Cisco Cisco Web Security Appliance S170 Guía Del Usuario
A-13
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Logging Problems
The WSA’s ISE process failed to connect to the ISE server for 30 seconds.
•
Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: WSA Client cert/key missing.
Please check ISE config
The WSA Client certificate and key were not uploaded or generated on the WSA’s Identity Service
Engine configuration page.
Engine configuration page.
•
Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: ISE service exceeded maximum
allowable disconnect duration with ISE server
The WSA’s ISE process could not connect to the ISE server for 120 seconds and exited.
•
Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: Subscription to updates failed …
The WSA’s ISE process could not subscribe to the ISE server for updates.
•
Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: Could not create ISE client: …
Internal error when creating the WSA’s ISE client for ISE server connection.
•
Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: Bulk Download thread failed: …
Internal error indicating bulk download of SGTs failed on connection or re-connection.
•
Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to start service. Error: …
The WSA’s ISE service failed to start.
•
Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to send ready signal …
The WSA’s ISE service was unable to send a ready signal to
heimdall
.
•
Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to send restart signal …
The WSA’s ISE service was unable to send a restart signal to
heimdall
.
Logging Problems
•
•
•
•
Custom URL Categories Not Appearing in Access Log Entries
When a web access policy group has a custom URL category set to Monitor and some other component,
such as the Web Reputation Filters or the DVS engine, makes the final decision to allow or block a
request for a URL in the custom URL category, then the access log entry for the request shows the
predefined URL category instead of the custom URL category.
such as the Web Reputation Filters or the DVS engine, makes the final decision to allow or block a
request for a URL in the custom URL category, then the access log entry for the request shows the
predefined URL category instead of the custom URL category.
Logging HTTPS Transactions
HTTPS transactions in the access logs appear similar to HTTP transactions, but with slightly different
characteristics. What gets logged depends on whether the transaction was explicitly sent or transparently
redirected to the HTTPS Proxy:
characteristics. What gets logged depends on whether the transaction was explicitly sent or transparently
redirected to the HTTPS Proxy:
•
TUNNEL. This gets written to the access log when the HTTPS request was transparently redirected
to the HTTPS Proxy.
to the HTTPS Proxy.