Users of Multi-Tenant and Application Protection Subscription (APS) may experience an issue during an update to the APS database. 

When the ProxySG appliance downloads an updated APS database, it re-compiles all policy before it installs the database. During this process, if any multi-tenant policy object has the same name as an object in non-tenant policy, policy fails to compile and the APS database installation fails, but continues to attempt installation. A memory leak in this process compounds in subsequent failed attempts, resulting in system instability.

%  New default policy was installed. Failed to refresh 1 tenant policy

The policy compilation process will not complete successfully if mutilple objects bear the same name. During normal operation, a list of compilation errors are produced and the process stops. During a APS database update, however, the system continually attempts to compile policy.

ProxySG deployments that make use of both Multi-Tenant configurations and the Application Protection Subscription service.

• Fix the policy compilation issue.
  • Examine and compare your local and multi-tenant policy object names and alter any duplicates.
  • To compare policy sets and search for object names, you can use the policy viewer. See this article for details. 
• Update to 6.7.4 or later.
  • The memory leak component to this issue is resolved in SGOS 6.7.4.
• Disable automatic APS updates