The content filter database download failed

book

Article ID: 166965

calendar_today

Updated On:

Products

ProxySG Software - SGOS Symantec WebFilter (formerly Blue Coat WebFilter - BCWF) Intelligence Services Secure Web Gateway Virtual Appliance

Issue/Introduction

The content filter database download can fail because of the following reasons: 

  • Error: HTTP 401 - Unauthorized,
  • Wrong selection of Data source and
  • if all traffic is forwarded to an Upstream proxy and when  'download-via-forwarding' option is not enabled.

Resolution

Since content filter database downloads can fail for many reasons - from simple network issues to vendor-specific consistency check failures - Blue Coat provides a detailed diagnostic log instead of sending content filter database failures to the event log. To access this specific diagnostic log, please do the following:

From the command line interface (CLI), use the CLI command SGOS#(config) show content-filter status

From the Management Console go to Statistics > Advanced > Content Filtering > Show content filter status

The Download log includes a step-by-step indication of what may have gone wrong. If you actually forced an immediate download in the GUI, this log is what the "results" button shows you.

  • If you see "ERROR: HTTP 401 - Unauthorized" in this log, verify your content filter database credentials, such as username and password, are correct.  A "401 - Unauthorized"  could also mean that your content filter database subscription has expired.  If your subscription has elapsed, please contact your reseller or Blue Coat account representative or Customer care team at  1 (800) 721 3934 [Option: 2 > 3] for renewal procedures. 
  • If a BCIS license was purchased, it is necessary to change the settings of the proxy to reflect it. Otherwise, the proxy will continue to use the expired license to download the database. This change can be made from Management Console > Configuration > Content Filtering > Blue Coat. Change the Data Source from 'Web Filter' to 'Intelligence Services' and select 'Apply'. Then download the database by selecting 'Download Now'. NOTE: If you have a BCIS license, it doesn't require a username and password to proceed with the download.
  • If you have an upstream proxy and all internet traffic must be forwarded to this upstream proxy, you will need to ensure that 'download-via-forwarding' is enabled using the following CLI command:

SGOS>enable
Enable Password:
SGOS#config t
Enter configuration commands, one per line.  End with CTRL-Z.
SGOS#(config)forwarding
SGOS#(config forwarding)download-via-forwarding enable
  ok
SGOS#(config forwarding)

For further troubleshooting, obtain a packet capture of the download attempt. Packet captures can be obtained as follows:

  • At the URL https://x.x.x.x:8082/PCAP/Statistics, and can be viewed with packet capture software such as Wireshark.  You can download Wireshark at https://www.wireshark.org/
  • Or else go to MC. Navigate to Maintenance - Service Information - Packet capture. Apply the following filter and start capture "ip host <client ip> or host <test website domain hostname e.g. www.surveymonkey.com> or ip host <test website IP Address> ". Reproduce the issue. Provide the URL in question, and please ensure minimum traffic and trace only the URLs in question.Stop packet capture.