Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Ironport S170 falsley blocking categories

Hi All,

Potentially since the last minor AsyncOS update (7.7.0-760 to 7.7.0-761), we have been experiencing issues with Ironport blocking access to web categories which are actually open.

For instance, we have users, whose policy allows them access to Business & Industry, being blocked. A policy trace proves they *should* be granted access:

Trace for URL:

User Information
User Name: HAYLEY-GROUP\cbosley
Group Membership: HAYLEY-GROUP\cbosley, HAYLEY-GROUP\Domain Users, HAYLEY-GROUP\RDP Users, HAYLEY-GROUP\VPN-Users
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
URL Check
WBRS Score: 0.0
URL Category: Business and Industry
Scanner "AVC" Verdict (Request): Unknown (Unknown)
MIME-Type: text/html; charset=UTF-8
Scanner "AVC" Verdict (Response): Unknown (Unknown)
Policy Match
Cisco IronPort Data Security policy: None
Decryption policy: None
Routing policy: None
Identity policy: Internal_Users
Access policy: Level_3_Users
Final Result
Request completed
Details: Transaction permitted
Trace session complete


Yet, Ironport gives them this if they browse to the same URL:

Date: Wed, 22 Oct 2014 12:17:16 BST
Username: HAYLEY-GROUP\cbosley@NTLM
Source IP:
Category: Business and Industry
Notification: WEBCAT


We have rebooted the Ironport and also set "Business & Industry" to blocked, then unblocked to try and refresh the policy but it hasn't made any difference.

Perhaps the oddest part is that when users get the blocked page, if they click 'back' in their browser, and retry the site, 9 out of 10 times it will let them in!

Has anyone else encountered a bug like this, and/or has a work-around?

Thanks in advance.


CreatePlease to create content