02-16-2014 05:39 AM
Dear Team Members
Any help for the below points is highly appreciated.
1: Senderbase update details on WSA, it happens by default after every 5 minutes, but where exactly the status can be checked.
2: Blocking Remote Assistance Software like Team Viewer & Webex, further this blocking should be user specific.
3: in Reporting > Web Tracking > i neeed to track connections made to multiple destination IPs (around 45 +), how i can specify multiple destinations, it accpets only one at a time.
Thanks in Advance.
Ahad
Solved! Go to Solution.
02-17-2014 07:09 AM
Hello Ahad,
Answering your questions in line;
1. Senderbase updates will be visible in the updater_logs, you will see logs like the following;
Mon Feb 17 09:57:42 2014 Info: wbrs waiting on download lock
Mon Feb 17 09:57:42 2014 Info: wbrs acquired download lock
Mon Feb 17 09:57:42 2014 Info: wbrs beginning download of remote file "http://updates.ironport.com/wbrs/3.0.0/ip/default/1392647616.inc"
Mon Feb 17 09:57:42 2014 Info: wbrs released download lock
Mon Feb 17 09:57:42 2014 Info: wbrs successfully downloaded file "wbrs/3.0.0/ip/default/1392647616.inc"
Mon Feb 17 09:57:42 2014 Info: wbrs started applying files
Mon Feb 17 09:57:42 2014 Info: wbrs started applying files
Mon Feb 17 09:57:42 2014 Info: wbrs applying component updates
Mon Feb 17 09:59:07 2014 Info: wbrs preserving wbrs for upgrades
Mon Feb 17 09:59:07 2014 Info: wbrs done with wbrs update
Mon Feb 17 09:59:07 2014 Info: wbrs verifying applied files
You can also see the current rules in use on the WSA by using the version command from the CLI.
2. To block remote assistance applications we have a section in the AVC that allows you to block some Presentation and Conferencing apps like Teamviewer/WebEx. On your Access Policies page click on the link under applications for the access policy you wish to edit, expand the Presentation and Conferencing section and you can block the apps. Keep in mind not all apps use 80/443 so any non-standard HTTP/HTTPS port bieng used will need to be blocked at the firewall.
3. Unfortunately the reporting system is limited to a single destination for web tracking. There is a feature request filed for this issue already to add more granular control to the reporting system (including web tracking).
Hope this helps.
Best Regards,
Michael Hautekeete
Customer Support Engineer
Cisco Content Security - Web Security Appliance
http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
https://supportforums.cisco.com/community/netpro/security/web
https://supportforums.cisco.com/community/feeds?community=2091
02-17-2014 07:09 AM
Hello Ahad,
Answering your questions in line;
1. Senderbase updates will be visible in the updater_logs, you will see logs like the following;
Mon Feb 17 09:57:42 2014 Info: wbrs waiting on download lock
Mon Feb 17 09:57:42 2014 Info: wbrs acquired download lock
Mon Feb 17 09:57:42 2014 Info: wbrs beginning download of remote file "http://updates.ironport.com/wbrs/3.0.0/ip/default/1392647616.inc"
Mon Feb 17 09:57:42 2014 Info: wbrs released download lock
Mon Feb 17 09:57:42 2014 Info: wbrs successfully downloaded file "wbrs/3.0.0/ip/default/1392647616.inc"
Mon Feb 17 09:57:42 2014 Info: wbrs started applying files
Mon Feb 17 09:57:42 2014 Info: wbrs started applying files
Mon Feb 17 09:57:42 2014 Info: wbrs applying component updates
Mon Feb 17 09:59:07 2014 Info: wbrs preserving wbrs for upgrades
Mon Feb 17 09:59:07 2014 Info: wbrs done with wbrs update
Mon Feb 17 09:59:07 2014 Info: wbrs verifying applied files
You can also see the current rules in use on the WSA by using the version command from the CLI.
2. To block remote assistance applications we have a section in the AVC that allows you to block some Presentation and Conferencing apps like Teamviewer/WebEx. On your Access Policies page click on the link under applications for the access policy you wish to edit, expand the Presentation and Conferencing section and you can block the apps. Keep in mind not all apps use 80/443 so any non-standard HTTP/HTTPS port bieng used will need to be blocked at the firewall.
3. Unfortunately the reporting system is limited to a single destination for web tracking. There is a feature request filed for this issue already to add more granular control to the reporting system (including web tracking).
Hope this helps.
Best Regards,
Michael Hautekeete
Customer Support Engineer
Cisco Content Security - Web Security Appliance
http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
https://supportforums.cisco.com/community/netpro/security/web
https://supportforums.cisco.com/community/feeds?community=2091
02-17-2014 10:53 PM
Hello Michael
Many Many thanks for your prompt & Correct Response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide