1 2 Previous Next 10 Replies Latest reply on May 11, 2016 9:41 AM by Troja

    MWG rules to SaaS syncronization issue

    jmazzeo07

      Hi all, I'm testing SaaS on my lab cause I need to deploy it on a client.

      I have done all the configuration to Sync the policies with the Web Gateway, but i Can't see the Hybrid policies on the Web SaaS Protection Rules:

       

      saas.JPG

      I'm working with a host with MCP and it redirects the traffic without problem, but I can't apply policies with the group membership of the users like directly connected.

       

      I see this error on my Gateway sync log:

       

      Information about most recent policy synchronization:

      No informationPolicy is not in synchronized state

      *** 2016/5/2 12:34:41 ***

      Starting policy synchronization

      Going to synchronize 2 rules files, 7 configs, 186 lists, 1 subscribed lists, and 738 error template resources.

      Got temporary active configuration [2016-05-02_09-48-38-871_+0000] from web service

          com.scur.type.ip.509.xml

          5136.xml

          com.scur.engine.streamdetector.16393.xml

          com.scur.engine.trustedsource.4569.xml

          gwrs.xml

          com.scur.mainaction.block.15139.xml

          com.scur.engine.billing.4575.xml

          5147.xml

          com.scur.mainaction.block.4577.xml

          com.scur.engine.antivirus.4589.xml

          com.scur.type.iprange.366.xml

          com.scur.type.category.243.xml

          com.scur.type.regex.903.xml

          com.scur.type.string.880.xml

          5158.xml

          com.scur.type.regex.4518.xml

          com.scur.type.ip.935.xml

          com.scur.type.regex.387.xml

          com.scur.type.string.805.xml

          com.scur.type.applcontrol.883.xml

          com.scur.type.category.248.xml

          com.scur.type.regex.11333.xml

          com.scur.type.regex.923.xml

          com.scur.type.number.792.xml

          com.scur.type.ip.500.xml

          com.scur.type.string.510.xml

          com.scur.type.regex.4551.xml

          com.scur.type.regex.877.xml

          com.scur.type.category.247.xml

          com.scur.type.iprange.939.xml

          com.scur.type.applcontrol.855.xml

          com.scur.type.regex.241.xml

          com.scur.type.regex.388.xml

          com.scur.type.mediatype.376.xml

          com.scur.type.string.498.xml

          com.scur.type.string.492.xml

          com.scur.type.string.803.xml

          com.scur.type.number.4519.xml

          com.scur.type.string.354.xml

          16056.xml

          com.scur.type.string.879.xml

          com.scur.type.category.249.xml

      Policy synchronization failed: Failed to add /lists/com.scur.type.regex.4518: 408

       

       

      Can somebdoy give me some help?

       

      Thanks and sorry my english.

        • 1. Re: MWG rules to SaaS syncronization issue
          Jon Scholten

          Hi!

           

          Based on the ID of that list, I'm thinking it's the global whitelist (because I have a list with that same ID):

           

          # current; head lists/com.scur.type.regex.4518.xml
          <?xml version='1.0' encoding='UTF-8'?>
          <list version="1.0.3.45" mwg-version="7.6.0-19896" name="Global Whitelist" id="com.scur.type.regex.4                                                                                                                                                    518" typeId="com.scur.type.regex" classifier="Other" systemList="false" structuralList="false" defau                                                                                                                                                    ltRights="2">
          

           

          I'm guessing you have a problem with entry 408 in the global whitelist.

           

          If you make a change to that list and try to save it will probably fail too.

           

          This can happen if at some point you imported duplicate entries, but MWG failed to recognize them as duplicates.

           

          Best Regards,

          Jon

          • 2. Re: MWG rules to SaaS syncronization issue
            jmazzeo07

            Hi Jon, my global whitelist is empty, and it is strange cause every time I try to sync it gives me a different error:

             

            Policy synchronization failed: Failed to add /error_templates/ZGVmYXVsdC9lcy9iYWRyZXF1ZXN0LnR4dA,,: 408     (???)

