Notify.bluecoat.com unexpectedly shows up when using coaching pages

book

Article ID: 169743

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

If you are using the following deployment method and configuration, there is a possibility where the user will receive an unexpected coaching page error when using Proxy Forwarding method with ProxySG
 
- Access Method: Proxy Forwarding using on-premise ProxySG
- Web Security Service (WSS) Content Filtering policy contains Verdict for "Allow with Coach" 

The notify page comes up instead of the coaching page

"You have reached notify.bluecoat.com"

Cause

The issue is related to Web Security Service (WSS) Load Balancing logic. If the origin web request and notify page request are sent to different WSS Datapod, the user will receive a coaching page error as displayed above.
 

Environment

Proxy Forwarding access method

Resolution

Resolution:
Support has raised a bug with Engineering on a permanent solution in future.
 
 
Workaround:
For customer who follows Web Security Service (WSS) "ProxyForwardingCPL" reference:-
https://portal.threatpulse.com/docs/am/AccessMethods/Reference/fwding_policy.htm
 
 
You can apply the following CPL as a workaround.
===BEGIN===
; If you are applying Verdict for "Allow with Coach" in WSS Content Filtering Policy, you must apply;
the following policy to set proper forwarding host for notify.bluecoat.com based on server URL scheme
 
<Forward Cloud> server_url.domain=notify.bluecoat.com
server_url.query.regex="http/" forward("Threatpulse8443")
server_url.query.regex="https/" forward("ThreatpulseHTTP8080")
===END===

Attachments