Users of Multi-Tenant and Application Protection Subscription (APS) may experience an issue during an update to the APS database.
When the ProxySG appliance downloads an updated APS database, it re-compiles all policy before it installs the database. During this process, if any multi-tenant policy object has the same name as an object in non-tenant policy, policy fails to compile and the APS database installation fails, but continues to attempt installation. A memory leak in this process compounds in subsequent failed attempts, resulting in system instability.
% New default policy was installed. Failed to refresh 1 tenant policy
The policy compilation process will not complete successfully if mutilple objects bear the same name. During normal operation, a list of compilation errors are produced and the process stops. During a APS database update, however, the system continually attempts to compile policy.
ProxySG deployments that make use of both Multi-Tenant configurations and the Application Protection Subscription service.