Cisco Cisco Web Security Appliance S690 User Guide

Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: Could not create ISE client: …

Internal error when creating the WSA’s ISE client for ISE server connection.

Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: Bulk Download thread failed: …

Internal error indicating bulk download of SGTs failed on connection or re-connection.

Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to start service. Error: …

The WSA’s ISE service failed to start.

Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to send ready signal …

The WSA’s ISE service was unable to send a ready signal to 

heimdall

.

Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to send restart signal …

The WSA’s ISE service was unable to send a restart signal to 

heimdall

.

When a web access policy group has a custom URL category set to Monitor and some other component, 
such as the Web Reputation Filters or the DVS engine, makes the final decision to allow or block a 
request for a URL in the custom URL category, then the access log entry for the request shows the 
predefined URL category instead of the custom URL category. 

HTTPS transactions in the access logs appear similar to HTTP transactions, but with slightly different 
characteristics. What gets logged depends on whether the transaction was explicitly sent or transparently 
redirected to the HTTPS Proxy:

TUNNEL. This gets written to the access log when the HTTPS request was transparently redirected 
to the HTTPS Proxy. 

CONNECT. This gets written to the access log when the HTTPS request was explicitly sent to the 
HTTPS Proxy.

When HTTPS traffic is decrypted, the access logs contain two entries for a transaction:

TUNNEL or CONNECT depending on the type of request processed.

The HTTP Method and the decrypted URL. For example, “GET https://ftp.example.com”.

The full URL is only visible when the HTTPS Proxy decrypts the traffic.