Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
1
Replies

WSA consumes the entire internet bandwidth toward akamai server

tik
Level 1
Level 1

‎01-25-2016 12:20 PM

Hello,
We have WSA S370 with 8.8.0-065 and internet line with speed 100Mbps. Ten days ago (since 13th Jan), I noticed following behaviour: our WSA consumes the entire internet bandwidth (approx. 99Mbps). Thanks to it for all users remaining approximately 1Mbps.
WSA communicates especially with following IP addresses:
- 80.239.148.103 (80.239.198.0/19)
- 23.62.237.97 (23.62.237.0/24)
In the WSA report section there are not one such log (about these AKAMAI servers).

I tryied solve it by
http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/118158-troubleshoot-wsa-00.html
https://supportforums.cisco.com/discussion/12399736/issues-wsa-and-akamai
but without result.

How can I stop these traffic?
Regards Tomas

Labels:
0 Helpful
1 Reply 1

Handy Putra
Cisco Employee
Cisco Employee

‎01-25-2016 04:05 PM

Hi Tomas,

You can try to add %k to your accesslogs log Subsription (GUI -> System Administration -> Log Subsription -> accesslogs -> Custom Fields (optional) and put %k there.

This is to give extra information at the end of each accesslogs for the destination IP address of the destination hostname, since WSA report will not shows this.

If you still can not found the traffic from WSA accesslogs (you can also review this logs from FTP from the log subscription page as well), would recommend to open TAC case for them to analyse this from remote tunnel access(service or root level) of the appliance.

Regards

Handy 

0 Helpful
Customers Also Viewed These Support Documents