The appliance can handle more than 100k total connections without any performance impacts. When you have slowness the connection count does not normally come into play unless the WSA is not closing the connections properly. Based on the status detail output you provided the majority of your connections are in use which is normal. With regards to slowness you should be looking at requests per second against the proxy CPU usage. You can find this data by using the 'rate' or 'proxystat' commands from the CLI. This will show you the proxy process CPU usage which will directly correlate to any slowness seen. Anything over 80% will begin to show slow performance. With regards to the S370 there are a few known performance issues, one is the BIOS and the other is the software code running. There should be an available upgrade for a BIOS firmware update that needs to be applied to your S370. As far as the software version, there is an issue with 7.7.0 that is fixed in the GA release that is scheduled for availability in the next few weeks. Our recommendation is to run 7.5.2 on the S370 and apply the BIOS firmware update. If both of these are true, then you may be overloading the proxy process. If you need assistance verifying you are overloading the proxy CPU then you will need to open a service request with TAC. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
"do not clear the error" is in regards to the alert you received stating the log partition is at 107%. This means that you have too many saved files for the available disk space. You will need to remove any excess files.
... View more
Hello, The WSA has a feature called Object Filtering which allows admin's to configure access policy parameters to block certain file types from being downloaded through the WSA. To apply the same settings to HTTPS requests the WSA would need to decrypt the request. I Hope this helps. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
If removing the log files do not clear the error, it could be one of the directories in the backend that needs to be cleared. To do this you will need to open a support case and TAC can log in and clear the excess files. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
Hello, This error is caused by storing too many accesslogs/packet captures on the appliance. You will need to FTP to the management IP of the WSA. Log in with your admin credentials and delete/move some of the files in the accesslogs directory as well as the captures directory. (captures can be deleted using the GUI if you do not need to save them.) With the limited disk space on the 170 model you may want to consider setting the log compression option for at least the accesslogs (if not all log subscriptions), to do this go to the GUI > System Administration > Log Subscriptions > click on the name of the log you want to edit, in this case click on accesslogs. There is a check box that you should have checked in order to allow log compression. Doing this will zip the files in the backend to save space. Hope this helps. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
Hello, I have no way of checking who your account manager is. Who do you purchase Cisco products through? If you purchase through Cisco directly then the person you contact at Cisco is your account manager. If you purchase through a Vendor then you will need to contact them as they will be able to assist you. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
Depending on what DR requirements you have, for load balancing/failover you would probably need 6 appliances total. 2 for the main proxy to either loadbalance with WCCP/physical load balancer or to have a backup in case of failover, and then the possibility of needing a backup for each of the upstream proxies. The WSA's are in active/active mode and will require the failover be setup in whatever mechanism you are using to direct traffic to them (PAC/WPAD, load balancer, firewall, router, etc...)
... View more
Yes, you could either use an explicit setting (browser config/PAC/WPAD) or transparent (WCCP/PBR) to point to the first proxy and then the first proxy will route based on category to one of the two upstream proxies based on your policy configuration. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
Hello, 7.7.0 and 8.0.0 are both FCS releases and have not been provisioned for all customers. If you would like to upgrade your appliances to either of these versions you will need to open a support case with TAC to get them provisioned. When you open the case please make sure you provide the serial numbers for all your appliances you wish to upgrade to speed up the process. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
One other method i wanted to mention was the use of a PAC or WPAD file. These types of files would allow you to configure statements to match domains and send to a specific WSA. The WSA also has the ability to host these files if you do not have better method of hosting them (i.e. DNS). Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
Hello, Unfortunately the WSA cannot control which requests get sent to it, it simply listens for traffic coming to its interface on specific ports (80, 3128, 21, 443). When it comes to specific URLs being routed to one WSA or another it will require that you have a device that can inspect the traffic at Layer 4 (HTTP/HTTPS/FTP) and make a routing decision based on the URI in the HTTP header. You could add a 3rd WSA to route the traffic using an upstream proxy configuration. You would use proxy groups and routing policies to match Custom URL categories or predefined URL categories to send to one of the two upstream proxies. Other than adding an additional device to route the traffic, you could look into Policy based routing or using multiple WCCP services (one for each WSA) and creating an ACL to match the business sites IP addresses vs the non-business sites. This could become an issue as most websites use dynamic IP schemes. Hope this helps. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
Hello, You should have privileges as long as you are logging into the site using your CCO ID. If you do not have one please register for a CCO ID on www.cisco.com and you should have access to get a demo license. If you are logging in with your CCO ID and its still giving you the error message then y ou will need to reach out to your Cisco Account manager to provide the demo license. I apologize for any inconvenience this causes. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
Hello Faiz, the release notes are available at http://www.cisco.com/c/en/us/support/security/web-security-appliance/products-release-notes-list.html The release notes will include known defects and configuration changes in the version. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more
As long as both the client segments and the WSA are off of the same interface of the ASA you can do WCCP with the ASA and WSA. Based on your topology provided WCCP with the ASA should work. Hope this helps. Best Regards, Michael Hautekeete Customer Support Engineer Cisco Content Security - Web Security Appliance http://www.cisco.com/en/US/products/ps11169/serv_group_home.html https://supportforums.cisco.com/community/netpro/security/web https://supportforums.cisco.com/community/feeds?community=2091
... View more