search cancel

User policy conditions don’t match after upgrade to 6.7.4.2 when using Web VPM

book

Article ID: 173557

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Advanced Secure Gateway (ASG) version 6.7.4.2,  ProxySG  version 6.7.4.2, and Reverse Proxy (RP) version 6.7.4.2 have been removed from general availability on the customer download site but is available upon request in Limited Availability (LA).  SGOS Release 6.7.4.2 contained an issue in the Web Visual Policy Manager (Web VPM)  that could result in changes to the installed policy with no warning displayed.

The new Web VPM should NOT be used in ASG/SG/RP 6.7.4.2. If it has already been used, Symantec recommends that proxy administrators verify their existing policy and then download ASG/SG/RP version 6.7.4.3 which contains a fix for this issue.
 

 

Cause

In SGOS 6.7.4.2, a defect in the code causes a problem where user objects created or reinstalled using the Web VPM get changed to group objects. This causes the rule referencing such objects to not match during evaluation. For example, a rule referencing such an object that is configured to deny access to a web site will allow access after using the Web VPM. This issue is identified as bug SG-8612.

Resolution

Upgrading to SG/ASG/RP 6.7.4.3 will fix the issue by correcting the erroneous policy.