ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

The detect_protocol property is enabled on most of the WSS services

book

Article ID: 170707

calendar_today

Updated On:

Products

Web Security Service - WSS ProxySG Software - SGOS

Issue/Introduction

You are trying to enable SSL Interception (on the Visual Policy Manager, also known as VPM, on the SSL Interception layer) with the Web Security Service (for policies applied only to Web Security Service) or Universal (policies applied to both Appliance and WSS) enforcement, but you are receiving an error. It only seems to work from Appliance enforcement.

"The detect_protocol property is enabled on most of the WSS services. Please ensure that WSS service configuration matches your policy expectations". (The SSL Intercept. an action is shown in red)."

Cause

The policy classification is out of date in the reference ProxySG

Environment

  • Management Center
  • Proxy SG with SGOS 6.7.3.1 and above
  • Web Security Service

Resolution

  1. Close the VPM editor (if opened), and open an SSH session to your Reference ProxySG.
  2. Type "en" (without quotations) to enter the Enabled mode.
  3. Type "load policy classification" (without quotations), and wait for the Proxy to update, as shown below:   

       

  4. Finish the SSH session, and re-open the VPM editor.
  5. Write the SSL Interception rule on the SSL Interception layer again. (Example: Any-Any, Action: SSL Interception enabled, Enforcement: WSS).
  6. You should be able to save the policy now. Proceed to apply it to the corresponding targets.

Attachments