07-22-2019 02:44 AM
Hello community,
we just deployed Cisco WSA physical appliance in our network. We configured a lot of rules, everything seems OK unless the EUN page that doesn't work on google chrome. Note that for the same page, IE and firefox show the EUN.
Thanks in advance
07-25-2019 07:07 AM
Hello Ismael,
Could you please tell me what happens, do you get any errors?
The URL's that you are talking about are they HTTPS or http ?
Do you have differnet policies for IE and Chrome browser?
For the browsers to display the EUN, the https traffic must be decrypted. if its being displayed on IE, I wonder if you have differnet policies for these browsers.
If https traffic is being decrypted, The browser must trust the WSA cert.
Do you have an explicit or Transparent set up? (PAC file/IP -hostname on the browser OR WCCP)
If you have wccp set up, can you also try if the EUN page is diplayed when it is explicit?
At the end if you dont find any other differences between settings for IE and chrome then I would suggest you to choose a URL for which IE diplays an EUN page and Chrome doesn't.
collect access logs and packet captures and we can find out if there is a difference between the 2 scenarios.
Regards
Shikha Grover
PS: Please don't forget to rate and select as validated answer if this answered your question
07-26-2019 06:23 AM - edited 07-26-2019 06:26 AM
Hello Shika,
THank you for your response.
It is an https site, I apply a decryption policy with decrypt action set and an access policy with block action set. As an example, for twitter, I get this :
07-26-2019 06:27 AM
Same policy for IE and Chrome also
07-26-2019 08:17 AM
Hello,
It seems like chrome doesnt recognize the WSA certificate. Its weird because chrome and IE both use the same settings and I believe the same cert store as well.
Please add the WSA cert to the trusted CA store again.
collect accesslogs when you access "twitter.com". Also, check that chrome is not redirecting to "https://www.twitter.com" while IE does redirect. try to explicitly mention " https://www.twitter.com" on chrome and access the page on chrome again and see what happens.
Regards
Shikha Grover
PS: Please don't forget to rate and select as validated answer if this answered your question
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: