ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

New Application Protection Subscription Database Update Fails to Install when Multi-Tenant Policy Fails to Compile

book

Article ID: 170346

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Users of Multi-Tenant and Application Protection Subscription (APS) may experience an issue during an update to the APS database. 

When the ProxySG appliance downloads an updated APS database, it re-compiles all policy before it installs the database. During this process, if any multi-tenant policy object has the same name as an object in non-tenant policy, policy fails to compile and the APS database installation fails, but continues to attempt installation. A memory leak in this process compounds in subsequent failed attempts, resulting in system instability.

%  New default policy was installed. Failed to refresh 1 tenant policy

Cause

The policy compilation process will not complete successfully if mutilple objects bear the same name. During normal operation, a list of compilation errors are produced and the process stops. During a APS database update, however, the system continually attempts to compile policy.

Environment

ProxySG deployments that make use of both Multi-Tenant configurations and the Application Protection Subscription service.

Resolution

  • Fix the policy compilation issue.
    • Examine and compare your local and multi-tenant policy object names and alter any duplicates.
    • To compare policy sets and search for object names, you can use the policy viewer. See this article for details. 
  • Update to 6.7.4 or later.
    • The memory leak component to this issue is resolved in SGOS 6.7.4.
  • Disable automatic APS updates
Powered by Wolken Software