Cisco Cisco Web Security Appliance S670 Release Notes
8
Release Notes for Cisco IronPort AsyncOS 7.5.7 for Web
7.5.7
Known Issues
38468
The Web Security appliance cannot pass HTTPS traffic and users gets a gateway
timeout error under the following circumstances:
timeout error under the following circumstances:
•
HTTPS scanning is enabled and the HTTPS decryption policy determines to
decrypt the traffic
decrypt the traffic
•
The web server requests a client certificate
Workaround: Configure the appliance so it passes through HTTPS traffic to these web
servers instead of decrypting the traffic.
servers instead of decrypting the traffic.
39853
MS Windows activation fails when authentication is enabled on the Web Security
appliance. This is a known issue with Microsoft Windows activation.
appliance. This is a known issue with Microsoft Windows activation.
Workaround: For more information on how to work around this issue, see the
following articles:
following articles:
•
http://support.microsoft.com/kb/921471
•
http://support.microsoft.com/kb/816897
40363
Web Security appliance fails to join Active Directory domain under the following
conditions:
conditions:
•
The Web Security appliance is in Standard time, such as Pacific Standard Time
(PST).
(PST).
•
The Active Directory server is in Daylight Savings time, such as Pacific Daylight
Time (PDT).
Time (PDT).
The two machines might be in different time modes if the Active Directory server does
not have the daylight time patch applied that fixes the change in Daylight Savings time
starting in 2008. When you try to join the Active Directory domain, the web interface
displays the following misleading message:
not have the daylight time patch applied that fixes the change in Daylight Savings time
starting in 2008. When you try to join the Active Directory domain, the web interface
displays the following misleading message:
Error - Computer Account creation failed.
Failure: Error while joining WSA onto server ‘vmw038-win04.wga’ : Failed
to join domain: Invalid credentials
Workaround: Apply the appropriate patch to the Active Directory server.
40872
The
createcomputerobject
CLI command does not successfully create a computer
object on an Active Directory server when the security mode is set to “domain.” The
command returns the following error:
command returns the following error:
Error: Unable to retrieve NTLM Authentication Realm settings. Check the realm
name ‘‘realm_name’’
name ‘‘realm_name’’
Workaround: Use the web interface to create the computer object for the NTLM
authentication realm by joining the domain. Or, you can set the security mode to
“ADS.”
authentication realm by joining the domain. Or, you can set the security mode to
“ADS.”
41942
If any interface hostname (the M1 or P1 interface, for example) is changed, the
administrator must verify that the transparent redirect hostname is set correctly to
reflect the change.
administrator must verify that the transparent redirect hostname is set correctly to
reflect the change.
42584
Some mobile devices that use ActiveSync cannot synchronize when authentication is
enabled and the device sends an OPTIONS HTTP request. This is because ActiveSync
cannot respond to an NTLM_CHALLENGE for an OPTIONS HTTP request.
enabled and the device sends an OPTIONS HTTP request. This is because ActiveSync
cannot respond to an NTLM_CHALLENGE for an OPTIONS HTTP request.
Table 2
Known Issues for AsyncOS 7.5.7 for Web (continued)
Defect ID
Description