Cisco Cisco Web Security Appliance S360 Troubleshooting Guide

Contributed by Dan Waller and Jai Koolwal, Cisco TAC Engineers.

Aug 12, 2014

How do I clear the different caches on the Web Security Appliance?

Environment:
AsyncOS 7.1.x and later
Authentication Cache only applies to AsyncOS 7.1.x and later

Symptoms:
Occasionally it becomes necessary to clear the Proxy, DNS or Authentication cache on the appliance in order
to resolve an issue in processing requests.

Solution:

How can I clear the DNS cache on Cisco WSA?

In order to increase efficiency and performance, the Cisco WSA stores DNS entries for domains to which you
have recently connected. The DNS cache allows the WSA to avoid excessive DNS lookups of the same
domains. The DNS cache entries expire according to the TTL (Time to Live) of the record.

However, it is sometimes necessary to clear the DNS cache of entries. Corrupted or expired DNS cache
entries can occasionally cause problems with delivery to a remote host or hosts. This problem typically occurs
after the appliance has been offline for a network move or some other circumstance.

The DNS cache in the Cisco WSA can be cleared by running the dnsflush command from the CLI.

How can I clear the Proxy cache on Cisco WSA?

The Proxy cache can be cleared either from the GUI or the CLI.  The steps for each are below.

GUI

Go to the Security Services > Web Proxy page for AsyncOS 7.1.x and later versions

• 

Click on the 'Clear Cache' button

• 

Click on 'Clear Cache' again to confirm

• 

CLI

Log into the CLI

•