I'm looking for some guidance on a problem i'm facing with Ironport. Our external company website has a flash clock widget that loads 8 different timezones. Depending on the website page you visit it may only load 6 of the 8 clocks. The problem is not consistent per user, so for example I may visit a certain page and get 5 out of 8 clocks but another user may visit the same page and get all 8.
When I look through the logs in Ironport I get the following message for the clocks that do not appear: TCP_MISS/403 611 There are no other blocks showing against the Access Policies set in Ironport so i'm lost as to why this is being forbidden (403) Any help would be gratefully appreciated.
You will need to grep for the access logs while testing this application. What your looking for are requests made by the application which are being blocked by your access policies hence the 403 that your already seeing in the access logs. Once you have determined the URLs being requested by the application add those URLs to a custom URL category: WSA GUI -> Web Security Manager -> Custom URL Category -> submit -> commit your changes. You will also need to add this custom URL category to a No Authentication Access / Identity which will also contain a No Authentication Identity. Usually in this scenario you will already have a default No Auth Identity based on your class of network A,B,C created with a Custom URL Category already directly associated to that identity. This type of Access Policy , Identity, Custom URL Category is designed for applications , Operating system updates etc...
WSA Cisco Forums Moderator
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...