Web Security

How to exclude mobile devices from authentication

So i have a default identity policy that takes the identity of a user from an AD agent, i have also set up NTLM transparent authentication in case AD agent can not identify the user.it works well on our windows domain attached PCs but there is a prob...

Resolved! Cisco Iron Port explicit mode

hai All,I Have setup my ironport WSA in explicit mode, which is placed in ASA DMZ. All the Http,Https, ftp traffic are working fine. But, we have some applications, which is not using any of the above protocols. These applications are using some port...

how to release link an domain blocked?

Hi,How to release only one video youtube.com domain?The domain youtube.com is blocked in global policy.My version is 7.5.0 Web IronPort Best Regards, Paulo AraujoInfrastructure AnalystMail:paulo.sibalde@gmail.comSkype: psibalde

Resolved! Problem with Videos from cnbc.com

Hello allFor a few days, I have problems to watch videos from cnbc.com. I get no blockmessage from Ironport and it seems, that the video starts, but then a circle (that normaly shows that the video is loading) turns endless. I have a S170 with 7.1.3-...

Resolved! Ironport WCCP and PAC

Can I run a single Ironport in a proxy redirection for one site and a pac file for a different site?

Resolved! Generate CSR public key 2048 bit

Hello all,I apologize if the answer is already posted here.Trying to generate a certificate that uses a 2048 bit. Going through the UI, there is no option to define the bit and it generates a 1024 bit key.Looked at the CLI certconfig and the option t...

SHD Logs format

Hi,I'm pushing several logs from Ironport into splunk, including System Health Daemon logs.This makes it easy to monitor the current status of the proxies.Most of the entries in the log are quite easy to understand, but I'm uncertain of one field "Ba...

Reputation Still Poor for Domain but not IP 2 Months After Fix?

The Aquaforest website (aquaforest.com) suffered an attack back in January which resulted in /en/index.asp being infected with an iFrame JavaScript Trojan.This was corrected a few days after infection but IronPort/SenderBase still show a poor reputat...

block ultrasurf (https) through webpage translation category??

Hi,Does anyone have experience with blocking Ultrasurf that users use to bypass the WSA proxy??I was wondering if it is part of cursom categories.If not, would it be possible to bypass this with decrypting https and use a regex?An example or advise w...

authentication

Dears,We have the following scenario :we have wireless internet which is integrated with radius server (NPS)computer joined to the domaine are authenticated directly using NTLM standalone computers are prompt for a user name and password,my question ...

Resolved! Can I whitelist a specific path?

Due to auth issues with machine credentials caching on the WSAs and causing users to be unable to access the Internet I was wondering if I could allow a specific path and block the rest of the site to users. So I would like to specifically allow the...

ASA WCCP Two inside interfaces

I have a scenario where an ASA has two internal interfaces, corporate and guest and one outside Internet interface, with no layer 3 routing on the inside between the corporate and guest networks (VLANs). Transparent redirection with WCCP is to be us...

Ironport DMZ, WCCP, ASA and 3945 configuration help.

Hello all,I need some advice / help getting WCCP working with our Cisco Ironport, ASA and 3945 router. At the moment, I’m trying to isolate the WCCP redirect traffic to my own PC so I don’t break our existing proxy traffic.This is our setup:LAN: 192....

ICAP X-Authenticated-User value format

The Release Notes for AsyncOS for WSA 6.3.3 through 7.5.7 state in Known Issue #51433 "The Web Security appliance sends the authenticated user name (X-Authenticated-User value) to external DLP servers in a format that is not compliant with the ICAP R...

Critical wsa: An application fault occurred: ('aplib.oserrors.pyx aplib.os...

Hi there,i keep recieve emel form WSA alert header as above.What thats means?its a details the problem.An application fault occurred: ('_coro.pyx coro._coro.coro.__yield (coro/_coro.c:5258)|348', "<class 'coro._coro.ClosedError'>", "<coro #3398421 na...

Web Security

Forum Posts

How to exclude mobile devices from authentication

Resolved! Cisco Iron Port explicit mode

how to release link an domain blocked?

Resolved! Problem with Videos from cnbc.com

Resolved! Ironport WCCP and PAC

Resolved! Generate CSR public key 2048 bit

SHD Logs format

Reputation Still Poor for Domain but not IP 2 Months After Fix?

block ultrasurf (https) through webpage translation category??

authentication

Resolved! Can I whitelist a specific path?

ASA WCCP Two inside interfaces

Ironport DMZ, WCCP, ASA and 3945 configuration help.

ICAP X-Authenticated-User value format

Critical wsa: An application fault occurred: ('aplib.oserrors.pyx aplib.os...

Suggestion to Include More CTF Challenges in the Ethical Hacking Cours

Cisco Umbrella - upload file names

Cisco Talos Content Categorization

Cisco Secure Firewall not registering with Umbrella connector

Microsoft Intune und Updates not Working with Umbrella Roaming Module

How to install a godaddy .crt file on ASAv10

CISCO IRONPORT S100V VULNERABILITIES REMEDIATION

FMC Current Interface Status and Interface traffic Widgets

Are there not three different man in the middle attacks here?

Session resumption setting in WSA