cancel
Showing results for 
Search instead for 
Did you mean: 
jmazzeo07
Level 9

MWG rules to SaaS syncronization issue

Jump to solution

Hi all, I'm testing SaaS on my lab cause I need to deploy it on a client.

I have done all the configuration to Sync the policies with the Web Gateway, but i Can't see the Hybrid policies on the Web SaaS Protection Rules:

saas.JPG

I'm working with a host with MCP and it redirects the traffic without problem, but I can't apply policies with the group membership of the users like directly connected.

I see this error on my Gateway sync log:

Information about most recent policy synchronization:

No informationPolicy is not in synchronized state

*** 2016/5/2 12:34:41 ***

Starting policy synchronization

Going to synchronize 2 rules files, 7 configs, 186 lists, 1 subscribed lists, and 738 error template resources.

Got temporary active configuration [2016-05-02_09-48-38-871_+0000] from web service

    com.scur.type.ip.509.xml

    5136.xml

    com.scur.engine.streamdetector.16393.xml

    com.scur.engine.trustedsource.4569.xml

    gwrs.xml

    com.scur.mainaction.block.15139.xml

    com.scur.engine.billing.4575.xml

    5147.xml

    com.scur.mainaction.block.4577.xml

    com.scur.engine.antivirus.4589.xml

    com.scur.type.iprange.366.xml

    com.scur.type.category.243.xml

    com.scur.type.regex.903.xml

    com.scur.type.string.880.xml

    5158.xml

    com.scur.type.regex.4518.xml

    com.scur.type.ip.935.xml

    com.scur.type.regex.387.xml

    com.scur.type.string.805.xml

    com.scur.type.applcontrol.883.xml

    com.scur.type.category.248.xml

    com.scur.type.regex.11333.xml

    com.scur.type.regex.923.xml

    com.scur.type.number.792.xml

    com.scur.type.ip.500.xml

    com.scur.type.string.510.xml

    com.scur.type.regex.4551.xml

    com.scur.type.regex.877.xml

    com.scur.type.category.247.xml

    com.scur.type.iprange.939.xml

    com.scur.type.applcontrol.855.xml

    com.scur.type.regex.241.xml

    com.scur.type.regex.388.xml

    com.scur.type.mediatype.376.xml

    com.scur.type.string.498.xml

    com.scur.type.string.492.xml

    com.scur.type.string.803.xml

    com.scur.type.number.4519.xml

    com.scur.type.string.354.xml

    16056.xml

    com.scur.type.string.879.xml

    com.scur.type.category.249.xml

Policy synchronization failed: Failed to add /lists/com.scur.type.regex.4518: 408

Can somebdoy give me some help?

Thanks and sorry my english.

0 Kudos
1 Solution

Accepted Solutions
jmazzeo07
Level 9

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.

0 Kudos
10 Replies
McAfee Employee

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi!

Based on the ID of that list, I'm thinking it's the global whitelist (because I have a list with that same ID):


# current; head lists/com.scur.type.regex.4518.xml


<?xml version='1.0' encoding='UTF-8'?>


<list version="1.0.3.45" mwg-version="7.6.0-19896" name="Global Whitelist" id="com.scur.type.regex.4                                                                                                                                                    518" typeId="com.scur.type.regex" classifier="Other" systemList="false" structuralList="false" defau                                                                                                                                                    ltRights="2">


I'm guessing you have a problem with entry 408 in the global whitelist.

If you make a change to that list and try to save it will probably fail too.

This can happen if at some point you imported duplicate entries, but MWG failed to recognize them as duplicates.

Best Regards,

Jon

0 Kudos
jmazzeo07
Level 9

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi Jon, my global whitelist is empty, and it is strange cause every time I try to sync it gives me a different error:

Policy synchronization failed: Failed to add /error_templates/ZGVmYXVsdC9lcy9iYWRyZXF1ZXN0LnR4dA,,: 408     (???)

Policy synchronization failed: Failed to add /lists/com.scur.type.string.654: 408

The last error list is called "Grupo Empleados", and it only have one entry.

<?xml version='1.0' encoding='UTF-8'?>

<list version="1.0.3.45" mwg-version="7.5.2.3.0-20202" name="Grupo Empleados" id="com.scur.type.string.654" typeId="com.scur.type.string" classifier="Groups" systemList="false" structuralList="false" defaultRights="2">

  <description></description>

  <content>

    <listEntry>

      <entry>g_Empleados</entry>

      <description></description>

    </listEntry>

  </content>

</list>

0 Kudos
jmazzeo07
Level 9

Re: MWG rules to SaaS syncronization issue

Jump to solution

Answering to myself, I have installed a new Web Gateway with just the default rules an nothing else, and I'm having the same issue and log error:

Information about most recent policy synchronization:

No informationPolicy is not in synchronized state

*** 2016/5/4 19:09:13 ***

Starting policy synchronization

Going to synchronize 2 rules files, 9 configs, 114 lists, 1 subscribed lists, and 173 error template resources.

Got temporary active configuration [2016-05-04_13-22-59-958_+0000] from web service

    gwrs.xml

    com.scur.engine.billing.4575.xml

    com.scur.engine.progresspage.394.xml

    com.scur.engine.compositeopener.1.xml

    com.scur.engine.sslclientcontext.4585.xml

    com.scur.engine.trustedsource.4569.xml

    com.scur.mainaction.block.4572.xml

    com.scur.engine.datatrickling.396.xml

    com.scur.engine.safesearchenforcer.11498.xml

    com.scur.mainaction.block.4581.xml

    com.mcafee.mwg.list.userdb.xml

    5158.xml

    com.scur.type.number.4519.xml

    com.scur.type.regex.4537.xml

    com.scur.type.regex.4551.xml

    com.scur.type.regex.4543.xml

    com.scur.type.regex.11333.xml

    5153.xml

    16056.xml

    com.scur.type.complex.hostandcertificate.4529.xml

    16054.xml

    5146.xml

    com.scur.type.regex.4518.xml

    5145.xml

    com.scur.type.regex.10830.xml

    com.scur.type.string.6981.xml

    com.scur.type.ip.4552.xml

    com.scur.type.regex.11347.xml

    5147.xml

    5156.xml

    5157.xml

    10001.xml

    com.scur.list.dlpcategory.fisma_compliance.xml

    com.scur.list.mediatype.audio.xml

    com.scur.list.applcntrl.monitoring.xml

    com.scur.list.category.society_education_religion.xml

    com.scur.list.dlpcategory.austria_policy.xml

    com.scur.list.dlpcategory.acceptable_use.xml

    com.scur.list.dlpcategory.australia_policy.xml

    com.scur.list.dlpcategory.turkey_policy.xml

    com.scur.list.mediatype.streams.xml

    com.scur.list.applcntrl.voip.xml

    com.scur.list.applcntrl.photovideosharing.xml

    com.scur.list.dlpcategory.financial_and_security_compliance.xml

    com.scur.list.applcntrl.im.xml

    com.scur.list.applcntrl.gaming.xml

    com.scur.list.dlpcategory.netherlands_policy.xml

    com.scur.list.mediatype.documents.xml

    com.scur.list.applcntrl.embeddedwebapps.xml

    com.scur.list.dlpcategory.chinese_taiwan_policy.xml

    com.scur.list.dlpcategory.spain_policy.xml

    com.scur.list.dlpcategory.uk_policy.xml

    com.scur.list.applcntrl.onlinecrawlers.xml

    com.scur.list.dlpcategory.japan_policy.xml

    com.scur.list.dlpcategory.sox_compliance.xml

    com.scur.list.applcntrl.erpcrm.xml

    com.scur.list.applcntrl.storage.xml

    com.scur.list.category.drugs.xml

    com.scur.list.applcntrl.businesswebapps.xml

    com.scur.list.applcntrl.database.xml

    com.scur.list.applcntrl.tunnels.xml

    com.scur.list.applcntrl.webbrowsing.xml

    com.scur.list.category.purchasing.xml

    com.scur.list.mediatype.text.xml

    com.scur.list.dlpcategory.israel_policy.xml

    com.scur.list.dlpcategory.brazil_policy.xml

    com.scur.list.mediatype.arc.xml

    com.scur.list.applcntrl.p2p.xml

    com.scur.list.dlpcategory.poland_policy.xml

    com.scur.list.dlpcategory.entertainment_industry_ip.xml

    com.scur.list.dlpcategory.france_policy.xml

    com.scur.list.dlpcategory.german_policy.xml

    com.scur.list.dlpcategory.employee_discontent.xml

    com.scur.list.category.games_gambling.xml

    com.scur.list.dlpcategory.czech_policy.xml

    com.scur.list.dlpcategory.chinese_hong_kong_policy.xml

    com.scur.list.dlpcategory.payment_card_industry.xml

    com.scur.list.applcntrl.offlinecrawlers.xml

    com.scur.list.dlpcategory.russia_policy.xml

    com.scur.list.dlpcategory.high_technology_industry_ip.xml

    com.scur.list.dlpcategory.legal.xml

    com.scur.list.dlpcategory.canada_policy.xml

    com.scur.list.category.informationtechnologie.xml

    com.scur.list.dlpcategory.india_policy.xml

Policy synchronization failed: Failed to add /lists/com.scur.list.applcntrl.onlinecrawlers: 408

0 Kudos
jmazzeo07
Level 9

Re: MWG rules to SaaS syncronization issue

Jump to solution

Adding info: I'm using trial licenses in my Web Gateway and the SaaS license is trial too.

0 Kudos
eelsasser
Level 15

Re: MWG rules to SaaS syncronization issue

Jump to solution

A default policy will not synchronize by default because none of the rules are enabled in the cloud.

Try enabling the whitelist or URL Filtering rules:

Capture.png

Capture1.png

0 Kudos
Troja
Level 14

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi ,

i took a look at your screenshot in your first posting. I compared it with my SaaS Portal. I´m missing the hint about the Web Hybrid, look at my screenshot.

SaaS.png

From my Point of Information it Looks like your SaaS account is not WebHybrid enabled.

Cheers

0 Kudos
jmazzeo07
Level 9

Re: MWG rules to SaaS syncronization issue

Jump to solution

I have enabled 2 policies to sync with the cloud in my Gateway, one is the URL Filtering.

Maybe I don't have that option because the policies from the Gateway never finish the sync.

0 Kudos
Troja
Level 14

Re: MWG rules to SaaS syncronization issue

Jump to solution

We enabled WebHybrid for a customer yesterday.

1) we opened the SaaS portal (for endpoint) and activated Web Protection.

2) Afterwards we added a user for MWG under https://portal.mcafeesaas.com. We granted the Customer Admin role to this account.

3) Added the account to mwg and we were able to synchronize.

If no cloud rule is configured, you can see an information about that. But MWG should be able to contact the SaaS Service.

Under Troubleshooting you can find the result of the synchronization.

Just another hint. Do not use the "Web Hybrid Legacy settings" in MWG, use the WebHybrid Settings in the Top of MWG Gui directly under "Licenses".

Cheers

0 Kudos
jmazzeo07
Level 9

Re: MWG rules to SaaS syncronization issue

Jump to solution

Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.

0 Kudos