S160 -Just upgraded to 6.0.0-544 for web-probs accessing web

Unanswered Question
Jul 24th, 2009

I just upgraded to 6.0.0-544 for web and all HTTP traffic was blocked from accessing the web.
End user sees 'end user agreement' page...once he/she/it clicks 'accept' they are directed to.....
http://10.247.0.38/0:86400:14400:4a697f5e/a4bf7cd860694fb44c9c7162bc86e9... (Yahoo.co.uk in this example) which cannot be displayed.
I have changed the end user ack to 'exempt' under ‘identities’ and the end user can access the web???
All was working fine until upgrade – any ideas? I understand a rollback will format the system back to factory default settings

:(

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jdohrman Fri, 07/24/2009 - 17:57

Hi,

What is 10.247.0.38 in your network? Is this by chance the client's IP? If so, you might be hitting the following issue:

"End-user acknowledgment page link contains client IP instead of Web Security appliance IP after DNS failure [Defect ID: 49114]" - We have more details and a workaround documented in the release notes:

The link included in the end-user acknowledgement page contains the client IP address instead of Web Proxy IP address after DNS failure. When there are existing DNS failures, clicking the link on the end-user acknowledgement page fails because the user is erroneously directed to its own machine. However, once the DNS issues are resolved, the link on the page still shows the client IP address, but clicking the link works as expected. 
Workaround: When the Web Security appliance is deployed in explicit forward mode, use the dnsconfig CLI command to add a localhost entry for the Web Security appliance hostname and IP address. When the Web Security appliance is deployed in transparent mode, verify the DNS issues are resolved.



Please verify if this works for you and if it does not help, I'd suggest opening a support case to have one of our Engineers look into this.

Best Regards,
Jakob

Actions

This Discussion