Cisco Cisco Web Security Appliance S190 Guía Del Usuario
A-5
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
HTTPS/Decryption/Certificate Problems
Large FTP Transfers Disconnect
If the connection between the FTP Proxy and the FTP server is slow, uploading a large file may take a
long time, particularly when Cisco Data Security Filters are enabled. This can cause the FTP client to
time out before the FTP Proxy uploads the entire file and you may get a failed transaction notice. The
transaction does not fail, however, but continues in the background and will be completed by the FTP
Proxy.
long time, particularly when Cisco Data Security Filters are enabled. This can cause the FTP client to
time out before the FTP Proxy uploads the entire file and you may get a failed transaction notice. The
transaction does not fail, however, but continues in the background and will be completed by the FTP
Proxy.
You can workaround this issue by increasing the appropriate idle timeout value on the FTP client.
Zero Byte File Appears On FTP Servers After File Upload
FTP clients create a zero byte file on FTP servers when the FTP Proxy blocks an upload due to outbound
anti-malware scanning.
anti-malware scanning.
HTTPS/Decryption/Certificate Problems
•
•
•
•
•
Also see:
–
–
–
Accessing HTTPS Sites Using Routing Policies with URL Category Criteria
For transparently redirected HTTPS requests, the Web Proxy must contact the destination server to
determine the server name and therefore the URL category in which it belongs. Due to this, when the
Web Proxy evaluates Routing Policy Group membership, it cannot yet know the URL category of an
HTTPS request because it has not yet contacted the destination server. If the Web Proxy does not know
the URL category, it cannot match the transparent HTTPS request to a Routing Policy that uses a URL
category as membership criteria.
determine the server name and therefore the URL category in which it belongs. Due to this, when the
Web Proxy evaluates Routing Policy Group membership, it cannot yet know the URL category of an
HTTPS request because it has not yet contacted the destination server. If the Web Proxy does not know
the URL category, it cannot match the transparent HTTPS request to a Routing Policy that uses a URL
category as membership criteria.
As a result, transparently redirected HTTPS transactions only match Routing Policies that do not define
Routing Policy Group membership criteria by URL category. If all user-defined Routing Policies define
their membership by URL category, transparent HTTPS transactions match the Default Routing Policy
Group.
Routing Policy Group membership criteria by URL category. If all user-defined Routing Policies define
their membership by URL category, transparent HTTPS transactions match the Default Routing Policy
Group.