Hi all, I'm testing SaaS on my lab cause I need to deploy it on a client.
I have done all the configuration to Sync the policies with the Web Gateway, but i Can't see the Hybrid policies on the Web SaaS Protection Rules:
I'm working with a host with MCP and it redirects the traffic without problem, but I can't apply policies with the group membership of the users like directly connected.
I see this error on my Gateway sync log:
Information about most recent policy synchronization:
No informationPolicy is not in synchronized state
*** 2016/5/2 12:34:41 ***
Starting policy synchronization
Going to synchronize 2 rules files, 7 configs, 186 lists, 1 subscribed lists, and 738 error template resources.
Got temporary active configuration [2016-05-02_09-48-38-871_+0000] from web service
com.scur.type.ip.509.xml
5136.xml
com.scur.engine.streamdetector.16393.xml
com.scur.engine.trustedsource.4569.xml
gwrs.xml
com.scur.mainaction.block.15139.xml
com.scur.engine.billing.4575.xml
5147.xml
com.scur.mainaction.block.4577.xml
com.scur.engine.antivirus.4589.xml
com.scur.type.iprange.366.xml
com.scur.type.category.243.xml
com.scur.type.regex.903.xml
com.scur.type.string.880.xml
5158.xml
com.scur.type.regex.4518.xml
com.scur.type.ip.935.xml
com.scur.type.regex.387.xml
com.scur.type.string.805.xml
com.scur.type.applcontrol.883.xml
com.scur.type.category.248.xml
com.scur.type.regex.11333.xml
com.scur.type.regex.923.xml
com.scur.type.number.792.xml
com.scur.type.ip.500.xml
com.scur.type.string.510.xml
com.scur.type.regex.4551.xml
com.scur.type.regex.877.xml
com.scur.type.category.247.xml
com.scur.type.iprange.939.xml
com.scur.type.applcontrol.855.xml
com.scur.type.regex.241.xml
com.scur.type.regex.388.xml
com.scur.type.mediatype.376.xml
com.scur.type.string.498.xml
com.scur.type.string.492.xml
com.scur.type.string.803.xml
com.scur.type.number.4519.xml
com.scur.type.string.354.xml
16056.xml
com.scur.type.string.879.xml
com.scur.type.category.249.xml
Policy synchronization failed: Failed to add /lists/com.scur.type.regex.4518: 408
Can somebdoy give me some help?
Thanks and sorry my english.
Solved! Go to Solution.
Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.
Hi!
Based on the ID of that list, I'm thinking it's the global whitelist (because I have a list with that same ID):
# current; head lists/com.scur.type.regex.4518.xml
<?xml version='1.0' encoding='UTF-8'?>
<list version="1.0.3.45" mwg-version="7.6.0-19896" name="Global Whitelist" id="com.scur.type.regex.4 518" typeId="com.scur.type.regex" classifier="Other" systemList="false" structuralList="false" defau ltRights="2">
I'm guessing you have a problem with entry 408 in the global whitelist.
If you make a change to that list and try to save it will probably fail too.
This can happen if at some point you imported duplicate entries, but MWG failed to recognize them as duplicates.
Best Regards,
Jon
Hi Jon, my global whitelist is empty, and it is strange cause every time I try to sync it gives me a different error:
Policy synchronization failed: Failed to add /error_templates/ZGVmYXVsdC9lcy9iYWRyZXF1ZXN0LnR4dA,,: 408 (???)
Policy synchronization failed: Failed to add /lists/com.scur.type.string.654: 408
The last error list is called "Grupo Empleados", and it only have one entry.
<?xml version='1.0' encoding='UTF-8'?>
<list version="1.0.3.45" mwg-version="7.5.2.3.0-20202" name="Grupo Empleados" id="com.scur.type.string.654" typeId="com.scur.type.string" classifier="Groups" systemList="false" structuralList="false" defaultRights="2">
<description></description>
<content>
<listEntry>
<entry>g_Empleados</entry>
<description></description>
</listEntry>
</content>
</list>
Answering to myself, I have installed a new Web Gateway with just the default rules an nothing else, and I'm having the same issue and log error:
Information about most recent policy synchronization:
No informationPolicy is not in synchronized state
*** 2016/5/4 19:09:13 ***
Starting policy synchronization
Going to synchronize 2 rules files, 9 configs, 114 lists, 1 subscribed lists, and 173 error template resources.
Got temporary active configuration [2016-05-04_13-22-59-958_+0000] from web service
gwrs.xml
com.scur.engine.billing.4575.xml
com.scur.engine.progresspage.394.xml
com.scur.engine.compositeopener.1.xml
com.scur.engine.sslclientcontext.4585.xml
com.scur.engine.trustedsource.4569.xml
com.scur.mainaction.block.4572.xml
com.scur.engine.datatrickling.396.xml
com.scur.engine.safesearchenforcer.11498.xml
com.scur.mainaction.block.4581.xml
com.mcafee.mwg.list.userdb.xml
5158.xml
com.scur.type.number.4519.xml
com.scur.type.regex.4537.xml
com.scur.type.regex.4551.xml
com.scur.type.regex.4543.xml
com.scur.type.regex.11333.xml
5153.xml
16056.xml
com.scur.type.complex.hostandcertificate.4529.xml
16054.xml
5146.xml
com.scur.type.regex.4518.xml
5145.xml
com.scur.type.regex.10830.xml
com.scur.type.string.6981.xml
com.scur.type.ip.4552.xml
com.scur.type.regex.11347.xml
5147.xml
5156.xml
5157.xml
10001.xml
com.scur.list.dlpcategory.fisma_compliance.xml
com.scur.list.mediatype.audio.xml
com.scur.list.applcntrl.monitoring.xml
com.scur.list.category.society_education_religion.xml
com.scur.list.dlpcategory.austria_policy.xml
com.scur.list.dlpcategory.acceptable_use.xml
com.scur.list.dlpcategory.australia_policy.xml
com.scur.list.dlpcategory.turkey_policy.xml
com.scur.list.mediatype.streams.xml
com.scur.list.applcntrl.voip.xml
com.scur.list.applcntrl.photovideosharing.xml
com.scur.list.dlpcategory.financial_and_security_compliance.xml
com.scur.list.applcntrl.im.xml
com.scur.list.applcntrl.gaming.xml
com.scur.list.dlpcategory.netherlands_policy.xml
com.scur.list.mediatype.documents.xml
com.scur.list.applcntrl.embeddedwebapps.xml
com.scur.list.dlpcategory.chinese_taiwan_policy.xml
com.scur.list.dlpcategory.spain_policy.xml
com.scur.list.dlpcategory.uk_policy.xml
com.scur.list.applcntrl.onlinecrawlers.xml
com.scur.list.dlpcategory.japan_policy.xml
com.scur.list.dlpcategory.sox_compliance.xml
com.scur.list.applcntrl.erpcrm.xml
com.scur.list.applcntrl.storage.xml
com.scur.list.category.drugs.xml
com.scur.list.applcntrl.businesswebapps.xml
com.scur.list.applcntrl.database.xml
com.scur.list.applcntrl.tunnels.xml
com.scur.list.applcntrl.webbrowsing.xml
com.scur.list.category.purchasing.xml
com.scur.list.mediatype.text.xml
com.scur.list.dlpcategory.israel_policy.xml
com.scur.list.dlpcategory.brazil_policy.xml
com.scur.list.mediatype.arc.xml
com.scur.list.applcntrl.p2p.xml
com.scur.list.dlpcategory.poland_policy.xml
com.scur.list.dlpcategory.entertainment_industry_ip.xml
com.scur.list.dlpcategory.france_policy.xml
com.scur.list.dlpcategory.german_policy.xml
com.scur.list.dlpcategory.employee_discontent.xml
com.scur.list.category.games_gambling.xml
com.scur.list.dlpcategory.czech_policy.xml
com.scur.list.dlpcategory.chinese_hong_kong_policy.xml
com.scur.list.dlpcategory.payment_card_industry.xml
com.scur.list.applcntrl.offlinecrawlers.xml
com.scur.list.dlpcategory.russia_policy.xml
com.scur.list.dlpcategory.high_technology_industry_ip.xml
com.scur.list.dlpcategory.legal.xml
com.scur.list.dlpcategory.canada_policy.xml
com.scur.list.category.informationtechnologie.xml
com.scur.list.dlpcategory.india_policy.xml
Policy synchronization failed: Failed to add /lists/com.scur.list.applcntrl.onlinecrawlers: 408
Adding info: I'm using trial licenses in my Web Gateway and the SaaS license is trial too.
A default policy will not synchronize by default because none of the rules are enabled in the cloud.
Try enabling the whitelist or URL Filtering rules:
We enabled WebHybrid for a customer yesterday.
1) we opened the SaaS portal (for endpoint) and activated Web Protection.
2) Afterwards we added a user for MWG under https://portal.mcafeesaas.com. We granted the Customer Admin role to this account.
3) Added the account to mwg and we were able to synchronize.
If no cloud rule is configured, you can see an information about that. But MWG should be able to contact the SaaS Service.
Under Troubleshooting you can find the result of the synchronization.
Just another hint. Do not use the "Web Hybrid Legacy settings" in MWG, use the WebHybrid Settings in the Top of MWG Gui directly under "Licenses".
Cheers
Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA