Cisco Cisco Web Security Appliance S690 Release Notes
62
C I S C O I R O N P O R T A S Y N C O S 6 . 3 . 8 F O R W E B R E L E A S E N O T E S
• That authentication realm and a custom URL category are used as membership criteria in
an Identity group. The user accesses a website using an Access Policy using that Identity
group.
group.
• Another Identity group exists that uses a different authentication realm and a different
custom URL category.
• The user keeps the same browser session open (uses a persistent connection) and accesses
a website used in the custom URL category specified in the other Identity group.
The user is not authenticated in the other authentication realm (and is not a member of it) and
therefore should not have access to sites in the other custom URL category. [Defect ID:
45760]
therefore should not have access to sites in the other custom URL category. [Defect ID:
45760]
External authentication does not fail over to the next configured RADIUS server when
DNS fails to resolve the first RADIUS server
DNS fails to resolve the first RADIUS server
External authentication does not fail over to the next configured RADIUS server when DNS
fails to resolve the first RADIUS server. Instead, the appliance tries to authenticate the user as
a local user defined on the Web Security appliance. [Defect ID: 44023]
fails to resolve the first RADIUS server. Instead, the appliance tries to authenticate the user as
a local user defined on the Web Security appliance. [Defect ID: 44023]
Refreshing a website in Internet Explorer 6 causes the browser to hang in some cases
Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.080814-1233) hangs under the
following conditions:
following conditions:
• The Web Security appliance is deployed in explicit forward mode.
• Authentication and credential encryption are enabled.
• The Internet Explorer 6 user clicks the Refresh button in the browser for content that
already exists in the browser’s cache.
Workaround: Use a different version of Internet Explorer or a different browser. This is a
known issue with Internet Explorer 6. [Defect ID: 46044]
known issue with Internet Explorer 6. [Defect ID: 46044]
Valid user is erroneously treated as a guest user in some cases
A valid user is erroneously treated as a guest user under the following conditions:
• An identity group uses authentication and is configured for “Basic and NTLMSSP”
authentication scheme.
• The identity allows guest privileges.
• A browser that supports NTLMSSP prompts the user for authentication credentials.
• The user enters valid Basic authentication credentials.
In this case, the Basic authentication credentials fail against the NTLM authentication realm.
The Web Proxy treats the user as someone who has failed authentication and grants the user
guest access as configured in the identity and access policy groups. The Web Proxy does not
prompt the user to enter NTLM credentials.
The Web Proxy treats the user as someone who has failed authentication and grants the user
guest access as configured in the identity and access policy groups. The Web Proxy does not
prompt the user to enter NTLM credentials.