Community Help Hub

jmazzeo07 · ‎05-03-2016

Hi all, I'm testing SaaS on my lab cause I need to deploy it on a client.

I have done all the configuration to Sync the policies with the Web Gateway, but i Can't see the Hybrid policies on the Web SaaS Protection Rules:

I'm working with a host with MCP and it redirects the traffic without problem, but I can't apply policies with the group membership of the users like directly connected.

I see this error on my Gateway sync log:

Information about most recent policy synchronization:

No informationPolicy is not in synchronized state

*** 2016/5/2 12:34:41 ***

Starting policy synchronization

Going to synchronize 2 rules files, 7 configs, 186 lists, 1 subscribed lists, and 738 error template resources.

Got temporary active configuration [2016-05-02_09-48-38-871_+0000] from web service

com.scur.type.ip.509.xml

5136.xml

com.scur.engine.streamdetector.16393.xml

com.scur.engine.trustedsource.4569.xml

gwrs.xml

com.scur.mainaction.block.15139.xml

com.scur.engine.billing.4575.xml

5147.xml

com.scur.mainaction.block.4577.xml

com.scur.engine.antivirus.4589.xml

com.scur.type.iprange.366.xml

com.scur.type.category.243.xml

com.scur.type.regex.903.xml

com.scur.type.string.880.xml

5158.xml

com.scur.type.regex.4518.xml

com.scur.type.ip.935.xml

com.scur.type.regex.387.xml

com.scur.type.string.805.xml

com.scur.type.applcontrol.883.xml

com.scur.type.category.248.xml

com.scur.type.regex.11333.xml

com.scur.type.regex.923.xml

com.scur.type.number.792.xml

com.scur.type.ip.500.xml

com.scur.type.string.510.xml

com.scur.type.regex.4551.xml

com.scur.type.regex.877.xml

com.scur.type.category.247.xml

com.scur.type.iprange.939.xml

com.scur.type.applcontrol.855.xml

com.scur.type.regex.241.xml

com.scur.type.regex.388.xml

com.scur.type.mediatype.376.xml

com.scur.type.string.498.xml

com.scur.type.string.492.xml

com.scur.type.string.803.xml

com.scur.type.number.4519.xml

com.scur.type.string.354.xml

16056.xml

com.scur.type.string.879.xml

com.scur.type.category.249.xml

Policy synchronization failed: Failed to add /lists/com.scur.type.regex.4518: 408

Can somebdoy give me some help?

Thanks and sorry my english.

jmazzeo07 · ‎05-10-2016

Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.

jscholte · ‎05-03-2016

Hi!

Based on the ID of that list, I'm thinking it's the global whitelist (because I have a list with that same ID):

# current; head lists/com.scur.type.regex.4518.xml

<?xml version='1.0' encoding='UTF-8'?>

I'm guessing you have a problem with entry 408 in the global whitelist.

If you make a change to that list and try to save it will probably fail too.

This can happen if at some point you imported duplicate entries, but MWG failed to recognize them as duplicates.

Best Regards,

Jon

jmazzeo07 · ‎05-03-2016

Hi Jon, my global whitelist is empty, and it is strange cause every time I try to sync it gives me a different error:

Policy synchronization failed: Failed to add /error_templates/ZGVmYXVsdC9lcy9iYWRyZXF1ZXN0LnR4dA,,: 408 (???)

Policy synchronization failed: Failed to add /lists/com.scur.type.string.654: 408

The last error list is called "Grupo Empleados", and it only have one entry.

<?xml version='1.0' encoding='UTF-8'?>

<entry>g_Empleados</entry>

</listEntry>

</content>

</list>

jmazzeo07 · ‎05-04-2016

Answering to myself, I have installed a new Web Gateway with just the default rules an nothing else, and I'm having the same issue and log error:

Information about most recent policy synchronization:

No informationPolicy is not in synchronized state

*** 2016/5/4 19:09:13 ***

Starting policy synchronization

Going to synchronize 2 rules files, 9 configs, 114 lists, 1 subscribed lists, and 173 error template resources.

Got temporary active configuration [2016-05-04_13-22-59-958_+0000] from web service

