[ALERT] User policy conditions do not match after upgrade to 6.7.4.2 when using Web VPM

book

Article ID: 185066

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Advanced Secure Gateway (ASG) 6.7.4.2,  ProxySG 6.7.4.2, and Reverse Proxy (RP) 6.7.4.2 have been removed from general availability on the customer download site but is available upon request in Limited Availability (LA).  SGOS Release 6.7.4.2 contained an issue in the Web Visual Policy Manager (Web VPM)  that could result in changes to the installed policy with no warning displayed.

The new Web VPM should NOT be used in ASG/SG/RP 6.7.4.2. If it has already been used, Symantec recommends that proxy administrators verify their existing policy and then download ASG/SG/RP version 6.7.4.3 which contains a fix for this issue.

In SGOS 6.7.4.2, a defect in the code causes a problem where user objects created or reinstalled using the Web VPM get changed to group objects. This causes the rule referencing such objects to not match during evaluation. For example, a rule referencing such an object that is configured to deny access to a web site will allow access after using the Web VPM. This issue is identified as bug SG-8612.

Resolution

Bug SG-8612 has been resolved.

Upgrade to SG/ASG/RP 6.7.4.3 to resolve the issue and correct the erroneous policy.