This guide lists some issues you may encounter, and how to solve them.
|Q:||I have a local DNS server managing internal resources. What should I do?|
If you have a local DNS, this must be set as an exception.
My local DNS exceptions aren't being logged. Is this correct?
|A:||Yes, local DNS exceptions aren't logged.|
|Q:||I've added / changed a policy, but this doesn't seem to be reflected in my DNS. Why is this?|
Mimecast Web Security is DNS based, and the DNS is cached is multiple places including the client browser, operating system, and gateway devices (e.g. firewalls, NGFW, IDS, IPS). When a site is blocked by Web Security, we provide the IP address of the block page. When the site’s DNS is cached, the cache needs to be refreshed before the IP address of the block page is available. The DNS cache refresh time is specific to the cache. Additionally, each domain owner can set the time to live (TTL) at their discretion, and that also impacts how long the DNS records take to refresh. When you go from allowing a site to blocking the site, the time for the DNS cache to refresh varies, but in general takes 10-30 minutes.
|Q:||We want to block / allow the domains of popular applications. Do you list these anywhere?|
|A:||Yes. See the Mimecast Web Security: Managing Trusted Domains page for further details.|
Mimecast Security Agent
|Q:||My device was previously protected by the Mimecast Security Agent, but now I can't gain access to a web page.|
A protected device must have your Mimecast Security Agent key installed on it. Check that the key:
I've installed the Mimecast Security Agent on my Mac, but didn't authorize the kernels when prompted to do so. Am I still protected?
|A:||No. All the kernels must be authorized on your Mac for the MSA to protect your device.|
|Q:||Are there any applications with known compatibility issues when used with the MSA?|
|A:||Yes, but we are addressing these. A full list of known compatibility issues is listed in the Mimecast Web Security: Known Incompatibilities page.|