I checked our URL list just now and we had the same thing. We had added
a lot of the URLs that were missing (nai, grisoft, etc) ourselves and
those stayed enabled, but all the Cisco created entries were turned off.
I agree that there needs to be some system, be it email or even
something on the Summary page that says "Updates were installed as of
XX/XX/XXXX at XX:XX AM/PM". Yes, you can go and check the logs or dig
down to where it is listed under Clean Access, but you shouldn't have
to.

On a side note, does anyone have Apple users in their CCA environment?
We had to add apple.com to the allowed domains list so they could get OS
updates when the Nessus scans found security holes. Again, not a big
deal, but surprising that it's not included in the default list.






 
Timothy Grzeczka
Network Analyst
Dominican University
[log in to unmask]
Voice - (708) 524-6568
Fax - (708) 488-5111