SWG Warn Page 404 Error After Clicking Continue in Secure Access

Available Languages

Download Options

  • PDF     (4.8 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (82.4 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (67.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 27, 2026
Document ID:225979

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

Users encounter intermittent 404 errors after clicking "Continue" on a Secure Web Gateway (SWG) warn page instead of being allowed through as intended. This issue occurs during normal policy flow when SWG warn pages are triggered, impacting user web access. The problem manifests as users hitting the SWG warn page via desired policy implementation, but after clicking "Continue" they receive 404 errors instead of proceeding to their intended destination.

Environment

  • Technology: Solution Support (SSPT - contract required)

  • Sub-technology: Secure Access

  • Product Family: SECACCS

  • Affected Domain: block.sse.cisco.com

Resolution

The issue has been resolved in CSC version 5.1.16, which is now available on CCO (Cisco Connection Online). The resolution involved modifications to DNS handling and response processing for the affected domain.

Resolution Steps

Step 1: Upgrade to CSC 5.1.16

Download and install CSC version 5.1.16 from CCO, which contains the fix for the DNS record handling issue.

Step 2: Verify DNS Response Changes

The DNS AAAA response for block.sse.cisco.com has been modified to not use mapped IPs, eliminating the root cause of the issue.

Step 3: Test SWG Warn Page Functionality

Verify that users can successfully click "Continue" on SWG warn pages without encountering 404 errors.

Troubleshooting Data Collection

If the issue persists or for diagnostic purposes, collect the following logs.
https://www.cisco.com/c/en/us/support/docs/security/secure-access/221240-troubleshoot-and-collect-basic-informati.html

  • DART logs with maximum debug enabled

  • Network packet captures (pcap)

  • KDF logs

  • HAR (HTTP Archive) files from browser sessions

Cause

The issue occurred due to DNS records for block.sse.cisco.com in the internal DNS cache being overwritten by duplicate DNS records with randomized TTLs (Time To Live values). This DNS corruption caused the SWG warn page redirection mechanism to fail, resulting in 404 errors when users attempted to continue through the warn page. The DNS handling inconsistencies prevented proper resolution of the domain used for the warn page functionality.

Related Content

Revision History

Revision Publish Date Comments
1.0
27-May-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Amit Arora

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products