cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1454
Views
0
Helpful
12
Replies
dobsadmin
Beginner

Web URL Filter and Other Security services abruptly stop working

We purchased 30 ISA 570 to be deployed throughoutour organization remote offices and the first 3 we installed have the same exact issue with web URL filtering and other security services abruptly stop working for no reason.

  • Internet is up because we can remote access the site.
  • Browsing is working only for the sites we allow but block others because we have the feature to block when service is not available.
  • everything else works except for DDNS which is anotehr issue and another topic we will start a discussion on.
  • Image attached

MY QUESTION IS:

why does this go offline - we have a 30/5mb connection to the Internet.

12 REPLIES 12
weilia
Cisco Employee

HI,

ISA500 team is investigating and working on this issue right now.

Please try to disable, then re-enable one of those services to see

if the security service can come online again(just disable/reenable one

of them is good, web reputation, web url filtering, network reputation or

spam filtering).

Could you please open a TAC case to get help from tac engineers and

try out the fix ?

If you do not have a Service Contract for the ISA500, you can't open the case yourself.  However you can call the SBSC (Small Business Support Center) and speak with an engineer to open a case for you.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Regards,

Wei

We opened up 3 cases. We have 30 ISA 570 to deploy and this is causing a major issue every day!  I can't log into the device to uncheck/check daily just to fix the issue - that's not a solution.

We're dead in the water until there's a firmware fix

Is it an option to temporarily configure them to allow browsing when the service is offline to minimize impact and continue your deployment?  If so, then once the firmware is released with the fix, you can switch that back if your security procedures require it.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

The only issue with temporarily configure them to allow browsing when the service is offline is: The devices does not store the filter rules on it and everythig is left open to browse. Porn, etc..

Cisco Systems should come up with a solution for this ASAP

I can certainly appreciate that point.  That is why I was suggesting it as a temporary solution to allow Cisco to work through the issue without holding up your continued deployment of the remaining 27 ISAs or causing interruptions to user browsing.  Basically a temporary workaround.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
paul
Beginner

I am experiencing the exact same problem. If you have access to the router the problem can be (temporarily) fixed by pressing the save button under networking -> wan -> wan settings. You don't have to change anything for it. I suspect the problem occurs due to a problem with the dhcp client on the wan side. I also have a lot of problems in getting a wan2 interface up with dhcp. In the end I need to make another device obtain a dhcp lease and only after that will the router obtain an address. This ritual needs to be repeated each time the router loses its dhcp lease.

Perhaps there is a problem with DNS servers being used from an incorrect WAN interface?

Hi Paul,

We have an image (1.2.16) that addresses the Security Services going offline.  Please open a case with SBSC so we can provide that to you.

Thanks,

Brandon

Brandon,

Is there any ETA on a GD release of firmware for the ISA that will contain all these fixes?  In an effort to continue assisting others, I'm trying to stay on GD releases so we're likely running the same firmware.  That said, it appears these service offline issues may be affecting some reporting in OnPlus as outlined in this thread.

https://supportforums.cisco.com/message/3935480

Please advise.  Thank you.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Hi Shawn,

I wanted to update you that version 1.2.17 is now available on Cisco.com and should address the Security Services going offline. 

Thanks,

Brandon

Hi Brandon,

are there any release notes for the firmware somewhere? The updated firmware is available at software.cisco.com, but the most recent release note is still 1.2.15...

Regards

Hi,

The Release Notes will be available soon. 

Thanks,

Brandon

Create
Recognize Your Peers
Polls
How would you describe your level of technical expertise?