Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
16-13
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 16 Protecting Against Malicious or Undesirable URLs
Troubleshooting URL Filtering
Alert: SDS: Error Fetching Enrollment Certificate
Problem
You receive an info-level alert about an error fetching the enrollment client certificate.
Solution
This certificate is required to connect to the following cloud-based services: Cisco Web
Security Services (to obtain URL reputation and category) and Cisco Aggregator Server (to obtain web
interaction tracking data). Try the following:
interaction tracking data). Try the following:
1.
Check for networking issues such as incorrect proxy settings or firewall issues.
2.
Verify that your URL Filtering feature key is valid and active.
3.
If the problem persists, contact Cisco TAC.
Alert: SDS: Certificate Is Invalid
Problem
You receive a critical alert about an invalid SDS certificate.
Solution
This certificate is required to connect to Cisco Web Security Services in the cloud in order to
obtain URL reputation and category.
To obtain and manually install a certificate, see
.
Unable to Connect to Cisco Web Security Services
Problem
The Security Services > URL Filtering page persistently indicates an issue connecting to
Cisco Web Security Services.
Solution
•
If you have enabled URL filtering but have not yet committed the change, commit the change.
•
Check for recent alerts related to the connection with Cisco Web Security Services. See
•
If you are connecting via a proxy specified in Security Services > Service Updates, verify that this
is configured and working properly.
is configured and working properly.
•
Check for other network issues that might prevent connection.
•
If you see errors in the URL Filtering Logs related to timed out requests to the SDS client, use the
websecuritydiagnostics
command and the
websecurityadvancedconfig
command in the
command-line interface to investigate and make changes:
–
If the diagnostics show that Response Time or DNS Lookup Time is not less than the configured
URL Lookup Timeout, increase the URL Lookup Timeout value accordingly.
URL Lookup Timeout, increase the URL Lookup Timeout value accordingly.
–
If the diagnostics show that the cache size is at or near the capacity specified in the advanced
configuration settings, increase the cache size.
configuration settings, increase the cache size.
•
Check the URL Filtering Logs for non-timeout errors in communications with the URL scanner,
Cisco Web Security Services, or SDS. "SDS" in logs represents Cisco Web Security Services. If you
see such log messages, contact TAC.
Cisco Web Security Services, or SDS. "SDS" in logs represents Cisco Web Security Services. If you
see such log messages, contact TAC.