Web Security

Resolved! Cisco vWSA not accessible on browsers

Hey guys,So I am trying to use Cisco vWSA on Vmware for practice but for some reason it is not accessible on browsers.Earlier I tried Cisco vSMA and was able to access it on chrome & edge but vWSA is not accessible on any of the browser. I am able to...

testfailovergroup

Hello guys,Just a quick question, how testfailovergroup command works?I suspect we have issues with the failover, failover did not work. so I need to troubleshoot the issue.I was thinking to execute testfailovergroup command but I don't want to have ...

ECDSA Certificate upload for HTTPS proxy.

Dear All! I've upgraded to 12.0.1-334 https://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa_12-0/WSA_12-0_Release_Notes.pdf says:ECDSA Certificate upload - The appliance now supports the uploading of ECDSA certificate for HTTPS proxy. But when I...

how to add HSTS max-age=31536000 in CISCO ISE on port 9060

API is enabled on CISCO ISE . Need to know how to add HSTS max-age=31536000 in CISCO ISE on port 9060 used by API to close security port scan vulnerability?

Cisco AnyConnect (umbrella)

Hello Guys, We recently rolled out cisco Umbrella, and some users are having issues with Cisco Anyconnect. The message just keeps on popping as disconnected and reconnected. All the clients are on wifi. They can connect with their credentials. But ca...

Cannot import S160 config to S170 - error on line 1065 wga_config

We just received a brand new Cisco S170 from our reputable vendor. I got it updated to the same ASYNC OS that our S160 is on, and I exported the config from the S160 to XML with passwords in it. The only thing i had to massage in the XML is the inte...

Upgrading SWA, WSAV from 12.5.3-002 to 14.x

I am using S195 and S300V.Both are using version 12.5.3-002. As far as I know, there is no guide from 12.5.3-002 to 14.x.-> I referred to the https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/release-notes-for-wsa-14-0.html web page. Is the...

MSE 8510 rejecting admin logins from different browsers off & on

I have a MSE 8510 that randomly will reject web interface admin logins with the following warning in the logs, "login failed authenticity check; disallowing". It isn't the U&P because i am able use it another browser, the problem i am down to my last...

Resolved! IronPort content filter processing on missing Other Headers

Hi all. I’m looking for some guidance on better understanding how an IronPort content filter will process a Other Header when it is not present or missing in a message. I’m new to the IronPort devices and busy becoming familiar with them. I cannot se...

VMware CISCO AsyncOS stuck at starting services

I have booted the VM by creating the descriptive file in vmware usign the attached method https://communities.vmware.com/t5/ESXi-Discussions/My-vmdk-files-don-t-visibles-from-vpshere-but-visibles-from-ssh/td-p/374182but it is stuck at AsyncOS startin...

Resolved! WSA upgrade from 12.0 to 12.5 in VM

Hi,I see on the release notes that S300V in AsyncOS 12.5 now requires 12G of RAM and 5 CPU, whereas in 12.0 it was 8G of RAM and 4CPU.Considering an upgrade in 12.5, should I just power off the 12.0 VM, update the HW prerequisites and upgrade to 12.5...

IronPort WebProxy TLS Decryption

DearsI have one clarification, if i m doing the TLS decryption for my end user traffic on proxy server, what is the benefit of doing that, becz Proxy is not a prevention system, if any malicious traffic is inside the connection how we can prevent it ...

Block TLD’s (Top level domains)

Hi all,We are trying to block TLD’s (Top level domains) within the FTD’s / FMC. For example, we wish to block TLD’s that can pose threats such as RU, plus a few others. Currently, we have a rule built in the “Security Intelligence” to attempt a blo...

WSA credential encryption with NTLM authentication?

I have a new WSA that we are setting up. I need the user credentials to be passed to the WSA by the browser automatically through SSO. I had to disable credential encryption in the global authentication settings to get it to work. I can't find anythi...

Web Application Mapping with Individual URL

Hello,Is it possible to get a complete list of URLs mapped with an Web Application ? For example say https://secure.aadcdn.microsoftonline-p.com is part of Microsoft Azure, Office 365 Web Application. I wonder if there is a way to find all the URLs ...

Web Security

Forum Posts

Resolved! Cisco vWSA not accessible on browsers

testfailovergroup

ECDSA Certificate upload for HTTPS proxy.

how to add HSTS max-age=31536000 in CISCO ISE on port 9060

Cisco AnyConnect (umbrella)

Cannot import S160 config to S170 - error on line 1065 wga_config

Upgrading SWA, WSAV from 12.5.3-002 to 14.x

MSE 8510 rejecting admin logins from different browsers off & on

Resolved! IronPort content filter processing on missing Other Headers

VMware CISCO AsyncOS stuck at starting services

Resolved! WSA upgrade from 12.0 to 12.5 in VM

IronPort WebProxy TLS Decryption

Block TLD’s (Top level domains)

WSA credential encryption with NTLM authentication?

Web Application Mapping with Individual URL

Get ready! Great things are coming to Cisco Community

How Cisco TAC is transforming documentation and self-service

Congratulations to the July 2022 Spotlight Award winners!

Talos Intel vs Firepower URL Categories?

my site is blocked by OpenDNS - phishing report

Umbrella - AnyConnect & SWG module + AzureAD-joined devices & users

umbrella block images from website

MSE 8510 rejecting admin logins from different browsers off & on

Web proxy in transparent mode (WCCP) is not working after the upgrade

Les pc qui démarres ne se connectent pas au réseau

Ironport WSA Log Fields

Cisco WSA Custom URL Category Regex Syntax

Dual Active Active WSA Load balanced by F5 LTM.