sds.cisco.com]>
Enter the threshold value for outstanding requests:
[5]>
Do you want to verify server certificate? [Y]>
Enter the default time-to-live value (seconds):
[30]>
Do you want to rewrite all URLs with secure proxy URLs? [Y]>
Do you want to include additional headers? [N]>
Enter the default debug log level for RPC server:
[Info]>
Enter the default debug log level for URL cache:
[Info]>
Enter the default debug log level for HTTP client:
[Info]>
Thank You!
LIbin Varghese
05-23-2017 06:04 AM
Hello,
Thank you very much for you help. I turned off verification server cerificate using command "websecurityadvancedconfig"
Do you want to verify server certificate? [Y]> N
Now, everything works fine.
Best regards,
Ivana
05-19-2017 12:22 PM - last edited on 11-09-2021 12:43 PM by Robert Sherwin
Hello,
Sometimes when you first enable the URL Filtering service under Security Services, Cisco Web Security Services connection status could fail but if you refresh the page , the service should auto connect.
You can find the URL Filtering Best Practice Guide here:
09-14-2018 12:38 PM
@Sriram Subramanian wrote:
Hello,
Sometimes when you first enable the URL Filtering service under Security Services, Cisco Web Security Services connection status could fail but if you refresh the page , the service should auto connect.
Yup, wow, that's all it was, after I refreshed the page by clicking on a different menu item then coming back to Security Services / URL Filtering, the Cisco Web Security Services connection status: showed Connected
09-15-2018 08:27 AM
after refreshing the page a few times the error goes away and it's all good now, it just too a while, I found the answer on this forum, thank you forum
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide