cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6026
Views
0
Helpful
8
Replies

many sites are uncategorized in ironport WSA

bijin bharathan
Level 1
Level 1

Hi,

I am using WSA s670.I am blocking some categories and all uncategorized sites.Unfortunately i get a lot of request to unblock and those sites are genuine sites.These are getting blocked only because they are uncategorized by ironport.I look into brighcloud and there these site are categorized perfectly.Please help t resolve this issue.

8 Replies 8

Is the Dynamic Content Analysis Engine on?

Click on Security Services > Acceptable Use Controls.

Click on the Global Settings.  Select Cisco Ironport Web Usage Controls.  Check the box for Enable Dyamic Content Analysis Engine.

That will enables the engine that will categorize the page based on what's on it.  (ex.  I had a users personal blog site pop up as "Gambling" because the main page was about a poker party he'd had with friends...)

Hi ken,

Thank you for your reply.....now its after hour....i will check this in the morning.BTW....will this option  be prioritized over uncategorized site blocking?.Anyway i update you in the morning.

Thanks

Bijin

Dear Ken,

I checked the system.It is is enabled in both boxes.Do you think,when this is enabled,uncategorized site should be in monitor than in blocked state?.

With this enabled, you are still going to have uncategorized sites.  The radio button for block/monitor here is if the URL monitoring engine is down, what is the WSA supposed to do.

For the sites that are still uncategorized, you need to set the Access Policy to monitor instead of block, if that's what you want.

Dear Ken,

This is what i did now as a temperory solution.The question here is that why ironport does not classify a lot of sites.If we go to brightcloud site...those sites are classified perfectly.I think this is the only area where ironport WSA running behind the other vendor WSA?

If you have better idea to solve this issue,please share it to me....

Thanks

Bijin

Hello Bijin,

You can make submissions for categorization for such uncategorized sites using the following tools :

For Cisco Ironport Web Usage Control

https://securityhub.cisco.com/web/submit_urls

For Cisco Ironport URL filters :

https://securityhub.cisco.com/web/surfcontrol

Once the group in charge of looking after those databases have made updates, the urls will have categorizations after auto updates of your WSA.

Regards,

Eric

Hi Eric,

Yes ,this is the common procedure to categorize sites which i saw in ironport and in brightcloud site as well.The problem we are facing now is that ironport database is not matured enough when compared to brightcloud DB or any other DB.

Right now what i am doing is that i am manually checking the site and adding it in the good site custom URL category,because if i put request in ironport it takes couple of days or more than that to get updated.

Putting UNCATEGORIZED SITES in monitoring or in allow state is not a good practise,which i did in WSA in order to avoid a lot of request open the sites.

The question here is that why ironport doesn't have an updated DB like http://www.brightcloud.com/support/lookup.php  ?

Please let me know if you have any solution for this.

Thanks

Bijin

Good answer.

it is update on one day.