Showing results for 
Search instead for 
Did you mean: 

TCP_Miss/403 611

Hi all,

I'm looking for some guidance on a problem i'm facing with Ironport. Our external company website has a flash clock widget that loads 8 different timezones. Depending on the website page you visit it may only load 6 of the 8 clocks. The problem is not consistent per user, so for example I may visit a certain page and get 5 out of 8 clocks but another user may visit the same page and get all 8.

When I look through the logs in Ironport I get the following message for the clocks that do not appear:  TCP_MISS/403 611 There are no other blocks showing against the Access Policies set in Ironport so i'm lost as to why this is being forbidden (403) Any help would be gratefully appreciated.


Erik Kaiser
Cisco Employee

Hi DC,

You will need to grep for the access logs while testing this application. What your looking for are requests made by the application which are being blocked by your access policies hence the 403 that your already seeing in the access logs. Once you have determined the URLs being requested by the application add those URLs to a custom URL category: WSA GUI -> Web Security Manager -> Custom URL Category -> submit -> commit your changes. You will also need to add this custom URL category to a No Authentication Access / Identity which will also contain a No Authentication Identity. Usually in this scenario you will already have a default No Auth Identity based on your class of network A,B,C created with a Custom URL Category already directly associated to that identity. This type of Access Policy , Identity, Custom URL Category is designed for applications , Operating system updates etc...


Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
Content for Community-Ad

This widget could not be displayed.