Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Ironport S170 falsley blocking categories

Hi All,

Potentially since the last minor AsyncOS update (7.7.0-760 to 7.7.0-761), we have been experiencing issues with Ironport blocking access to web categories which are actually open.

For instance, we have users, whose policy allows them access to Business & Industry, being blocked. A policy trace proves they *should* be granted access:

Trace for URL: http://www.challengept.com

User Information
User Name: HAYLEY-GROUP\cbosley
Group Membership: HAYLEY-GROUP\cbosley, HAYLEY-GROUP\Domain Users, HAYLEY-GROUP\RDP Users, HAYLEY-GROUP\VPN-Users
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
URL Check
WBRS Score: 0.0
URL Category: Business and Industry
Scanner "AVC" Verdict (Request): Unknown (Unknown)
MIME-Type: text/html; charset=UTF-8
Scanner "AVC" Verdict (Response): Unknown (Unknown)
Policy Match
Cisco IronPort Data Security policy: None
Decryption policy: None
Routing policy: None
Identity policy: Internal_Users
Access policy: Level_3_Users
Final Result
Request completed
Details: Transaction permitted
Trace session complete

 

Yet, Ironport gives them this if they browse to the same URL:

Date: Wed, 22 Oct 2014 12:17:16 BST
Username: HAYLEY-GROUP\cbosley@NTLM
Source IP: 10.11.24.116
URL: GET http://www.challengept.com/
Category: Business and Industry
Reason: BLOCK-WEBCAT
Notification: WEBCAT

 

We have rebooted the Ironport and also set "Business & Industry" to blocked, then unblocked to try and refresh the policy but it hasn't made any difference.

Perhaps the oddest part is that when users get the blocked page, if they click 'back' in their browser, and retry the site, 9 out of 10 times it will let them in!

Has anyone else encountered a bug like this, and/or has a work-around?

Thanks in advance.

Elliot

450
Views
0
Helpful
0
Replies
CreatePlease to create content