Adobe Creative Cloud application installs fail when going through our Ironport web content filters
As the title says, when our users try to install Adobe applications via the new (and execrable) Creative Cloud software subscription service, those installs and updates fail when going through our Ironports with a lovely "download appears corrupted" message.
We're using WCCP on our core routers to redirect web traffic through the S370 proxies. When I exempt those users from web redirection (via the access list that controls wccp on those routers), the installs work correctly.
One of the frustrating parts of this problem is that none of the requests appear to be blocked. If I can trust the Creative Cloud app's progress bar, the application is completely downloaded and just starts to be extracted when the error occurs.
I did a packet capture on a client when the installation failed, but I didn't find anything particularly enlightening there.
Adobe is using a range request download method for its download and by default this method has been disabled in WSA due to security purpose.
You can enable this option from the CLI of WSA by issuing command rangerequestdownload and enable this.
Please note that this option is a global setting therefore it will effect the appliance globally and also if you enable this setting there might be some security risks where when WSA is getting the files in chunks instead of full size of file (the behaviour of range request download protocol), WSA scanning engine might not be able to perform scanning on them due to small size of files (due to per chunks)
Another way to get around this is to create custom URL category for the whole domains and subdomains of adobe: ".adobe.com" and set it to "Allow" instead of "Monitor".
By setting to "Allow" this will bypass the scanning all together and simply allowing the traffics, therefore WSA will not inspect the range request download protocol/method that adobe is using.
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...