Cisco Cisco Web Security Appliance S170
I R O N P O R T A S Y N C O S 6 . 3 . 7 F O R W E B R E L E A S E N O T E S
61
Authenticated users can erroneously access websites because they are not authenticated
again in some cases
again in some cases
When the Web Security appliance is deployed in transparent mode, authenticated users can
access a website they should not be able to access under the following conditions:
access a website they should not be able to access under the following conditions:
• The user successfully authenticates as a member of an authentication realm.
• That authentication realm and a custom URL category are used as membership criteria in
an Identity group. The user accesses a website using an Access Policy using that Identity
group.
group.
• Another Identity group exists that uses a different authentication realm and a different
custom URL category.
• The user keeps the same browser session open (uses a persistent connection) and accesses
a website used in the custom URL category specified in the other Identity group.
The user is not authenticated in the other authentication realm (and is not a member of it) and
therefore should not have access to sites in the other custom URL category. [Defect ID:
45760]
therefore should not have access to sites in the other custom URL category. [Defect ID:
45760]
External authentication does not fail over to the next configured RADIUS server when
DNS fails to resolve the first RADIUS server
DNS fails to resolve the first RADIUS server
External authentication does not fail over to the next configured RADIUS server when DNS
fails to resolve the first RADIUS server. Instead, the appliance tries to authenticate the user as
a local user defined on the Web Security appliance. [Defect ID: 44023]
fails to resolve the first RADIUS server. Instead, the appliance tries to authenticate the user as
a local user defined on the Web Security appliance. [Defect ID: 44023]
Refreshing a website in Internet Explorer 6 causes the browser to hang in some cases
Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.080814-1233) hangs under the
following conditions:
following conditions:
• The Web Security appliance is deployed in explicit forward mode.
• Authentication and credential encryption are enabled.
• The Internet Explorer 6 user clicks the Refresh button in the browser for content that
already exists in the browser’s cache.
Workaround: Use a different version of Internet Explorer or a different browser. This is a
known issue with Internet Explorer 6. [Defect ID: 46044]
known issue with Internet Explorer 6. [Defect ID: 46044]
Valid user is erroneously treated as a guest user in some cases
A valid user is erroneously treated as a guest user under the following conditions:
• An identity group uses authentication and is configured for “Basic and NTLMSSP”
authentication scheme.
• The identity allows guest privileges.
• A browser that supports NTLMSSP prompts the user for authentication credentials.