Cisco Cisco Web Security Appliance S360
11
Release Notes for Cisco IronPort AsyncOS 7.7.5 for Web
Known Issues in Release 7.7.0
CSCuf85838
AsyncOS fails to decrypt HTTPS traffic from specific sites under these conditions:
•
The HTTPS Server asks for the client certificate AND
•
The Server Certificate is invalid AND
•
The appliance is configured to decrypt traffic when the server certificate is invalid
AND
AND
•
The appliance is configured to pass through traffic when the HTTPS Server asks
for a client certificate.
for a client certificate.
Workaround: Add the site to a custom URL category, and set the action to pass
through.
through.
CSCzv79284
For SOCKS UDP transactions, CPU usage may increase to 100% if DNS cannot
resolve the domain name to a valid IP address.
resolve the domain name to a valid IP address.
CSCzv07140
AsyncOS fails to prevent the creation of invalid identities in under these conditions:
•
SOCKS Proxy is disabled on the Web Security appliance
•
SOCKS Proxy is enabled on the Security Management appliance
•
User creates a custom identity using the Security Management appliance that
defines members based only on the SOCKS protocol.
defines members based only on the SOCKS protocol.
The custom identity is invalid.
CSCzv59181
The SCP push command fails with the message "invalid characters in scp command!"
under these conditions:
under these conditions:
•
scponly shell
•
filename includes the "@" character
Workaround: Use a different shell to run the SCP push command.
CSCzv87357
SNMP - AsyncOS returns wrong interface speed (ifSpeed) value when Auto
negotiation is used.
negotiation is used.
Workaround: Set fixed speed and duplex values for affected interface using the
command line interface: etherconfig>media>edit.
command line interface: etherconfig>media>edit.
CSCzv95795
Rarely, AsyncOS stops performing normal operations. For example, it may stop
logging activities, may stop accepting new connections, and it may not allow logins.
logging activities, may stop accepting new connections, and it may not allow logins.
Workaround: Reboot the appliance.
CSCzv87294
Attempt to send dig SSH command to TTY triggers a traceback. This issue occurs
when including a dig command directly in the SSH login string.
when including a dig command directly in the SSH login string.
Workaround: Use -t in the string. For example:
user1$ ssh -t admin@192.0.2.0 'dig @198.51.100.0 www.yahoo.com'
CSCzv84704
AsyncOS does not display End User Acknowledgements (EUAs) or End User
Notifications (EUNs) that are larger than 16K.
Notifications (EUNs) that are larger than 16K.
Workaround: Reduce the size of EUAs and EUNs to less than 16K.
CSCzv32093
When Adaptive Scanning is enabled, access logs that use the custom field %:<s
provide an incorrect value for the time it takes to receive the verdict from the Web
Proxy anti-spyware process.
provide an incorrect value for the time it takes to receive the verdict from the Web
Proxy anti-spyware process.
Bug Toolkit ID
Description