Cisco Cisco Web Security Appliance S670 Release Notes
60
C I S C O I R O N P O R T A S Y N C O S 6 . 3 . 8 F O R W E B R E L E A S E N O T E S
Workaround: Deploy the Web Security appliance in transparent mode, or deploy the Web
Security appliance in explicit forward mode and disallow direct access to port 80 on the
firewall. [Defect ID: 50219, 50995]
Security appliance in explicit forward mode and disallow direct access to port 80 on the
firewall. [Defect ID: 50219, 50995]
Upgrading from a previous version removes the certificate and key pair uploaded for
credential encryption
credential encryption
If credential encryption (also known as “secure client authentication”) was enabled in a
previous version and then you upgrade AsyncOS for Web to the current version, any
certificate and key pair previously uploaded for credential encryption is removed. [Defect ID:
50652]
previous version and then you upgrade AsyncOS for Web to the current version, any
certificate and key pair previously uploaded for credential encryption is removed. [Defect ID:
50652]
Upload requests of 1 GB and greater are not blocked in some cases
When an IronPort Data Security Policy is configured to block HTTP or FTP upload requests of
1 GB or greater, upload requests of 1 GB or greater are not blocked. Instead, they are
successfully upload either fully or partially.
1 GB or greater, upload requests of 1 GB or greater are not blocked. Instead, they are
successfully upload either fully or partially.
Workaround: To block upload requests of 1 GB or later, configure the IronPort Data Security
Policies to block HTTP and FTP requests at a size less than 1 GB. [Defect ID: 49505]
Policies to block HTTP and FTP requests at a size less than 1 GB. [Defect ID: 49505]
Web interface does correctly validate some IronPort Data Security Policies values in
some cases
some cases
When the minimum request body size for the IronPort Data Security Filters is set to a value
other than the default value of 4 KB, the web interface erroneously performs the following:
other than the default value of 4 KB, the web interface erroneously performs the following:
• Prevents you from defining a maximum file size in the IronPort Data Security Policies less
than 4 KB when the minimum request body size is less than 4 KB.
• Allows you to define a maximum file size in the IronPort Data Security Policies with a
value that is less than the minimum request body size when the minimum request body
size is greater than 4 KB.
size is greater than 4 KB.
[Defect ID: 49677]
Decrypted connections to buggy HTTPS servers fail in some cases
Decrypted connections to some buggy HTTPS servers that use AES cipher fail after the SSL
handshake completes.
handshake completes.
Workaround: Create a policy to pass through connections to the buggy server. [Defect ID:
46555]
46555]
End-user acknowledgement page appears twice in some cases
The end-user acknowledgement page appears twice under the following circumstances:
• An Identity group exists that is defined by IP address and requires authentication.
• Another Identity group based on a custom URL category and does not require
authentication exists below the IP-based Identity group.