Question:
How do I clear the different caches on the Web Security Appliance?
Environment:
AsyncOS 7.1.x and later
Authentication Cache only applies to AsyncOS 7.1.x and later
Symptoms:
Occasionally it becomes necessary to clear the Proxy, DNS or Authentication cache on the appliance in order to resolve an issue in processing requests.
Solution:
How can I clear the DNS cache on Cisco WSA?
In order to increase efficiency and performance, the Cisco WSA stores DNS entries for domains to which you have recently connected. The DNS cache allows the WSA to avoid excessive DNS lookups of the same domains. The DNS cache entries expire according to the TTL (Time to Live) of the record.
However, it is sometimes necessary to clear the DNS cache of entries. Corrupted or expired DNS cache entries can occasionally cause problems with delivery to a remote host or hosts. This problem typically occurs after the appliance has been offline for a network move or some other circumstance.
The DNS cache in the Cisco WSA can be cleared by running the dnsflush command from the CLI.
How can I clear the Proxy cache on Cisco WSA?
The Proxy cache can be cleared either from the GUI or the CLI. The steps for each are below.
GUI
- Go to the Security Services > Web Proxy page for AsyncOS 7.1.x and later versions
- Click on the 'Clear Cache' button
- Click on 'Clear Cache' again to confirm
CLI
- Log into the CLI
- Type the command diagnostic and press Enter
- Next type proxy and press Enter
- Then type cache and press Enter. The Proxy cache will now be cleared.
How can I clear the Authentication cache on Cisco WSA?
Note: This command applies to AsyncOS 7.1.x and later
This command allows you to delete a one or all entries (users) from the authentication cache. You can also list all users currently included in the authentication cache. You might want to clear a user from the authentication cache so the user can login again.
The Authentication cache can be cleared using the CLI.
- Log into the CLI
- Type the command authcache and press Enter
- Follow the prompts to clear either one or all entries from the authentication cache