Cisco Cisco Web Security Appliance S390 ユーザーガイド

NTLM authentication does not work in some cases when the Web Security appliance is connected to a 
WCCP v2 capable device. When a user makes a request with a highly locked down version of Internet 
Explorer that does not do transparent NTLM authentication correctly and the appliance is connected to 
a WCCP v2 capable device, the browser defaults to Basic authentication. This results in users getting 
prompted for their authentication credentials when they should not get prompted.

Workaround

In Internet Explorer, add the Web Security appliance redirect hostname to the list of trusted sites in the 
Local Intranet zone (Tools > Internet Options > Security tab). 

Firefox browsers may not support DHCP lookup with WPAD. For current information, see 

https://bugzilla.mozilla.org/show_bug.cgi?id=356831

. 

To use Firefox (or any other browser that does not support DHCP) with WPAD when the PAC file is 
hosted on the Web Security appliance, configure the appliance to serve the PAC file through port 80.

Choose Security Services > Web Proxy and delete port 80 from the HTTP Ports to Proxy field. 

Use port 80 as the PAC Server Port when you upload the file to the appliance.

If any browsers are manually configured to point to the web proxy on port 80, reconfigure those browsers 
to point to another port in the HTTP Ports to Proxy field.

Change any references to port 80 in PAC files. 

If an alert with the message “Failed to bootstrap the DNS cache” is generated when an appliance is 
rebooted, it means that the system was unable to contact its primary DNS servers. This can happen at 
boot time if the DNS subsystem comes online before network connectivity is established. If this message 
appears at other times, it could indicate network issues or that the DNS configuration is not pointing to 
a valid server.