11-23-2015 08:18 AM
I have a user that has an access policy applied to them to be allowed access to the URL category Job Search. When I do a policy trace, it comes back with transaction permitted, but is still getting the Block page stating that they are not allowed: Block - URL Cat. When I look at the access logs in the CLI, I find this (internal IP address and username changed and striked through):
1448294967.774 1 999.999.999.999 TCP_DENIED/403 0 GET http://www.indeed.com/ "username" NONE/- - BLOCK_WEBCAT_12-DefaultGroup-NALAD-NONE-NONE-NONE-NONE <IW_job,3.4,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_job,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> - Auth SSO_TUI - ID = 46578059 "23/Nov/2015:10:09:27 -0600", User Agent "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
I don't know where the TCP_Denied/403 is coming from.
11-25-2015 11:49 AM
The user was not hitting theiur appropriate access policy. Restarting the proxy services fixed the whole issue.
11-25-2015 12:14 PM
Thanks for reaching out, This is documented as following software defect:
https://tools.cisco.com/bugsearch/bug/CSCuu49389
Fix is available now, with the version 8.5.3 build, Please open a TAC case (with the serial #) so we can provision the release for your Appliance.
Regards,
Zack
11-30-2015 09:19 AM
Looks like I'm having the same issue on version 8.8.0-085
11-30-2015 02:42 PM
Just wanted to confirm, that this is the same issue, and Kicking or restarting the proxy service was the fix.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide