cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jmazzeo07
Level 9
Report Inappropriate Content
Message 1 of 11
‎05-03-2016 07:16 AM

MWG rules to SaaS syncronization issue

Jump to solution

Hi all, I'm testing SaaS on my lab cause I need to deploy it on a client.

I have done all the configuration to Sync the policies with the Web Gateway, but i Can't see the Hybrid policies on the Web SaaS Protection Rules:

saas.JPG

I'm working with a host with MCP and it redirects the traffic without problem, but I can't apply policies with the group membership of the users like directly connected.

I see this error on my Gateway sync log:

Information about most recent policy synchronization:

No informationPolicy is not in synchronized state

*** 2016/5/2 12:34:41 ***

Starting policy synchronization

Going to synchronize 2 rules files, 7 configs, 186 lists, 1 subscribed lists, and 738 error template resources.

Got temporary active configuration [2016-05-02_09-48-38-871_+0000] from web service

    com.scur.type.ip.509.xml

    5136.xml

    com.scur.engine.streamdetector.16393.xml

    com.scur.engine.trustedsource.4569.xml

    gwrs.xml

    com.scur.mainaction.block.15139.xml

    com.scur.engine.billing.4575.xml

    5147.xml

    com.scur.mainaction.block.4577.xml

    com.scur.engine.antivirus.4589.xml

    com.scur.type.iprange.366.xml

    com.scur.type.category.243.xml

    com.scur.type.regex.903.xml

    com.scur.type.string.880.xml

    5158.xml

    com.scur.type.regex.4518.xml

    com.scur.type.ip.935.xml

    com.scur.type.regex.387.xml

    com.scur.type.string.805.xml

    com.scur.type.applcontrol.883.xml

    com.scur.type.category.248.xml

    com.scur.type.regex.11333.xml

    com.scur.type.regex.923.xml

    com.scur.type.number.792.xml

    com.scur.type.ip.500.xml

    com.scur.type.string.510.xml

    com.scur.type.regex.4551.xml

    com.scur.type.regex.877.xml

    com.scur.type.category.247.xml

    com.scur.type.iprange.939.xml

    com.scur.type.applcontrol.855.xml

    com.scur.type.regex.241.xml

    com.scur.type.regex.388.xml

    com.scur.type.mediatype.376.xml

    com.scur.type.string.498.xml

    com.scur.type.string.492.xml

    com.scur.type.string.803.xml

    com.scur.type.number.4519.xml

    com.scur.type.string.354.xml

    16056.xml

    com.scur.type.string.879.xml

    com.scur.type.category.249.xml

Policy synchronization failed: Failed to add /lists/com.scur.type.regex.4518: 408

Can somebdoy give me some help?

Thanks and sorry my english.

0 Kudos
Reply
1 Solution

Accepted Solutions
jmazzeo07
Level 9
Report Inappropriate Content
Message 10 of 11
‎05-10-2016 05:14 AM

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.

View solution in original post

0 Kudos
Reply
10 Replies
jscholte
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11
‎05-03-2016 08:26 AM

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi!

Based on the ID of that list, I'm thinking it's the global whitelist (because I have a list with that same ID):


# current; head lists/com.scur.type.regex.4518.xml

<?xml version='1.0' encoding='UTF-8'?>

<list version="1.0.3.45" mwg-version="7.6.0-19896" name="Global Whitelist" id="com.scur.type.regex.4                                                                                                                                                    518" typeId="com.scur.type.regex" classifier="Other" systemList="false" structuralList="false" defau                                                                                                                                                    ltRights="2">

I'm guessing you have a problem with entry 408 in the global whitelist.

If you make a change to that list and try to save it will probably fail too.

This can happen if at some point you imported duplicate entries, but MWG failed to recognize them as duplicates.

Best Regards,

Jon

0 Kudos
Reply
jmazzeo07
Level 9
Report Inappropriate Content
Message 3 of 11
‎05-03-2016 10:29 AM

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi Jon, my global whitelist is empty, and it is strange cause every time I try to sync it gives me a different error:

Policy synchronization failed: Failed to add /error_templates/ZGVmYXVsdC9lcy9iYWRyZXF1ZXN0LnR4dA,,: 408     (???)