gwrs.xml

com.scur.engine.billing.4575.xml

com.scur.engine.progresspage.394.xml

com.scur.engine.compositeopener.1.xml

com.scur.engine.sslclientcontext.4585.xml

com.scur.engine.trustedsource.4569.xml

com.scur.mainaction.block.4572.xml

com.scur.engine.datatrickling.396.xml

com.scur.engine.safesearchenforcer.11498.xml

com.scur.mainaction.block.4581.xml

com.mcafee.mwg.list.userdb.xml

5158.xml

com.scur.type.number.4519.xml

com.scur.type.regex.4537.xml

com.scur.type.regex.4551.xml

com.scur.type.regex.4543.xml

com.scur.type.regex.11333.xml

5153.xml

16056.xml

com.scur.type.complex.hostandcertificate.4529.xml

16054.xml

5146.xml

com.scur.type.regex.4518.xml

5145.xml

com.scur.type.regex.10830.xml

com.scur.type.string.6981.xml

com.scur.type.ip.4552.xml

com.scur.type.regex.11347.xml

5147.xml

5156.xml

5157.xml

10001.xml

com.scur.list.dlpcategory.fisma_compliance.xml

com.scur.list.mediatype.audio.xml

com.scur.list.applcntrl.monitoring.xml

com.scur.list.category.society_education_religion.xml

com.scur.list.dlpcategory.austria_policy.xml

com.scur.list.dlpcategory.acceptable_use.xml

com.scur.list.dlpcategory.australia_policy.xml

com.scur.list.dlpcategory.turkey_policy.xml

com.scur.list.mediatype.streams.xml

com.scur.list.applcntrl.voip.xml

com.scur.list.applcntrl.photovideosharing.xml

com.scur.list.dlpcategory.financial_and_security_compliance.xml

com.scur.list.applcntrl.im.xml

com.scur.list.applcntrl.gaming.xml

com.scur.list.dlpcategory.netherlands_policy.xml

com.scur.list.mediatype.documents.xml

com.scur.list.applcntrl.embeddedwebapps.xml

com.scur.list.dlpcategory.chinese_taiwan_policy.xml

com.scur.list.dlpcategory.spain_policy.xml

com.scur.list.dlpcategory.uk_policy.xml

com.scur.list.applcntrl.onlinecrawlers.xml

com.scur.list.dlpcategory.japan_policy.xml

com.scur.list.dlpcategory.sox_compliance.xml

com.scur.list.applcntrl.erpcrm.xml

com.scur.list.applcntrl.storage.xml

com.scur.list.category.drugs.xml

com.scur.list.applcntrl.businesswebapps.xml

com.scur.list.applcntrl.database.xml

com.scur.list.applcntrl.tunnels.xml

com.scur.list.applcntrl.webbrowsing.xml

com.scur.list.category.purchasing.xml

com.scur.list.mediatype.text.xml

com.scur.list.dlpcategory.israel_policy.xml

com.scur.list.dlpcategory.brazil_policy.xml

com.scur.list.mediatype.arc.xml

com.scur.list.applcntrl.p2p.xml

com.scur.list.dlpcategory.poland_policy.xml

com.scur.list.dlpcategory.entertainment_industry_ip.xml

com.scur.list.dlpcategory.france_policy.xml

com.scur.list.dlpcategory.german_policy.xml

com.scur.list.dlpcategory.employee_discontent.xml

com.scur.list.category.games_gambling.xml

com.scur.list.dlpcategory.czech_policy.xml

com.scur.list.dlpcategory.chinese_hong_kong_policy.xml

com.scur.list.dlpcategory.payment_card_industry.xml

com.scur.list.applcntrl.offlinecrawlers.xml

com.scur.list.dlpcategory.russia_policy.xml

com.scur.list.dlpcategory.high_technology_industry_ip.xml

com.scur.list.dlpcategory.legal.xml

com.scur.list.dlpcategory.canada_policy.xml

com.scur.list.category.informationtechnologie.xml

com.scur.list.dlpcategory.india_policy.xml

Policy synchronization failed: Failed to add /lists/com.scur.list.applcntrl.onlinecrawlers: 408

jmazzeo07 · ‎05-04-2016

Adding info: I'm using trial licenses in my Web Gateway and the SaaS license is trial too.

eelsasser · ‎05-04-2016

A default policy will not synchronize by default because none of the rules are enabled in the cloud.

Try enabling the whitelist or URL Filtering rules:

Troja · ‎05-05-2016

Hi ,

i took a look at your screenshot in your first posting. I compared it with my SaaS Portal. I´m missing the hint about the Web Hybrid, look at my screenshot.

From my Point of Information it Looks like your SaaS account is not WebHybrid enabled.

Cheers

jmazzeo07 · ‎05-05-2016

I have enabled 2 policies to sync with the cloud in my Gateway, one is the URL Filtering.

Maybe I don't have that option because the policies from the Gateway never finish the sync.

Troja · ‎05-10-2016

We enabled WebHybrid for a customer yesterday.

1) we opened the SaaS portal (for endpoint) and activated Web Protection.

2) Afterwards we added a user for MWG under https://portal.mcafeesaas.com. We granted the Customer Admin role to this account.

3) Added the account to mwg and we were able to synchronize.

If no cloud rule is configured, you can see an information about that. But MWG should be able to contact the SaaS Service.

Under Troubleshooting you can find the result of the synchronization.

Just another hint. Do not use the "Web Hybrid Legacy settings" in MWG, use the WebHybrid Settings in the Top of MWG Gui directly under "Licenses".

Cheers

jmazzeo07 · ‎05-10-2016

Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.

MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Re: MWG rules to SaaS syncronization issue

Community Help Hub

Join the Community