Hi,

officially this should do the trick:

http://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html

Regards,

Philippe

Thank you Philippe for the quick reply,

I've checked that solution but hesitated to apply it as couldn't understand the "Enter the threshold value for outstanding requests", default being 50. What "outstanding request" mean? It is a significant drop from 50 to 5.

Also, being in a cluster, any modification must be done on both the appliances for the cluster not to check any inconsistencies and return another problems.

L.E. I've done the modifications, will keep you informed if it did the trick or not in my case. :) Still, the Anti-Virus and AMP warning shouldn't be related to this issue. I'm thinking increasing the timeout there might be a workaround. 

Hello,

I would agree with the above in regards to changing the 'Outstanding Requests' value from 50 down to 5. Keep in mind this is a machine-level setting and you need to perform this on each appliance separately.

Regarding your other question, I do not see anything involving AMP in the alert you posted, only a Sophos timeout warning. Sophos timeouts can be safely ignored if not occurring on a constant basis. All this means, is that you received a large and/or complex message and Sophos was not able to complete scanning within the allotted timeframe (120 seconds).

I would definitely not suggest increasing the timeout as that could lead to workqueue backups on the ESA when processing excessive amounts of large emails.

Thanks!

-Dennis M.

Thank you Dennis for the support, indeed, i left the timers as is, that Sophos timeout was one singular alert, but the first problem still exists.

From last evening :), warning from the second appliance:

The Warning message is:

Unable to connect to Cisco Web Security Service.

URL Filtering will not work correctly.

Please verify all network, proxy and firewall settings.

Connection to "v2.sds.cisco.com" failed.

The last error seen on this connection: "Request failed with code: 28 (Operation timed out after 5000 milliseconds with 0 out of -1 bytes received)"

Version: 9.1.2-036

Timestamp: 27 Oct 2016 17:57:23 +0300

Hi

For the URL filtering error I would recommend increasing the timeout from 5 to 15 secs as per the below defect.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus08194/?reffering_site=dumpcr

Also please notes as per a recent field notice the threshold for outstanding requests should be changed from 50 to 5.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux63499/?reffering_site=dumpcr

Both are configured at the machine level from the CLI using command "websecurityadvancedconfig"

Thanks

Libin 

What would be a side effect of altering the timeout? Isn't the same story as the Sophos timing? I mean, my primary focus is on fast and correct function of the appliance. After all, i won't mind receiving a warning  from time to time as long as it works. 

I mean this value, as Libin suggested:

Enter URL lookup timeout (includes any DNS lookup time) in seconds

Wouldn't the 15 sec make it slower in processing URL filtering requests overall?

I found it in the release notes aswell: http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7-1_Release_Notes.pdf , regarding the modifications to the server pool used by the URL Reputation feature. 

Thanks

Ionut

Ionut,

The configuration of websecurityadvancedconfig are as per suggestions from the development teams in order to increase efficiency of the device communication with the url filtering servers, this would not slow down the processing capability of the appliance itself.

These changes are recommended in order to correct any underlying defects which adversely affect the workqueue processing.

Thanks

Libin

Ok Libin, will keep you updated. Commited the changes. 

L.E. Passed two weeks and so far so good, the appliances are working sweet, got rid of the error.

Thank you guys for the kind support!