Cisco Cisco Web Security Appliance S360 Release Notes
C I S C O I R O N P O R T A S Y N C O S 6 . 3 . 8 F O R W E B R E L E A S E N O T E S
67
Web Security appliance cannot pass HTTPS traffic when the web server requests a client
certificate in some cases
certificate in some cases
The Web Security appliance cannot pass HTTPS traffic and users gets a gateway timeout error
under the following circumstances:
under the following circumstances:
• HTTPS scanning is enabled and the HTTPS decryption policy determines to decrypt the
traffic
• The web server requests a client certificate
Workaround: Configure the appliance so it passes through HTTPS traffic to these web servers
instead of decrypting the traffic. [Defect ID: 38468]
instead of decrypting the traffic. [Defect ID: 38468]
Custom URL categories set to Monitor do not appear in access log entries in some cases
When a web access policy group has a custom URL category set to Monitor and some other
component, such as the Web Reputation Filters or the DVS engine, makes the final decision to
allow or block a request for a URL in the custom URL category, then the access log entry for
the request shows the predefined URL category instead of the custom URL category. [Defect
ID: 40097, 34159]
component, such as the Web Reputation Filters or the DVS engine, makes the final decision to
allow or block a request for a URL in the custom URL category, then the access log entry for
the request shows the predefined URL category instead of the custom URL category. [Defect
ID: 40097, 34159]
Upgrading from version 5.1 loses WBRS scores in some cases
When you changed the default WBRS score thresholds and upgrade from version 5.1, the
Web Security appliance uses the changed (non-default) WBRS score for the Global Policy
Group, but uses the default WBRS score for each user-defined web access policy group.
Web Security appliance uses the changed (non-default) WBRS score for the Global Policy
Group, but uses the default WBRS score for each user-defined web access policy group.
Workaround: Edit each web access policy group and define the WBRS score as desired.
[Defect ID: 36280]
[Defect ID: 36280]
Web Security appliance does not create a computer account in the specified location on
the Active Directory server if the computer account already exists in a different location
the Active Directory server if the computer account already exists in a different location
The Web Security appliance does not create a computer account in the specified location on
the Active Directory server under the following conditions:
the Active Directory server under the following conditions:
1. You define the location for the computer account in the NTLM authentication realm and
join the domain. The appliance successfully creates the computer account in the Active
Directory server.
Directory server.
2. You change the location for the computer account in the NTLM authentication realm and
then try to join the domain again. The appliance does not create the computer account
even though it displays a message informing you that it successfully created the computer
account. The computer account still exists in the old location. [Defect ID: 36229]
even though it displays a message informing you that it successfully created the computer
account. The computer account still exists in the old location. [Defect ID: 36229]
Web Security appliance does not support Group Authorization against predefined Active
Directory groups for LDAP authentication realms
Directory groups for LDAP authentication realms
When the Web Security appliance has a web access policy group using LDAP authentication
and policy membership is defined by authentication groups using a predefined Active
Directory group, such as “Domain Users” or “Cert Publishers,” then no transactions match
and policy membership is defined by authentication groups using a predefined Active
Directory group, such as “Domain Users” or “Cert Publishers,” then no transactions match