Thanks for your response

Fabio Bustamante · ‎08-31-2015

Hi.

Customer report an annoying issue with our S170. They say they are requested many times to enter their credentials when using Internet (about every 5 minutes). This wasn't happening before. How can I troubleshoot this issue? I don't have many knowledge about this appliance, so I don't know where to start with. AsyncOS is 8.0.6-119, we authenticate with our LDAP server.

I appreciate any help.

Thanks.

Atazazuddin Shaikh · ‎09-01-2015

Good Morning Fabio

Thanks for reaching out, You mention This wasn't happening before. do we know what has changed?

LDAP does not provides single sign on (SSO), but you can check what is the current value is configured for "Credential Cache Options" under Network > Authentication > "edit global setting".

default value is 3600 seconds == 1 hr

Regards,

Zack

Fabio Bustamante · ‎09-01-2015

Hi Zack. Thanks for your help. No changes had been made and that value was at its default. We rebooted the appliance and now it's not happening again. Nevertheless we have a small issue with revocation information for some certificates: there are some web pages where we get very often the message: "Revocation information for the security certificate for this site is not available". It appears constantly, and it's very annoying. If we disconnect the Ironport from the network it dissapears, meaning that it is an issue related to the appliance. Any ideas?

Thanks a lot!.

Atazazuddin Shaikh · ‎09-01-2015

Thanks for your response Fabio, for the certificate issues their are couple of options:

1. Check the default setting for https proxy (see example), default is drop

2. If these are trusted sites, u can add to "passthrough"

3. Test with one site, download the certificate on the client and test it out.

Thanks

Zack

Cisco Ironport S170: Web Request authentication many times