Following the update to Web Security Service (WSS) in November 2017, WSS requires a specific set of criteria to integrate it with ProxySG appliances. Previous WSS/ProxySG integrations, where this configuration required that ProxySG administrators were required to enter the WSS login credentials on the ProxySG are invalidated by this change. 

When integrating WSS and ProxySG in the current system, the only permitted username is sg-register. The password for the service is generated as a token in the WSS portal. WSS uses this token to identify the appropriate Web Security Service account.

This article details the steps to configure WSS and ProxySG integration.

This configuration takes place in two parts - Configure WSS to expect a connection from your ProxySG appliance(s) using a unique token, then configure your ProxySG appliance(s) to use that token.

Web Security Service Portal

1. Log in to your account on the WSS portal at https://portal.threatpulse.com.
2. From Solutions > Service  > Account Maintenance, select Integrations.
3. Click New Integration. The portal displays the New Integration dialog, prompting you to choose ProxySG or Management Center.
4. Select ProxySG. The portal displays the New Integration dialog.
   
5. You can set the token generated by the portal to expire by a certain time or date, after a specific amount of use, or never. Select the option appropriate to your configuration.
   NOTE: The same token can be used on multiple ProxySG appliances, as long as it is valid. 
6. Right-click the token field and select copy to save the token to your local system's clipboard. This token is the password for your connection from Management Center to WSS.

ProxySG

1. Connect to your ProxySG appliance(s) via SSH, enter enable mode, and configuration terminal mode:
   >en
#conf t
2. Enter the cloud-service settings area and enter the WSS connection details from above:
   #cloud-service
   (cloud-service)# register [location-name] sg-register [wss-token]

Example

For a location named SatelliteOffice1, using the token from the WSS portion of this procedure above:

(cloud-service)# register SatelliteOffice1 sg-register 190072n6-cb0e-4a7a-b1b3-a6767e4e27b8