Policy synchronization failed: Failed to add /lists/com.scur.type.string.654: 408

The last error list is called "Grupo Empleados", and it only have one entry.

<?xml version='1.0' encoding='UTF-8'?>

<list version="1.0.3.45" mwg-version="7.5.2.3.0-20202" name="Grupo Empleados" id="com.scur.type.string.654" typeId="com.scur.type.string" classifier="Groups" systemList="false" structuralList="false" defaultRights="2">

  <description></description>

  <content>

    <listEntry>

      <entry>g_Empleados</entry>

      <description></description>

    </listEntry>

  </content>

</list>

0 Kudos
Reply
jmazzeo07
Level 9
Report Inappropriate Content
Message 4 of 11
‎05-04-2016 12:29 PM

Re: MWG rules to SaaS syncronization issue

Jump to solution

Answering to myself, I have installed a new Web Gateway with just the default rules an nothing else, and I'm having the same issue and log error:

Information about most recent policy synchronization:

No informationPolicy is not in synchronized state

*** 2016/5/4 19:09:13 ***

Starting policy synchronization

Going to synchronize 2 rules files, 9 configs, 114 lists, 1 subscribed lists, and 173 error template resources.

Got temporary active configuration [2016-05-04_13-22-59-958_+0000] from web service

    gwrs.xml

    com.scur.engine.billing.4575.xml

    com.scur.engine.progresspage.394.xml

    com.scur.engine.compositeopener.1.xml

    com.scur.engine.sslclientcontext.4585.xml

    com.scur.engine.trustedsource.4569.xml

    com.scur.mainaction.block.4572.xml

    com.scur.engine.datatrickling.396.xml

    com.scur.engine.safesearchenforcer.11498.xml

    com.scur.mainaction.block.4581.xml

    com.mcafee.mwg.list.userdb.xml

    5158.xml

    com.scur.type.number.4519.xml

    com.scur.type.regex.4537.xml

    com.scur.type.regex.4551.xml

    com.scur.type.regex.4543.xml

    com.scur.type.regex.11333.xml

    5153.xml

    16056.xml

    com.scur.type.complex.hostandcertificate.4529.xml

    16054.xml

    5146.xml

    com.scur.type.regex.4518.xml

    5145.xml

    com.scur.type.regex.10830.xml

    com.scur.type.string.6981.xml

    com.scur.type.ip.4552.xml

    com.scur.type.regex.11347.xml

    5147.xml

    5156.xml

    5157.xml

    10001.xml

    com.scur.list.dlpcategory.fisma_compliance.xml

    com.scur.list.mediatype.audio.xml

    com.scur.list.applcntrl.monitoring.xml

    com.scur.list.category.society_education_religion.xml

    com.scur.list.dlpcategory.austria_policy.xml

    com.scur.list.dlpcategory.acceptable_use.xml

    com.scur.list.dlpcategory.australia_policy.xml

    com.scur.list.dlpcategory.turkey_policy.xml

    com.scur.list.mediatype.streams.xml

    com.scur.list.applcntrl.voip.xml

    com.scur.list.applcntrl.photovideosharing.xml

    com.scur.list.dlpcategory.financial_and_security_compliance.xml

    com.scur.list.applcntrl.im.xml

    com.scur.list.applcntrl.gaming.xml

    com.scur.list.dlpcategory.netherlands_policy.xml

    com.scur.list.mediatype.documents.xml

    com.scur.list.applcntrl.embeddedwebapps.xml

    com.scur.list.dlpcategory.chinese_taiwan_policy.xml

    com.scur.list.dlpcategory.spain_policy.xml

    com.scur.list.dlpcategory.uk_policy.xml

    com.scur.list.applcntrl.onlinecrawlers.xml

    com.scur.list.dlpcategory.japan_policy.xml

    com.scur.list.dlpcategory.sox_compliance.xml

    com.scur.list.applcntrl.erpcrm.xml

    com.scur.list.applcntrl.storage.xml

    com.scur.list.category.drugs.xml

    com.scur.list.applcntrl.businesswebapps.xml

    com.scur.list.applcntrl.database.xml

    com.scur.list.applcntrl.tunnels.xml

    com.scur.list.applcntrl.webbrowsing.xml

