Warning: Unknown application name: ‘May 2018 Application Classification Update’

book

Article ID: 171631

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

When updating or compiling policy, a Warning is reported.

When the new application names take effect on 31 May 2018 between 00:00 UTC and 04:00 UTC, policy referencing old application names will no longer function until policy is updated to use the new application names.

For example, if you have a reference to the “Hotmail” application, you may see the following message:
Warning: Unknown application name: 'Hotmail'

Cause

An enhancement to the Symantec Application Classification feature is scheduled to become effective on May 31, 2018 between 00:00 UTC and 04:00 UTC.

The Application Classification feature is part of

  • Symantec WebFilter, formerly known as Blue Coat WebFilter (BCWF)
  • Symantec Intelligence Services Standard and Advanced (IS-Standard, IS-Advanced), formerly known as Blue Coat Intelligence Services

This notification contains information to assist customers in assessing the potential impact of these changes on their environments so that they can adjust accordingly.
 

ProxySG/ASG/Virtual SG Considerations

The renaming and removal of categories will be applied to the Application Classification database on May 31, 2018 between 00:00 UTC and 04:00 UTC.

These enhancements will be released as part of the Application Classification database download and will automatically appear in the policy editor, also known as Visual Policy Manager (VPM).

  •  In all SGOS versions where you maintain policy via the VPM, existing destination objects with references to old application names will no longer list the old applications.
  •  Application policy is case-insensitive. Therefore, for the 10 applications where only case changes were made, no action is needed.

Environment

  • Symantec Web Filter (formerly BCWF) customers with ProxySG/ASG/Virtual SG running SGOS versions: 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.2 and earlier, 6.7.1 and earlier
  • All Symantec WebFilter (formerly BCWF) customers

NOTE: For the effect on Intelligence Services (IS) subscriptions please see the article: Deprecation warning: ‘May 2018 Application Classification Update’

Resolution

When the new application names take effect on May 31, 2018 between 00:00 UTC and 04:00 UTC, policy referencing old application names will no longer function until policy is updated to use the new application names.

Therefore, if you reference any of the renamed applications in policy you must update your policy to use the new name.

Action Required

This section is not intended to provide a precise step-by-step list of instructions but rather a high-level overview of how to approach the maintenance window for earlier versions of ProxySG/ASG/Virtual SG. Adjust this process as needed to comply with your organization's change-control and quality-assurance procedures.

 

Preparation

  1. Download the test database from Application Update 2018 - Test Database and copy your existing policy to your test environment.
  2. Locate any affected application names that are due to be changed from the KB listed above (https://support.symantec.com/en_US/article.INFO5408.html).
  3. Make any necessary adjustments so that all application names reflect the newer names outlined in this document. This is also a good opportunity to remove any policy references to applications that will be removed.
  4. Make sure your policy compiles without any application-name warnings.
  5. Test your policy to ensure that it operates as expected.

 

Maintenance Window

  1. Shortly before the maintenance window on May 31, 2018 between 00:00 UTC and 04:00 UTC, temporarily disable BCWF and BCIS database updates.
  • During the time that the updates are disabled, WebPulse is still operational and providing protection.
  • To disable WebFilter updates from the CLI, enter config mode, content-filter mode, and  bluecoat mode. Enter this command:

#(config bluecoat) no download auto

  • To disable Intelligence Services updates from the CLI, enter config mode and then  application-classification mode. Enter this command:
#(config application-classification) download url " "
  1. Wait until the Symantec maintenance window ends.
  2. Update your policy according to the changes you made in the Preparation section.
  3. Re-enable the database updates. Your device should download the new database containing the application changes detailed in INFO5408.
  • To enable WebFilter updates enter config mode, content-filter mode and  bluecoat mode. Enter this command:

#(config bluecoat) download auto

  • To enable Intelligence Services updates enter config mode and then  application-classification mode. Enter this command:
#(config application-classification) no download url
  1. Make sure your policy compiles without any application name warnings.
  2. Test your policy to ensure that it operates as expected.

 

Policy Changes Needed for Removed Applications

On May 31, 2018 between 00:00 UTC and 04:00 UTC, removed application names that are referenced in policy will generate a benign warning message as a reminder to update policy. The application name changes will have no impact because they will never have a match, even before the name changes are applied. The warning can be resolved by removing policy that references the removed applications.