             

            Policy synchronization failed: Failed to add /lists/com.scur.type.string.654: 408

             

            The last error list is called "Grupo Empleados", and it only have one entry.

             

            <?xml version='1.0' encoding='UTF-8'?>

            <list version="1.0.3.45" mwg-version="7.5.2.3.0-20202" name="Grupo Empleados" id="com.scur.type.string.654" typeId="com.scur.type.string" classifier="Groups" systemList="false" structuralList="false" defaultRights="2">

              <description></description>

              <content>

                <listEntry>

                  <entry>g_Empleados</entry>

                  <description></description>

                </listEntry>

              </content>

            </list>

            • 3. Re: MWG rules to SaaS syncronization issue
              jmazzeo07

              Answering to myself, I have installed a new Web Gateway with just the default rules an nothing else, and I'm having the same issue and log error:

               

              Information about most recent policy synchronization:

              No informationPolicy is not in synchronized state

              *** 2016/5/4 19:09:13 ***

              Starting policy synchronization

              Going to synchronize 2 rules files, 9 configs, 114 lists, 1 subscribed lists, and 173 error template resources.

              Got temporary active configuration [2016-05-04_13-22-59-958_+0000] from web service

                  gwrs.xml

                  com.scur.engine.billing.4575.xml

                  com.scur.engine.progresspage.394.xml

                  com.scur.engine.compositeopener.1.xml

                  com.scur.engine.sslclientcontext.4585.xml

                  com.scur.engine.trustedsource.4569.xml

                  com.scur.mainaction.block.4572.xml

                  com.scur.engine.datatrickling.396.xml

                  com.scur.engine.safesearchenforcer.11498.xml

                  com.scur.mainaction.block.4581.xml

                  com.mcafee.mwg.list.userdb.xml

                  5158.xml

                  com.scur.type.number.4519.xml

                  com.scur.type.regex.4537.xml

                  com.scur.type.regex.4551.xml

                  com.scur.type.regex.4543.xml

                  com.scur.type.regex.11333.xml

                  5153.xml

                  16056.xml

                  com.scur.type.complex.hostandcertificate.4529.xml

                  16054.xml

                  5146.xml

                  com.scur.type.regex.4518.xml

                  5145.xml

                  com.scur.type.regex.10830.xml

                  com.scur.type.string.6981.xml

                  com.scur.type.ip.4552.xml

                  com.scur.type.regex.11347.xml

                  5147.xml

                  5156.xml

                  5157.xml

                  10001.xml

                  com.scur.list.dlpcategory.fisma_compliance.xml

                  com.scur.list.mediatype.audio.xml

                  com.scur.list.applcntrl.monitoring.xml

                  com.scur.list.category.society_education_religion.xml

                  com.scur.list.dlpcategory.austria_policy.xml

                  com.scur.list.dlpcategory.acceptable_use.xml

                  com.scur.list.dlpcategory.australia_policy.xml

                  com.scur.list.dlpcategory.turkey_policy.xml

                  com.scur.list.mediatype.streams.xml

                  com.scur.list.applcntrl.voip.xml

                  com.scur.list.applcntrl.photovideosharing.xml

                  com.scur.list.dlpcategory.financial_and_security_compliance.xml

                  com.scur.list.applcntrl.im.xml

                  com.scur.list.applcntrl.gaming.xml

                  com.scur.list.dlpcategory.netherlands_policy.xml

                  com.scur.list.mediatype.documents.xml

                  com.scur.list.applcntrl.embeddedwebapps.xml

                  com.scur.list.dlpcategory.chinese_taiwan_policy.xml

                  com.scur.list.dlpcategory.spain_policy.xml

                  com.scur.list.dlpcategory.uk_policy.xml

                  com.scur.list.applcntrl.onlinecrawlers.xml

                  com.scur.list.dlpcategory.japan_policy.xml

                  com.scur.list.dlpcategory.sox_compliance.xml

                  com.scur.list.applcntrl.erpcrm.xml

                  com.scur.list.applcntrl.storage.xml

                  com.scur.list.category.drugs.xml

