Mimecast Web Security: Frequently Asked Questions

Document created by user.oxriBaJeN4 Employee on Sep 13, 2018Last modified by user.oxriBaJeN4 Employee on Jul 26, 2019
Version 11Show Document
  • View in full screen mode

This guide lists some issues you may encounter with Mimecast Web Security, and how to solve them.

 

Exceptions

Q:I have a local DNS server managing internal resources. What should I do?
A:If you have a local DNS, this must be set as an exception.
Q:My local DNS exceptions aren't being logged. Is this correct?
A:Yes, local DNS exceptions aren't logged.
Q:I can no longer get to my local resources such as IP Phones, Network Drives and internal servers, what happened?
A:If you have Active Directory or a local DNS server managing your internal resources, you must define the local domain as an Exception. This tells DNS Security Gateway to send local DNS requests to the local DNS server. See the Mimecast Web Security: Managing Exceptions page for further information.
Q:I get blocked trying to visit sites I trust, for instance outlook.office365.com, what should I do?
A:If you trust the site, you will need to add it to your Exception Policy and it won't be checked.
Q:When should I define an Exception vs. an Explicit Allow?
A:There are several considerations:
  • Exceptions are set at the System level, so it applies to Everyone at all your locations.
  • Allow policy settings can be targeted to specific Locations and Groups.
  • DNS requests to sites marked as Exceptions are not tracked, so they will not appear in any DNSSG reports.

 

Browsers

Q:How do I clear out the DNS Cache in Windows?
A:To flush the Windows DNS cache, do the following:
  1. Bring up the Windows Command Prompt by entering cmd the Windows search box.>
  2. Enter ipconfig / flushdns in the Command Prompt.
  3. Look for the Successfully flushed the DNS Resolver Cache message to confirm that the operation has been completed.
Q:How do I clear out the DNS Cache in Chrome?
A:Chrome has a built-in DNS cache, which takes time to expire. To flush the Chrome DNS cache immediately, do the following:
  1. Enter chrome://net-internals/#dns in the Chrome address bar.
  2. Click on the Clear host cache button.
  3. Check to see that Active entries is set to zero.
Q:How do I prevent Mozilla Firefox from sending my DNS requests to Cloudflare?
A:To stop Firefox from sending your DNS requests to Cloudflare, do the following:
  1. Enter about:config  in the address bar.
  2. Search for network.trr
  3. Set network.trr.mode = 5 to disable sending DNS requests to Cloudfare.

 

Policies

Q:I've added / changed a policy, but this doesn't seem to be reflected in my DNS. Why is this?
A:Mimecast Web Security is DNS based, and the DNS is cached in multiple places including the client browser, operating system, and gateway devices (e.g. firewalls, NGFW, IDS, IPS). When a site is blocked by Web Security, we provide the IP address of the block page. When the site’s DNS is cached, the cache needs to be refreshed before the IP address of the block page is available. The DNS cache refresh time is specific to the cache. Additionally, each domain owner can set the time to live (TTL) at their discretion, and that also impacts how long the DNS records take to refresh. When you go from allowing to blocking a site, the time for the DNS cache to refresh varies but in general takes 10-30 minutes.
Q:We want to block / allow the domains of popular applications. Do you list these anywhere?
A:Yes. See the Mimecast Web Security: Managing Trusted Domains page for further details.
Q:When do we proxy a site for Mimecast Web Security?
A:Sites with a category of "Unknown" are proxied.
Q:Why do I get an error when I attempt to import a CSV file of URLs in my Block / Allow policy?
A:The most common reason for an error is that there is an entry in the file that already exists. Open the file in a text editor (e.g. Notepad) and check the following:
  1. Remove any entries that already exist in the policy.
  2. Ensure the file has the following content:
    • Column A: Must contain the URL.
    • Column B: Must contain either "Block" or "Allow".
  3. Remove any spaces or special characters.
  4. Ensure all URLs meet the acceptable syntax. See the Mimecast Web Security: Block or Allow Policy Rules / Examples page for further details.
Q:Can I block a category but get to one site in that category?
A:Yes. Just enable the blocked site by adding all the domains it uses as "Allow" in the Block or Allow List policy. See the Mimecast Web Security: Managing Trusted Domains page for lists of domains for well known applications.
Q:A website I normally use is blocked because it appears to be in the wrong category? What should I do?
A:Occasionally sites can be miscategorized. If you suspect this to be the case:
  1. Add the site to a Block or Allow List policy with an "Allow" value. See the Configuring a Block or Allow List Policy page for full details.
  2. Report the site from the Web Security | Domain and URL Category Lookup menu item. See the Mimecast Web Security: Domain / URL Categorization page for full details.

