Cannot enable SSL Interception for Universal or WSS enforcement

book

Article ID: 170707

calendar_today

Updated On:

Products

Web Security Service - WSS ProxySG Software - SGOS

Issue/Introduction

You are trying to enable SSL Interception (on the Visual Policy Manager, also known as VPM, on the SSL Interception layer) with the Web Security Service (for policies applied only to Web Security Service) or Universal (policies applied to both Appliance and WSS) enforcement, but you are receiving an error. It only seems to work from Appliance enforcement.

"The detect_protocol property is enabled on most of the WSS services. Please ensure that WSS service configuration matches your policy expectations". (The SSL Intercept. an action is shown in red)."

Environment

Management Center, Web Security Service, and Proxy SG with SGOS 6.7.3.1

Resolution

  1. Close the VPM editor (if opened), and open an SSH session to your Reference ProxySG.
  2. Type "en" (without quotations) to enter the Enabled mode.
  3. Type "load policy classification" (without quotations), and wait for the Proxy to update, as shown below:       
  4. Finish the SSH session, and re-open the VPM editor.
  5. Write the SSL Interception rule on the SSL Interception layer again. (Example: Any-Any, Action: SSL Interception enabled, Enforcement: WSS).
  6. You should be able to save the policy now. Proceed to apply it to the corresponding targets.

NOTE: If for any reason you are getting an error that the URL is not reachable. Change the URL to http vs https using the following commands via CLI. 

proxy#load policy classification path http://bto.bluecoat.com/download/modules/security/SGv6/policyclassifier.xml

Attachments