cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1243
Views
10
Helpful
8
Replies

MY WSA STOPS WORKING SUDDENLY AND CAME BACK TO NORMAL

FrejusMA
Level 1
Level 1

Hello Team,

I have a  Cisco S100V Secure Web Appliance, and today it just stopped working for like 2 minutes. When I said stop, there was no proxied traffic and it happens instantly and then came back. I checked but everything was fine. My ISP said everything was good on its side. That situation just made me curious and I wanted to check my licensing and everything was fine there to. I wondered what happened? can anyone has this issue before? For the record it happened two time.

Also in addition, is it a good practice to allow my proxy to access Internet and check the licensing staus and others updates regularly? or should I deny it this option.

Thanks in advance for your helpful contribution...

 

8 Replies 8

So i have seen something like this. Open a TAC case and have them check logs. There's probably a bug that is causing something the proxy services to restart. They'll be able yo confirm and recommend a course of action.

Thanks @Ken Stieers for your response to the problem I am having.

Can I see when last the proxy services has restarted ? is there any command to check that ?

The proxy logs should tell you what's up. Also, if you're using AMP, check the AMP logs... if it hangs it can cause it too.

Alright @Ken Stieers 

Many thanks again.

@FrejusMA 

to check for proxy service restart 

CLI >> grep >> select the proxy logs >> filter for  EarlyInit

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

amojarra
Cisco Employee
Cisco Employee

Hello @FrejusMA 

 

for Proxy stops responding, it is better to open a TAC case, we will check from Backend to see if there were anything wrong. 

 

regarding the updates, yes, the normal internet traffic which WSA has ( to port 80 and 443) will do the job for you, just you need to configure which interface WSA uses for updates, smart license , Active directory and ...  

 

Kindly be advised that, if you are using just one interface, so there will be no split routing table, so all those traffic will pass same as your client's web requests.

if you have multiple interfaces and Split routing (management interface has no internet access) depending on your version  you can configure which routing table to be used for some services, lets say in older versions you can not chose which routing table to chose for smart license and / or ....

 

feel free to reach out if there is any questions or concerns 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Thanks @amojarra for your detailled response as always.

I am using this version : Secure Web Virtual Appliance S100V Version: 14.5.0-537. it only has two interfaces M1(management) and P1(data). just confirm to me that it doesn't support split routing because since all this time I thought it was the one that was managing update inquiries and licensing verification. 

Again thanks you.

amojarra
Cisco Employee
Cisco Employee

Hello @FrejusMA 

Thank you so much for your kind words 

[1] regarding the Split routing, if in GUI under Network >> interfaces >> Edit settings >> you have selected "Separate Routing for Management Services:"  you will have 2 deferent Routing tables which you can verify from GUI >> Network >> routes and you will see two tables 

 

[2] regarding how to configure which interface ( routing table ) being used for updates please navigate to : GUI >> System Administrations >> Upgrade and updates settings >> Edit Updates settings >> you can chose : Routing Table, and the interval for the updates 

[3] one of the first steps to troubleshoot would be CLI >> displayalers command which will gives you a good overview if something critical went unresponsive, else you need to manually search all the logs  

[4] another good log to look at would be SystemLogs and ProxyLogs both can be found from CLI >> Grep 

[5] to have better understanding about how WSA is communicating with Smart License (if you are using that), kindly check this link :
Understand Smart Licensing Overview and Best Practices for Email and Web Security - Cisco

[6] I believe maybe you would like to take a quick look at this Best Practice guide as well : 

Cisco Web Security Appliance Best Practices Guidelines - Cisco

 

feel free to let us know if there are any questions or concerns 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++