Cisco Cisco Web Security Appliance S170 Guía Del Usuario
A-3
AsyncOS 8.6 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Browser Problems
Single Sign-On Problems
•
Users Erroneously Prompted for Credentials
NTLM authentication does not work in some cases when the Web Security appliance is connected to a
WCCP v2 capable device. When a user makes a request with a highly locked down version of Internet
Explorer that does not do transparent NTLM authentication correctly and the appliance is connected to
a WCCP v2 capable device, the browser defaults to Basic authentication. This results in users getting
prompted for their authentication credentials when they should not get prompted.
WCCP v2 capable device. When a user makes a request with a highly locked down version of Internet
Explorer that does not do transparent NTLM authentication correctly and the appliance is connected to
a WCCP v2 capable device, the browser defaults to Basic authentication. This results in users getting
prompted for their authentication credentials when they should not get prompted.
Workaround
In Internet Explorer, add the Web Security appliance redirect hostname to the list of trusted sites in the
Local Intranet zone (Tools > Internet Options > Security tab).
Local Intranet zone (Tools > Internet Options > Security tab).
Browser Problems
WPAD Not Working With Firefox
Firefox browsers may not support DHCP lookup with WPAD. For current information, see
https://bugzilla.mozilla.org/show_bug.cgi?id=356831
.
To use Firefox (or any other browser that does not support DHCP) with WPAD when the PAC file is
hosted on the Web Security appliance, configure the appliance to serve the PAC file through port 80.
hosted on the Web Security appliance, configure the appliance to serve the PAC file through port 80.
Step 1
Choose Security Services > Web Proxy and delete port 80 from the HTTP Ports to Proxy field.
Step 2
Use port 80 as the PAC Server Port when you upload the file to the appliance.
Step 3
If any browsers are manually configured to point to the web proxy on port 80, reconfigure those browsers
to point to another port in the HTTP Ports to Proxy field.
to point to another port in the HTTP Ports to Proxy field.
Step 4
Change any references to port 80 in PAC files.
DNS Problems
Alert: Failed to Bootstrap the DNS Cache
If an alert with the message “Failed to bootstrap the DNS cache” is generated when an appliance is
rebooted, it means that the system was unable to contact its primary DNS servers. This can happen at
boot time if the DNS subsystem comes online before network connectivity is established. If this message
appears at other times, it could indicate network issues or that the DNS configuration is not pointing to
a valid server.
rebooted, it means that the system was unable to contact its primary DNS servers. This can happen at
boot time if the DNS subsystem comes online before network connectivity is established. If this message
appears at other times, it could indicate network issues or that the DNS configuration is not pointing to
a valid server.