Cisco Cisco Web Security Appliance S360 Fehlerbehebungsanleitung

Contributed by Jakob Dohrmann and Siddharth Rajpathak, Cisco TAC
Engineers.
Jul 15, 2014

Environment: Cisco Web Security Appliance (WSA), all versions of AsyncOS

NOTE:  RTSP is not supported by our appliance at the current time.

If you open a RealPlayer video you might see a message "A general error has occurred" and a reference to a
rtsp://link. This message appears because RealPlayer is not authenticating properly.

If we run a packet capture when RealPlayer video does not play, then we can see that the RealPlayer
application does not provide credentials to the Cisco Web Security Appliance.

Below is the sequence of events that should happen when authentication works properly

First socket
−−−−−−−−−−−−−−−−−−−−−−−−−
Client −> S−Series: GET ...
WSA −> Client: 407 Authorization required

On a new socket
−−−−−−−−−−−−−−−−−−−−−−−−−
Client −> S−Series: GET ... (NTLMSSP_NEGOTIATE)
WSA −> Client: 407 Authorization required (NTLMSSP_CHALLENGE)
Client −> S−Series: GET ... (NTLMSSP_AUTH)
WSA −> Client: Content...

With Real Player, the client/application closes the connection after each of the above steps, and therefore
proper authentication doesn't occur.

Bypassing authentication for the RealPlayer, using its User Agent 'realplayer' will resolve this issue.

For more information on how to bypass authentication based on the useragent, please refer to the following
aritcle:
https://techzone.cisco.com/t5/Web−Security−Appliance−WSA/How−to−bypass−authentication−for−specific−user−agents/ta−p/274340