Cisco Cisco Web Security Appliance S670
I R O N P O R T A S Y N C O S 6 . 3 . 7 F O R W E B R E L E A S E N O T E S
67
this policy group. Transactions from users in the predefined Active Directory group typically
match the Global Policy Group instead.
match the Global Policy Group instead.
Workaround: Specify a user defined Active Directory group. [Defect ID: 33285]
LDAP group authentication does not work with posixGroups
When you configure an LDAP authentication realm and enter a custom group filter query as
objectclass=posixGroup, the appliance does not query memberUid objects correctly. [Defect
ID: 34405]
objectclass=posixGroup, the appliance does not query memberUid objects correctly. [Defect
ID: 34405]
NTLM authentication does not work in some cases when the Web Security appliance is
connected to a WCCP v2 capable device
connected to a WCCP v2 capable device
When a user makes a request with a highly locked down version of Internet Explorer that does
not do transparent NTLM authentication correctly and the appliance is connected to a WCCP
v2 capable device, the browser defaults to Basic authentication. This results in users getting
prompted for their authentication credentials when they should not get prompted.
not do transparent NTLM authentication correctly and the appliance is connected to a WCCP
v2 capable device, the browser defaults to Basic authentication. This results in users getting
prompted for their authentication credentials when they should not get prompted.
Workaround: In Internet Explorer, add the Web Security appliance redirect hostname to the
list of trusted sites in the Local Intranet zone (Tools > Internet Options > Security tab). [Defect
ID: 34496]
list of trusted sites in the Local Intranet zone (Tools > Internet Options > Security tab). [Defect
ID: 34496]
NTLM authentication does not work after upgrading from a version prior to 5.2 in some
cases
cases
When you upgrade a pre-5.2 version Web Security appliance that uses NTLM authentication
to version 5.2, NTLM authentication does not work when the account used to join the
domain was not in the Administrator group.
to version 5.2, NTLM authentication does not work when the account used to join the
domain was not in the Administrator group.
Workaround: Delete the old computer account in Active Directory. Next, edit the NTLM
authentication realm and join the domain by entering a user name and password for a user
that has the proper permissions. [Defect ID: 36151]
authentication realm and join the domain by entering a user name and password for a user
that has the proper permissions. [Defect ID: 36151]
Specifying port 8080 is required to access the administration interface
To access the Web Security appliance management interface, you must connect using the
appliance IP address and port number,
appliance IP address and port number,
http://192.168.42.42:8080
. Failing to specify a
port number when accessing the web interface results in a default port 80, Proxy Unlicensed
error page.
error page.
Load config functionality is inconsistent
Functionality on the System Administration tab > Configuration File page that allows you to
save an appliance configuration file (
save an appliance configuration file (
saveconfig
), or load a complete or partial
configuration (
loadconfig
) might fail to commit a particular change in settings. For
example, if you initially configure root DNS servers and then configure an authoritative DNS
server, reloading the initial configuration does not configure root DNS. [Defect ID: 29133]
server, reloading the initial configuration does not configure root DNS. [Defect ID: 29133]