Cisco Cisco Web Security Appliance S670 Release Notes

Release Notes for AsyncOS 8.6 for Cisco Web Security Appliances

Installation Notes

IPv6 and Kerberos Not Available in Cloud Connector Mode

When the appliance is configured in Cloud Connector mode, unavailable options for IPv6 addresses and
Kerberos authentication appear on pages of the web interface. Although the options appear to be
available, they are not supported in Cloud Connector mode. Do not attempt to configure the appliance
to use IPv6 addresses or Kerberos authentication when in Cloud Connector mode.

Functional Support for IPv6 Addresses

Features and functionality that support IPv6 addresses:

•

Command line and web interfaces. You can access WSA using http://[2001:2:2::8]:8080 or
https://[2001:2:2::8]:8443

•

Performing Proxy actions on IPv6 data traffic (HTTP/HTTPS/SOCKS/FTP)

•

IPv6 DNS Servers

•

WCCP 2.01 (Cat6K Switch) and Layer 4 transparent redirection

•

Upstream Proxies

•

Authentication Services

–

Active Directory (NTLMSSP, Basic, and Kerberos)

–

LDAP

–

SaaS SSO

–

Transparent User Identification through CDA (communication with CDA is IPv4 only)

–

Credential Encryption

•

Web Reporting and Web Tracking

•

External DLP Servers (communication between WSA and DLP Server is IPv4 only)

•

PAC File Hosting

Features and functionality that require IPv4 addresses:

•

Internal SMTP relay

•

External Authentication

•

Log subscriptions push method: FTP, SCP, and syslog

•

NTP servers

•

Local update servers, including Proxy Servers for updates

•

Authentication services

•

AnyConnect Security Mobility

•

Novell eDirectory authentication servers

•

Custom logo for end-user notification pages

•

Communication between the Web Security appliance and the Security Management appliance

•

WCCP versions prior to 2.01

•

SNMP