    com.scur.list.category.purchasing.xml

    com.scur.list.mediatype.text.xml

    com.scur.list.dlpcategory.israel_policy.xml

    com.scur.list.dlpcategory.brazil_policy.xml

    com.scur.list.mediatype.arc.xml

    com.scur.list.applcntrl.p2p.xml

    com.scur.list.dlpcategory.poland_policy.xml

    com.scur.list.dlpcategory.entertainment_industry_ip.xml

    com.scur.list.dlpcategory.france_policy.xml

    com.scur.list.dlpcategory.german_policy.xml

    com.scur.list.dlpcategory.employee_discontent.xml

    com.scur.list.category.games_gambling.xml

    com.scur.list.dlpcategory.czech_policy.xml

    com.scur.list.dlpcategory.chinese_hong_kong_policy.xml

    com.scur.list.dlpcategory.payment_card_industry.xml

    com.scur.list.applcntrl.offlinecrawlers.xml

    com.scur.list.dlpcategory.russia_policy.xml

    com.scur.list.dlpcategory.high_technology_industry_ip.xml

    com.scur.list.dlpcategory.legal.xml

    com.scur.list.dlpcategory.canada_policy.xml

    com.scur.list.category.informationtechnologie.xml

    com.scur.list.dlpcategory.india_policy.xml

Policy synchronization failed: Failed to add /lists/com.scur.list.applcntrl.onlinecrawlers: 408

0 Kudos
Reply
jmazzeo07
Level 9
Report Inappropriate Content
Message 5 of 11
‎05-04-2016 01:26 PM

Re: MWG rules to SaaS syncronization issue

Jump to solution

Adding info: I'm using trial licenses in my Web Gateway and the SaaS license is trial too.

0 Kudos
Reply
eelsasser
Level 15
Report Inappropriate Content
Message 6 of 11
‎05-04-2016 02:12 PM

Re: MWG rules to SaaS syncronization issue

Jump to solution

A default policy will not synchronize by default because none of the rules are enabled in the cloud.

Try enabling the whitelist or URL Filtering rules:

Capture.png

Capture1.png

0 Kudos
Reply
Troja
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 11
‎05-05-2016 12:22 AM

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi ,

i took a look at your screenshot in your first posting. I compared it with my SaaS Portal. I´m missing the hint about the Web Hybrid, look at my screenshot.

SaaS.png

From my Point of Information it Looks like your SaaS account is not WebHybrid enabled.

Cheers

0 Kudos
Reply
jmazzeo07
Level 9
Report Inappropriate Content
Message 8 of 11
‎05-05-2016 05:07 AM

Re: MWG rules to SaaS syncronization issue

Jump to solution

I have enabled 2 policies to sync with the cloud in my Gateway, one is the URL Filtering.

Maybe I don't have that option because the policies from the Gateway never finish the sync.

0 Kudos
Reply
Troja
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 11
‎05-10-2016 12:49 AM

Re: MWG rules to SaaS syncronization issue

Jump to solution

We enabled WebHybrid for a customer yesterday.

1) we opened the SaaS portal (for endpoint) and activated Web Protection.

2) Afterwards we added a user for MWG under https://portal.mcafeesaas.com. We granted the Customer Admin role to this account.

3) Added the account to mwg and we were able to synchronize.

If no cloud rule is configured, you can see an information about that. But MWG should be able to contact the SaaS Service.

Under Troubleshooting you can find the result of the synchronization.

Just another hint. Do not use the "Web Hybrid Legacy settings" in MWG, use the WebHybrid Settings in the Top of MWG Gui directly under "Licenses".

Cheers

0 Kudos
Reply
jmazzeo07
Level 9
Report Inappropriate Content
Message 10 of 11
‎05-10-2016 05:14 AM

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.

View solution in original post

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC