Cisco Cisco Web Security Appliance S380
32
Release Notes for Cisco IronPort AsyncOS 7.5.0-838 for Web
Known Issues
86396
HTTPS requests are erroneously not dropped when Adaptive Scanning is
enabled in some cases
enabled in some cases
Requests to HTTPS servers that have a web reputation score that indicates to drop the
request are not dropped when Adaptive Scanning is enabled.
request are not dropped when Adaptive Scanning is enabled.
86558
Appliance cannot establish a secure support tunnel when the secure tunnel host
name is not DNS resolvable
name is not DNS resolvable
The appliance cannot establish a secure support tunnel when the secure tunnel host
name is not DNS resolvable.
name is not DNS resolvable.
Workaround: Make sure the secure tunnel hostname is DNS resolvable.
87282
Backing up and restoring the certificates and keys the HSM card manages using
the FIPS management console does not work as expected in some cases
the FIPS management console does not work as expected in some cases
Backing up and restoring the certificates and keys using the FIPS management
console does not work as expected under the following conditions:
console does not work as expected under the following conditions:
•
A certificate and key pair to access the web interface is uploaded to the HMS card.
•
The SaaS Single Sign On certificate and key pair is uploaded to the HMS card.
•
Back up and restore the certificates and keys stored on the HMS card.
When the certificates and keys are restored, the web interface certificate and key is
replaced with the SaaS Single Sign On certificate and key.
replaced with the SaaS Single Sign On certificate and key.
Workaround: After restoring the certificates and keys, upload the correct certificate
and key to access the web interface using the
and key to access the web interface using the
certconfig
CLI command.
54636
Users cannot access FTP servers that require server authentication using FTP
over HTTP with Internet Explorer
over HTTP with Internet Explorer
Users cannot access FTP servers that require server authentication using FTP over
HTTP with Internet Explorer. This is a known issue with Internet Explorer when
communicating with web proxies. This is due to Internet Explorer never prompting
users to enter the server authentication credentials.
HTTP with Internet Explorer. This is a known issue with Internet Explorer when
communicating with web proxies. This is due to Internet Explorer never prompting
users to enter the server authentication credentials.
Workaround: To access FTP servers that require server authentication, use one of the
following workarounds:
following workarounds:
•
Use a different browser, such as FireFox or Chrome, to access the FTP server.
•
Use an FTP client that uses native FTP to access the FTP server.
•
If users must use Internet Explorer, they can prepend the username and password
into the URL. For example: ftp://USERNAME:PASSWORD@ftp.example.com
into the URL. For example: ftp://USERNAME:PASSWORD@ftp.example.com
71012
Clients cannot connect to HTTPS servers that do not support TLS Hello during the
SSL handshake.
SSL handshake.
Workaround: If the Web Proxy is deployed in transparent mode, use the proxy bypass
list to bypass the Web Proxy for these websites. If the Web Proxy is deployed in
explicit forward mode, use a custom URL category and a Decryption Policy to pass
through traffic to these websites, and verify the option “Would you like to block
tunneling of non-SSL transactions on SSL Ports?” is disabled.
list to bypass the Web Proxy for these websites. If the Web Proxy is deployed in
explicit forward mode, use a custom URL category and a Decryption Policy to pass
through traffic to these websites, and verify the option “Would you like to block
tunneling of non-SSL transactions on SSL Ports?” is disabled.
Table 4
Known Issues for AsyncOS 7.5.0 for Web (continued)
Defect ID
Description