                  com.scur.list.applcntrl.businesswebapps.xml

                  com.scur.list.applcntrl.database.xml

                  com.scur.list.applcntrl.tunnels.xml

                  com.scur.list.applcntrl.webbrowsing.xml

                  com.scur.list.category.purchasing.xml

                  com.scur.list.mediatype.text.xml

                  com.scur.list.dlpcategory.israel_policy.xml

                  com.scur.list.dlpcategory.brazil_policy.xml

                  com.scur.list.mediatype.arc.xml

                  com.scur.list.applcntrl.p2p.xml

                  com.scur.list.dlpcategory.poland_policy.xml

                  com.scur.list.dlpcategory.entertainment_industry_ip.xml

                  com.scur.list.dlpcategory.france_policy.xml

                  com.scur.list.dlpcategory.german_policy.xml

                  com.scur.list.dlpcategory.employee_discontent.xml

                  com.scur.list.category.games_gambling.xml

                  com.scur.list.dlpcategory.czech_policy.xml

                  com.scur.list.dlpcategory.chinese_hong_kong_policy.xml

                  com.scur.list.dlpcategory.payment_card_industry.xml

                  com.scur.list.applcntrl.offlinecrawlers.xml

                  com.scur.list.dlpcategory.russia_policy.xml

                  com.scur.list.dlpcategory.high_technology_industry_ip.xml

                  com.scur.list.dlpcategory.legal.xml

                  com.scur.list.dlpcategory.canada_policy.xml

                  com.scur.list.category.informationtechnologie.xml

                  com.scur.list.dlpcategory.india_policy.xml

              Policy synchronization failed: Failed to add /lists/com.scur.list.applcntrl.onlinecrawlers: 408

              • 4. Re: MWG rules to SaaS syncronization issue
                jmazzeo07

                Adding info: I'm using trial licenses in my Web Gateway and the SaaS license is trial too.

                • 5. Re: MWG rules to SaaS syncronization issue

                  A default policy will not synchronize by default because none of the rules are enabled in the cloud.

                  Try enabling the whitelist or URL Filtering rules:

                  Capture.png

                  Capture1.png

                  • 6. Re: MWG rules to SaaS syncronization issue
                    Troja

                    Hi jmazzeo07,

                    i took a look at your screenshot in your first posting. I compared it with my SaaS Portal. I´m missing the hint about the Web Hybrid, look at my screenshot.

                     

                    SaaS.png

                     

                    From my Point of Information it Looks like your SaaS account is not WebHybrid enabled.

                    Cheers

                    • 7. Re: MWG rules to SaaS syncronization issue
                      jmazzeo07

                      eelsasser I have enabled 2 policies to sync with the cloud in my Gateway, one is the URL Filtering.

                       

                      Troja Maybe I don't have that option because the policies from the Gateway never finish the sync.

                      • 8. Re: MWG rules to SaaS syncronization issue
                        Troja

                        We enabled WebHybrid for a customer yesterday.

                        1) we opened the SaaS portal (for endpoint) and activated Web Protection.

                        2) Afterwards we added a user for MWG under https://portal.mcafeesaas.com. We granted the Customer Admin role to this account.

                        3) Added the account to mwg and we were able to synchronize.

                         

                        If no cloud rule is configured, you can see an information about that. But MWG should be able to contact the SaaS Service.

                        Under Troubleshooting you can find the result of the synchronization.

                         

                        Just another hint. Do not use the "Web Hybrid Legacy settings" in MWG, use the WebHybrid Settings in the Top of MWG Gui directly under "Licenses".

                         

                        Cheers

                        • 9. Re: MWG rules to SaaS syncronization issue
                          jmazzeo07

                          Hi to all, last thursday I login to the web protection console and.. It was all synchronized... nobody change nothing, so I don't know what happened, It's working now. Thanks to all for the answers and the help.

                          1 2 Previous Next