Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSA v5 - Problems Experienced with Test mode

Hi All

I'm currently deploying CSA v5 agents for a customer of mine that has a number of custom in house written applications that talk to a couple of SQL boxes they have.

When I deploy CSA on the SQL boxes in test mode one of their custom apps that talk to the SQL boxes fail to load. The problem is experienced event when the agent is disabled.

As I understand it the App opens an ODBC connection to one of the SQL boxes and hold is open for about a minute while a large amount of data is downloaded to the PC running the app.

I'm not sure where to go with this one , i've had to uninstall CSA from the SQL boxes to resolve the issue for the time being. Can anyone offer some suggestions ?

2 REPLIES
Silver

Re: CSA v5 - Problems Experienced with Test mode

CSA policies can execute in live mode, where they enforce rules by denying or allowing events, or test mode, where they indicate in the event log what the action would have been to the given event. All entries in the event log for rules in test mode begin with the label TESTMODE: to make it easy to scan for events relating to rules under test. In general, you start a pilot in test mode and gradually change over to live mode as you examine the performance of each policy. You can use test mode in two different ways:

http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_installation_guide_chapter09186a00805aec7a.html#wp961980

Community Member

Re: CSA v5 - Problems Experienced with Test mode

If you are running in testmode as noted in the above message, you could be running into a problem with the untrusted content classification rule module. This is where the connection to the server is seen as an untrusted connection and acts on that... try removing this rm from your policy...

92
Views
0
Helpful
2
Replies
CreatePlease to create content