Cisco Cisco Web Security Appliance S680 Guía Del Usuario
A-3
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Browser Problems
Basic Authentication Problems
•
Related Problems
•
Basic Authentication Fails
AsyncOS for Web only supports 7-bit ASCII characters for passphrases when using the Basic
authentication scheme. Basic authentication fails when the passphrase contains characters that are not
7-bit ASCII.
authentication scheme. Basic authentication fails when the passphrase contains characters that are not
7-bit ASCII.
Single Sign-On Problems
•
Users Erroneously Prompted for Credentials
NTLM authentication does not work in some cases when the Web Security appliance is connected to a
WCCP v2 capable device. When a user makes a request with a highly locked down version of Internet
Explorer that does not do transparent NTLM authentication correctly and the appliance is connected to
a WCCP v2 capable device, the browser defaults to Basic authentication. This results in users getting
prompted for their authentication credentials when they should not get prompted.
WCCP v2 capable device. When a user makes a request with a highly locked down version of Internet
Explorer that does not do transparent NTLM authentication correctly and the appliance is connected to
a WCCP v2 capable device, the browser defaults to Basic authentication. This results in users getting
prompted for their authentication credentials when they should not get prompted.
Workaround
In Internet Explorer, add the Web Security appliance redirect hostname to the list of trusted sites in the
Local Intranet zone (Tools > Internet Options > Security tab).
Local Intranet zone (Tools > Internet Options > Security tab).
Browser Problems
WPAD Not Working With Firefox
Firefox browsers may not support DHCP lookup with WPAD. For current information, see
https://bugzilla.mozilla.org/show_bug.cgi?id=356831
.
To use Firefox (or any other browser that does not support DHCP) with WPAD when the PAC file is
hosted on the Web Security appliance, configure the appliance to serve the PAC file through port 80.
hosted on the Web Security appliance, configure the appliance to serve the PAC file through port 80.
Step 1
Choose Security Services > Web Proxy and delete port 80 from the HTTP Ports to Proxy field.
Step 2
Use port 80 as the PAC Server Port when you upload the file to the appliance.
Step 3
If any browsers are manually configured to point to the web proxy on port 80, reconfigure those browsers
to point to another port in the HTTP Ports to Proxy field.
to point to another port in the HTTP Ports to Proxy field.
Step 4
Change any references to port 80 in PAC files.