 

Mimecast Security Agent

Q:My device was previously protected by the Mimecast Security Agent, but now I can't gain access to a web page.
A:A protected device must have your Mimecast Security Agent key installed on it. Check that the key:
  • Is correctly installed on the device.
  • Hasn't been deleted. If it has, the key must be reinstalled on the device.
Q:I've installed the Mimecast Security Agent on my Mac, but didn't authorize the kernels when prompted to do so. Am I still protected?
A:No. All the kernels must be authorized on your Mac for the MSA to protect your device.
Q:Why does the MSA Installer keep failing?
A:Verify that the correct MSA installer is being used, and that it is being run on the correct platform. See the Mimecast Web Security: Prerequisites  page for full details.
Q:I am having problems with the MSA, but can't understand why. What should I do?
A:Collect the MSA logs and contact our Support Team. See the  Mimecast Web Security: Mimecast Security Agent Diagnostic Data   page for further details.
Q:I see a prompt for an update but MSA isn't auto updating. Why is this?
A:If you receive a notification indicating a new version of MSA is available, this does not auto update. Therefore you must either:
  • Install the new MSA version manually.
  • IT can deploy using their own software deployment solution.
Q:After installing the MSA my web browser hangs and can't access the internet. What causes this?
A:This is caused by the MSA not having access to Mimecast due to firewall rules blocking it. Check the MSA live diagnostics for errors, and use Beachcomber to see if Mimecast is receiving and replying to DNS requests. Finally ensure that ports 80 and 443 are open to Mimecast.

 

Reporting

Q:Why does the Activity Report have log entries with blank users?
A:Users are only recognized when they log into the Mimecast Security Agent (MSA). If you are configured for Network Protection (at the Gateway level) or if using the MSA, and the Administrator does not require login to the MSA, and the user has not logged in to the MSA, then the user is unknown, and left blank.
Q:Why does the Activity Report have log entries with blank categories?
A:Log entries with blank Categories are often reverse DNS lookups and are expected. Reverse lookups almost always contain a "Request" which contains "in-addr.arpa".
Q:Why don't I don't see the user listed in the Activity / Security Report?
A:Location based protection doesn't display the user, and with agent based protection the user must log into the MSA for their information to be displayed in the reports.

 

Installation

Q:Can I perform a silent MSI install?
A:It is possible to specify switches to the msiexec.exe to control the installation, and also possible to specify parameters to the underlying MSI install program. In this case we simply tell the MSI where the customer token file is. Here is a PowerShell example:
msiexec.exe /i "Mimecast Security Agent (64) 1.0.522.msi" /quiet /qn /l*v msiinstall.log licensefile=token.txt
The customer token is in the file token.txt which is in the same directory as the installer. Additionally, it is possible to specify the token directly rather than use the file. Replace the licensefile parameter with licensekey and then include the key itself after the = sign.
Q:After installing Web Security I can't get to my local devices (e.g. printers). Why is this?
A:Local resources (e.g. a print server) are managed by your local DNS service. Web Security doesn't use your local DNS service to locate these devices. Add your local domain as an exception. See the Mimecast Web Security: Managing Exceptions page for full details.

 

Other

Q:What is my egress IP?
A:The egress IP is your network's registered public IP address. Some customers have told us that they have had success using WhatIsMyIP.com to verify their egress IP, which is referenced on the site as "Your Public IPv4". Note: Mimecast does not endorse or support WhatIsMyIP.com, use this site at your own risk.
Q:Why isn’t the dashboard showing up-to-date data?
A:The dashboard displays summary data which is rolled up and processed every 30 min. The dashboard does not show real-time data. For real-time data, refer to the Activity Logs.
Q:Why can't I get to my local resources like a printer?
A:You will need to add the customer's local Domain to the Exceptions List.

 

See Also...

 

1 person found this helpful

Attachments

    Outcomes