cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
811
Views
0
Helpful
2
Replies

Ironport Web Appliance Queries

MANSOORQ123
Level 1
Level 1

Dear Team Members

Any help for the below points is highly appreciated.

1: Senderbase update details on WSA, it happens by default after every 5 minutes, but where exactly the status can be checked.

2: Blocking Remote Assistance Software like Team Viewer & Webex, further this blocking should be user specific.

3: in Reporting > Web Tracking > i neeed to track connections made to multiple destination IPs (around 45 +), how i can specify multiple destinations, it accpets only one at a time.

Thanks in Advance.

Ahad

1 Accepted Solution

Accepted Solutions

Michael Hautekeete
Cisco Employee
Cisco Employee

Hello Ahad,

Answering your questions in line;

1. Senderbase updates will be visible in the updater_logs, you will see logs like the following;

Mon Feb 17 09:57:42 2014 Info: wbrs waiting on download lock

Mon Feb 17 09:57:42 2014 Info: wbrs acquired download lock

Mon Feb 17 09:57:42 2014 Info: wbrs beginning download of remote file "http://updates.ironport.com/wbrs/3.0.0/ip/default/1392647616.inc"

Mon Feb 17 09:57:42 2014 Info: wbrs released download lock

Mon Feb 17 09:57:42 2014 Info: wbrs successfully downloaded file "wbrs/3.0.0/ip/default/1392647616.inc"

Mon Feb 17 09:57:42 2014 Info: wbrs started applying files

Mon Feb 17 09:57:42 2014 Info: wbrs started applying files

Mon Feb 17 09:57:42 2014 Info: wbrs applying component updates

Mon Feb 17 09:59:07 2014 Info: wbrs preserving wbrs for upgrades

Mon Feb 17 09:59:07 2014 Info: wbrs done with wbrs update

Mon Feb 17 09:59:07 2014 Info: wbrs verifying applied files

You can also see the current rules in use on the WSA by using the version command from the CLI.

2. To block remote assistance applications we have a section in the AVC that allows you to block some Presentation and Conferencing apps like Teamviewer/WebEx. On your Access Policies page click on the link under applications for the access policy you wish to edit, expand the Presentation and Conferencing section and you can block the apps. Keep in mind not all apps use 80/443 so any non-standard HTTP/HTTPS port bieng used will need to be blocked at the firewall.

3. Unfortunately the reporting system is limited to a single destination for web tracking. There is a feature request filed for this issue already to add more granular control to the reporting system (including web tracking).

Hope this helps.

Best Regards,

Michael Hautekeete

Customer Support Engineer

Cisco Content Security - Web Security Appliance

http://www.cisco.com/en/US/products/ps11169/serv_group_home.html

https://supportforums.cisco.com/community/netpro/security/web

https://supportforums.cisco.com/community/feeds?community=2091

View solution in original post

2 Replies 2

Michael Hautekeete
Cisco Employee
Cisco Employee

Hello Ahad,

Answering your questions in line;

1. Senderbase updates will be visible in the updater_logs, you will see logs like the following;

Mon Feb 17 09:57:42 2014 Info: wbrs waiting on download lock

Mon Feb 17 09:57:42 2014 Info: wbrs acquired download lock

Mon Feb 17 09:57:42 2014 Info: wbrs beginning download of remote file "http://updates.ironport.com/wbrs/3.0.0/ip/default/1392647616.inc"

Mon Feb 17 09:57:42 2014 Info: wbrs released download lock

Mon Feb 17 09:57:42 2014 Info: wbrs successfully downloaded file "wbrs/3.0.0/ip/default/1392647616.inc"

Mon Feb 17 09:57:42 2014 Info: wbrs started applying files

Mon Feb 17 09:57:42 2014 Info: wbrs started applying files

Mon Feb 17 09:57:42 2014 Info: wbrs applying component updates

Mon Feb 17 09:59:07 2014 Info: wbrs preserving wbrs for upgrades

Mon Feb 17 09:59:07 2014 Info: wbrs done with wbrs update

Mon Feb 17 09:59:07 2014 Info: wbrs verifying applied files

You can also see the current rules in use on the WSA by using the version command from the CLI.

2. To block remote assistance applications we have a section in the AVC that allows you to block some Presentation and Conferencing apps like Teamviewer/WebEx. On your Access Policies page click on the link under applications for the access policy you wish to edit, expand the Presentation and Conferencing section and you can block the apps. Keep in mind not all apps use 80/443 so any non-standard HTTP/HTTPS port bieng used will need to be blocked at the firewall.

3. Unfortunately the reporting system is limited to a single destination for web tracking. There is a feature request filed for this issue already to add more granular control to the reporting system (including web tracking).

Hope this helps.

Best Regards,

Michael Hautekeete

Customer Support Engineer

Cisco Content Security - Web Security Appliance

http://www.cisco.com/en/US/products/ps11169/serv_group_home.html

https://supportforums.cisco.com/community/netpro/security/web

https://supportforums.cisco.com/community/feeds?community=2091

Hello Michael

Many Many thanks for your prompt & Correct Response.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: