S160 -Just upgraded to 6.0.0-544 for web-probs accessing web
I just upgraded to 6.0.0-544 for web and all HTTP traffic was blocked from accessing the web. End user sees 'end user agreement' page...once he/she/it clicks 'accept' they are directed to..... http://10.247.0.38/0:86400:14400:4a697f5e/a4bf7cd860694fb44c9c7162bc86e936/http://www.yahoo.co.uk (Yahoo.co.uk in this example) which cannot be displayed. I have changed the end user ack to 'exempt' under ‘identities’ and the end user can access the web??? All was working fine until upgrade – any ideas? I understand a rollback will format the system back to factory default settings
Re: S160 -Just upgraded to 6.0.0-544 for web-probs accessing web
What is 10.247.0.38 in your network? Is this by chance the client's IP? If so, you might be hitting the following issue:
"End-user acknowledgment page link contains client IP instead of Web Security appliance IP after DNS failure [Defect ID: 49114]" - We have more details and a workaround documented in the release notes:
The link included in the end-user acknowledgement page contains the client IP address instead of Web Proxy IP address after DNS failure. When there are existing DNS failures, clicking the link on the end-user acknowledgement page fails because the user is erroneously directed to its own machine. However, once the DNS issues are resolved, the link on the page still shows the client IP address, but clicking the link works as expected. Workaround: When the Web Security appliance is deployed in explicit forward mode, use the dnsconfig CLI command to add a localhost entry for the Web Security appliance hostname and IP address. When the Web Security appliance is deployed in transparent mode, verify the DNS issues are resolved.
Please verify if this works for you and if it does not help, I'd suggest opening a support case to have one of our Engineers look into this.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...